Showing results for 
Search instead for 
Did you mean: 

Missing X-CSTP-Split-DNS headers?


I can successfully connect to my office Cisco AnyConnect VPN but I have some trouble accessing the office network because I can't resolve some private domain names.

The private domains I have problems resolving are like "example.bcgov" I think the problem is that I don't get an 'X-CSTP-Split-DNS: bcgov" header from the VPN gateway, so my client uses my ISP DNS server to resolve these domains (which is wrong).

Here is the output of running "openconnect -s env -v":

Is there anything special I need to do to request the "X-CSTP-Split-DNS" headers from the VPN gateway? Can I do anything to confirm that these headers are entirely missing from the gateway's responses? And how should I reconfigure the gateway so it sends these headers?


1 Accepted Solution
3 Replies 3

Thank you very much Marcin, I shared these details with the VPN administrator.

Thanks again for these details Marcin, I shared them with the VPN administrator. He says that the VPN gateway does normally append the "bcgov" suffix to the VPN DNS configuration, but I am still not seeing "bcgov" or X-CSTP-Split-DNS headers anywhere in the responses from the gateway:

Is it possible that the "bcgov" domain or X-CSTP-Split-DNS headers are sent only in some responses from the gateway and not others? (Could the gateway be configured with the "bcgov" domain but there is something about my communication with the gateway causing the domain to be omitted from these responses?)

Is there some auxiliary way that the gateway might be configured to append the "bcgov" suffix to the VPN DNS configuration? (Such that I am not seeing it in the responses from the gateway?)  Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: