05-09-2022 02:24 AM
Hi,
I recall some time ago a release note for AnyConnect to support "dns split tunneling" where you could send specific domains to the user's local DNS server and then tunnel the rest to the headend,
Does anyone know how or where to configure the "DNS split tunneling" not to be confused with traffic split tunneling?
05-09-2022 02:48 AM
Aaron Woland from Cisco have wrote a detail document with explaining why and how to configured this Dns dynamic split tunneling
Here you will find the Link to Aaron Woland web page.
05-09-2022 03:21 AM
Hi,
Unless I'm mistaken the guide is with regards to tunneling traffic not specifically DNS requests.
Example:
1. requests for facebook.com > uses local name server
2. Requests for youtube.com > uses local name server
3. all other DNS requests use the name server in the Anyconnect config.
I already have split tunneling for RFC1918 addresses, what i want to do is not send DNS requests for say Youtube or Facebook over to the corporate name servers instead they specifically should use the user's local name server. Purely from the DNS perspective.
05-09-2022 03:24 AM
This is a maintenance release that includes the following features and support updates, and that resolves the defects described in AnyConnect 4.10.01075:
Added split DNS for split exclude tunneling (CSCuq89328)—When split DNS for split exclude tunneling is configured, specific DNS queries are sent outside the VPN tunnel, to a public DNS server. All other DNS queries are tunneled to a VPN DNS server.
05-09-2022 04:01 AM
Hi badcop yes the 4.10 has addresses the DNS split exclude tunneling
-Added split DNS for split exclude tunneling (CSCuq89328)—When split DNS for split exclude tunneling is configured, specific DNS queries are sent outside the VPN tunnel, to a public DNS server. All othe DNS queries are tunneled to a VPN DNS server.
05-09-2022 04:14 AM
05-10-2022 12:32 AM
You found out the right CDETS per your requirement. Just wanted to clarify you know that you would need to configure split-exclude tunnelling configuration. So whatever domains configured in split-dns would be queries outside of tunnel and rest all would be queries through the tunnel.
Also, please note that split-DNS with split-exclude configuration is done with custom attributes. Please refer "Configure Split DNS for Split Exclude Tunneling" section of the AnyConnect admin guide.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide