I have a Cisco Umbrella environment in a multi-site environment that spans across multiple subnets. We have workstations configured that simply use the Umbrella software to enforce DNS to connect to internal appliances with the following type of network:

10.10.0.1/24 with the DNS appliances running on 10.10.0.10 and 10.10.0.11

For the first site that is on this subnet it works fine and it is able to understand that 10.10.0.x is a local subnet so it does not send DNS requests out to 208.67.222.222 and instead hits a local resolver. This seems to be configured as an "internal network" on the Cisco Umbrella site.

My issue and what I am trying to determine best practices for is that we now have a set of servers on our 10.10.10.1/24 network but all users are unable to access it since it thinks that sending the request out to the public resolvers and it is unable to reach these servers. This makes sense since how will it know that is a local network. I can create a second local network but that seems to be paired in a 1-to-1 relationship to the site name so a workstation in the Default Site can only have 1 internal network for this to work correctly.

How then, do I set this up correctly? Is there a way to add multiple networks somewhere else so it can route properly? Or should I be expanding my subnet and creating an internal network of "10.10.0.0/20" since this would include all internal subnets we use.