Multiple AdGuard Home instances in multi site setup - how to define private upstreams (forward zones)?

[vaenner-net]

Hi,

I am running a private network for friends and families across multiple sites in Europe (locations A, B, C, ...) connected via a Zerotier network under one domain domain.org.

Each location has it's own private IP address range (A: 10.1.0.0/16, B: 10.2.0.0/16, C: 10.3.0.0/16, ...) and it's private namespaces a.domain.org, b.domain.org, etc. So the whole network "lives" under the domain domain.org and inside the 10.0.0.0/8 IP range.

Every location connects via a FreeBSD based firewall (self customised, no OPNsense etc.) to the internet and the zerotier network. Also, each firewall has its own DHCP (isc) and DNS resolver (unbound) for local IP assignment and name resolution. The firewalls have the IP ..0.1 (e.g. 10.1.0.1).

The DNS servers have forward zones defined for all private locations and upstream DNS servers for the internet. For example (extract):

forward-zone:
    	name: "."
    	forward-addr: 1.1.1.1
    	forward-addr: 1.0.0.1
    
forward-zone:
    	name: "a.doamin.org"
    	forward-addr: 10.1.0.1

forward-zone:
    	name: "b.domain.org"
    	forward-addr: 10.2.0.1

I now want to replace the location's local DHCP server and DNS resolver through AdGuard Home. How do I define the above setup in AGH? As soon as I setup two locations with AGH, the name resolution between the two location "breaks".

Is there a general approach on how to setup up such a multi site scenario?

Many thanks for your help and best regards,
Mark