When deploying the virtual appliance component of Umbrella we recommend the following for DNS configuration on any internal DNS servers:
1. On the DNS server adapter settings, use the loopback address (127.0.0.1) so that the server will use itself for DNS resolution. The second entry should be another internal DNS server.
2. On the forwarder settings of the DNS server, we recommend using the Umbrella Anycast IPs (18.104.22.168/22.214.171.124) rather then the virtual appliance IPs. This does limit the ability to see the source IP when viewing reports but avoids any problems with DNS loops if there is a misconfiguration on either the VA or internal DNS server.
3. If the server also acts as a mail server, the best option is to point to your ISPs DNS servers or other recursive resolvers such as those provided by your ISP. We outline potential problems with using Umbrella on mail servers in the following articles: