Is it viable to use Layer7 filtering to selectively route DNS requests to different servers?
I want to use a MikroTik router in an organization as the DNS server. This organization runs Active Directory with only a single Domain/DNS server and relies on it for certain internal resources
However if the server has a hiccup, PC's all lose internet access as DNS is not available
I can't make the MikroTik the DNS server because it isn't part of the Active Directory domain, so certain internal resources won't work
However maybe I can use the MikroTik as a DNS relay, since DNS requests are not encrypted. So could Layer7 inspect the DNS requests, if there's any request for an internal resource (containing their domain name) then send it to the AD Server internally (and masquerade so the reply comes back correctly). Anything else just do a normal forward lookup to Google/Cloudflare
Would this work?