So you have decided to use Cisco Umbrella or OpenDNS as your recursive DNS. Good choice! You update your internal DNS servers to point to 22.214.171.124.
All done, right?
Then you check your firewall logs and notice there are devices sending DNS queries directly to public DNS servers. How can you force those devices to use 126.96.36.199?
First you need to identify which external DNS servers are being used. Then you need to NAT DNS requests to those external DNS servers to the OpenDNS server.