Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1266
Views
0
Helpful
1
Replies

AnyConnect adding domain suffix to all DNS requests

niko
Level 1
Level 1

‎01-25-2021 02:43 AM

Pretty basic AnyConnect config, GroupPolicy:

 

group-policy XXXX attributes
dns-server value <DNS1> <DNS2>
vpn-filter value <FILTER>
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value <SPLIT_POLICY>
default-domain value company.local

 

When client is connected, domain suffix company.local is added to each and every FQDN request, like when doing "nslookup cisco.com", it would try sending cisco.com.company.local as first request to DNS and then followed by normal cisco.com. If doing some non-FQDN lookup - that would bexpected, as lets say "nslookup internal" would translate to internal.company.local and that is fine.

Is this expected given I've checked at least one other deployment and I'm not seeing the same?

ASA 9.6(4)30, AnyConnect 4.8.03052.

 

Labels:
0 Helpful
1 Reply 1

Dennis Heim
Level 4
Level 4

‎01-12-2023 12:11 PM

DId you ever find a solution to this problem?

0 Helpful
Customers Also Viewed These Support Documents