Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4091
Views
0
Helpful
6
Replies

DNS split tunnelling

badcop
Level 1
Level 1

‎05-09-2022 02:24 AM

Hi,

 

I recall some time ago a release note for AnyConnect to support "dns split tunneling" where you could send specific domains to the user's local DNS server and then tunnel the rest to the headend, 

 

Does anyone know how or where to configure the "DNS split tunneling" not to be confused with traffic split tunneling?

Labels:
0 Helpful
6 Replies 6

Sheraz.Salim
VIP
VIP

‎05-09-2022 02:48 AM

Aaron Woland from Cisco have wrote a detail document with explaining why and how to configured this Dns dynamic split tunneling

 

Here you will find the Link to Aaron Woland web page.

please do not forget to rate.
0 Helpful

badcop
Level 1
Level 1
In response to Sheraz.Salim

‎05-09-2022 03:21 AM

Hi,

 

Unless I'm mistaken the guide is with regards to tunneling traffic not specifically DNS requests.

 

Example:

1. requests for facebook.com > uses local name server

2. Requests for youtube.com > uses local name server

3. all other DNS requests use the name server in the Anyconnect config.

 

I already have split tunneling for RFC1918 addresses, what i want to do is not send DNS requests for say Youtube or Facebook over to the corporate name servers instead they specifically should use the user's local name server. Purely from the DNS perspective. 

0 Helpful

badcop
Level 1
Level 1

‎05-09-2022 03:24 AM

AnyConnect 4.10.01075 New Features

This is a maintenance release that includes the following features and support updates, and that resolves the defects described in AnyConnect 4.10.01075:

  • Added split DNS for split exclude tunneling (CSCuq89328)—When split DNS for split exclude tunneling is configured, specific DNS queries are sent outside the VPN tunnel, to a public DNS server. All other DNS queries are tunneled to a VPN DNS server.

0 Helpful

Sheraz.Salim
VIP
VIP
In response to badcop

‎05-09-2022 04:01 AM

Hi badcop yes the 4.10 has addresses the DNS split exclude tunneling

 

-Added split DNS for split exclude tunneling (CSCuq89328)—When split DNS for split exclude tunneling is configured, specific DNS queries are sent outside the VPN tunnel, to a public DNS server. All othe DNS queries are tunneled to a VPN DNS server. 

please do not forget to rate.
0 Helpful

Saurabh Dhakate
Cisco Employee
Cisco Employee

‎05-10-2022 12:32 AM

You found out the right CDETS per your requirement. Just wanted to clarify you know that you would need to configure split-exclude tunnelling configuration. So whatever domains configured in split-dns would be queries outside of tunnel and rest all would be queries through the tunnel. 
Also, please note that split-DNS with split-exclude configuration is done with custom attributes. Please refer "Configure Split DNS for Split Exclude Tunneling" section of the AnyConnect admin guide.

0 Helpful
Customers Also Viewed These Support Documents