All done, right?
Then you check your firewall logs and notice there are devices sending DNS queries directly to public DNS servers. How can you force those devices to use 126.96.36.199?
First you need to identify which external DNS servers are being used. Then you need to NAT DNS requests to those external DNS servers to the OpenDNS server.
object network Google-DNS
object network Comcast-DNS
object network OpenDNS
object service DNS-UDP
service udp destination eq domain
object service DNS-TCP
service tcp destination eq domain
object-group network DNS-NOT-2-USE
network-object object Comcast-DNS
network-object object Google-DNS
nat (inside,outside) source static any interface destination static DNS-NOT-2-USE OpenDNS service DNS-UDP DNS-UDP
nat (inside,outside) source static any interface destination static DNS-NOT-2-USE OpenDNS service DNS-TCP DNS-TCP
For more information on Cisco Umbrella visit https://umbrella.cisco.com/