External DNS Settings under DHCP Server

  • Hi there,

    If I have DNS Resolver setup and some DNS Servers entered in the General Setup which DNS Resolver uses, what happens if I specifically enter an external DNS IP for an interface?  Does the client still get the benefit of DNS Resolver cache or is that bypassed altogether?

    Here's my use case:

    • I want to have DHCP for an interface for an interface (say Guest LAN)
    • I also want to block HTTPs traffic (i.e SSL intercept especially porn sites).  From my reading it appears you need to enable CA certificates and import them into every client, which may be near impossible with 100s of clients which may change (public clients)
    • Have DNSSEC enabled under DNS Resolver

    So here's my current thinking

    Under DHCP for that interface, enter the IP for Norton ConnectSafe (which seems to support DNSSEC, OpenDNS doesn't) as the first entry under DNS

    Question is, by entering a manual IP address of Norton, am I bypassing and negating the benefits of the DNS Resolver function and going straight to Norton DNS?