First, make sure that your clients are pointing to your Windows DNS server. I know this sounds pretty obvious, but you’d be surprised how many people miss this step. If you’re in an Active Directory (AD) environment, your clients really need to be pointing to DNS that is running on your Domain Controller (DC). If you only have one Domain Controller (DC), that’s the IP address you want to use; if you have more than one, use both. (Just don’t forget to make this change on all of your DNS servers!).
After clicking OK, you’ll be taken back to the DNS server’s Properties. It should look something like the screenshot below.
By default, the Use root hints if no forwarders are available will be checked. This option is a double-edged sword: If you leave it checked, your DNS server may consult with the root hints servers to resolve a DNS entry and could bypass OpenDNS. If you don’t check it, you could have DNS timeouts that could result in DNS timeouts.
So, what option do you choose? Well, it really depends on how you’re using OpenDNS. If you’re using OpenDNS as a filter in a situation where the filter always has to work like a school, church, etc., uncheck the box. If it is more important that clients always get timely DNS responses, check the box.
When you’re done, click OK.
Right-click on Cached Lookups in the DNS Manager and choose Clear Cache.
You’re done! Remember, if you have more than one Windows Server 2012/2012 R2 DNS server, you’ll need to perform this change on each one. You’ll also need to run an ipconfig.exe /flushdns on your clients if you want this to start using OpenDNS immediately. Otherwise, you can wait and they’ll move over on their own as items in the DNS cache expire.