Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

VPN: Split DNS for SSL VPN Clients

Perform selective DNS forwarding via the SSL VPN tunnel for a given list of domains to the DNS servers that are pushed to the client when the VPN is established.

All other DNS lookups should be performed to the local DNS servers the client uses. Thus you would be able to look up both instead of having to choose.

59 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    AndreasAndreas shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • MichaelMichael commented  ·   ·  Flag as inappropriate

        This feature is absolutely necessary.
        For example when you have maintenance tasks at a customer with whom you are connected via SSLVPN all day. Then you get the DNS configuration and search domain delivered by the SSLVPN client.

        Since you are still connected to your workplace and local IT infrastructure you lose the local DNS because all requests go to the remote DNS server behind the tunnel.

      • AndreasAndreas commented  ·   ·  Flag as inappropriate

        Bob, with established sslvpn tunnel you can only resolve *remote* internals domains not local ones.
        If you are sitting at customer side for example, e.g. with internal dns largeenterprise.corp and lots of customer systems you could/should resolve/access. Once the vpn tunnel is established, you wont be able to resolve any of these hosts. You have to know ip addresses to access customer system (or even edit your local host file *uhh*). You can only resolve your own servers via vpn, e.g. with domain mycompany.local (and of course all public domains if the dns settings allow this).
        So it would be very nice if both local and remote *internal* domains can be resolved with established sslvpn.

      Feedback and Knowledge Base