@mrmarkuz From another of your posts, thank you
10602
This is working
Create a custom template for /etc/dnsmasq.conf:
mkdir -p /etc/e-smith/templates-custom/etc/dnsmasq.conf/
Create /etc/e-smith/templates-custom/etc/dnsmasq.conf/90forward with the domains you want to forward to a specific DNS like:
server=/local/[server B IP]
server=/[server A domain]/[server A IP]
Apply config:
signal-event nethserver-dnsmasq-save
Also still have each subnet as trusted network plus the openvpn tunnel. but now the clients can join the domain and run the login script.