Split DNS over VPN

brent · ‎02-18-2013

Is it possible to set up a domain specific DNS on an ASA 5510?

The problem I am having is that while the site to site VPN is up the DNS servers on the main site are serving ip addresses for the remote site. Main site is on CBeyond and remote is on Time Warner so when doing an nslookup at the remote site it returns one IP address and when the remote site uses google DNS servers it returns another. The main difference being download speed (weird that it relates) as using main site DNS it was 3 hours and google DNS it took 10 minutes. I am looking for a way to serve DNS for the main site domains and for all public domains use google DNS or Time Warner DNS

Sent from Cisco Technical Support iPad App

Andrew Phirsov · ‎02-18-2013

I think you can use split-dns command under group-policy configuration, and specify wich domains should be resloved through the tunnel.

brent · ‎02-20-2013

I think that works for client VPN, but I can't find anything in site-to-site.

Sent from Cisco Technical Support iPad App

rgruber · ‎02-20-2013

Does this help you at all?

group-policy XXXgroup internal

group-policy XXXgroup attributes

dns-server value XXX.XXX.XXX.XXX

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

default-domain value domain.local