cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
283
Views
0
Helpful
1
Replies
Highlighted
Beginner

Split Tunnelung and DNS - understanding

Hi,

I have some troubles to understand, how DNS and split tunneling is working.

In our group policy we have configured "Send All DNS Lookups Through Tunnel" -> no; split-tunnel-all-dns disabled

At home I am using a Pi-Hole which is dns for all clients.
If I am connected to vpn and enter nslookup in windows cmd, I can see our company dns server ip being used.

Now I am opening a browser and go to www.bmw.com for example. I can see this dns request on my Pi-Hole.

If I go to an internal website, I can't see it on the Pi-Hole.

Where is the decision made? How does the system know, where to send the dns request before it knows if the target is tunneled or not?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Hi,

The option you use will force all DNS queries to go through the tunnel to
resolve from the configured DNS servers in your ASA group-policy. However,
if the dNS servers can't resolve the specified domain, it will try to
resolve through your Pi-Hole as last resort. Refer to this.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116016-technote-AnyConnect-00.html

**** please remember to rate useful posts

View solution in original post

1 REPLY 1
Highlighted
VIP Advisor

Hi,

The option you use will force all DNS queries to go through the tunnel to
resolve from the configured DNS servers in your ASA group-policy. However,
if the dNS servers can't resolve the specified domain, it will try to
resolve through your Pi-Hole as last resort. Refer to this.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116016-technote-AnyConnect-00.html

**** please remember to rate useful posts

View solution in original post

Content for Community-Ad