@LuisGon -

So I'm not 100% if you are speaking about a certain Guided Exercise or Lab or which version of the RH362 course you're talking about, but I can give you some general information.

Last time I taught the course and used the course has been a while, but our classroom designs are rougly the same everywhere. The bastion machine is an older one running DNSMasq, but it is only providing DNS for the lab.example.com domain. The classroom machine is not available to students, but it is also the DNS server and is the authoritative DNS server for example.com. The classroom server is actually running BIND (named) service with full configurations. Also, if I recall correctly, the IdM server we can also install and configure as a DNS server and it will be for lab.example.net domain. This might not be done now, but I would imagine there is still an exercise where you use DNS that is integrated in IdM. One of the things we have done in the past is join the systems to the IdM domain and it becomes the DNS server for those systems. So from IdM, depending on where your /etc/resolv.conf points, it likely will go to "classroom" or "bastion". 

In our newest courses, we no longer use DNSMasq, but instead have utility which provides a DNS container (BIND) responsible for lab.example.com and then we have bastion which has the example.com domain instead of classroom. This gets things closer to the students where they can see and experiment a bit more. Classroom will still always be the final DNS stop as it takes care of routing out to the Internet if you have an Internet connected classroom.