Split-dns - per user

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
herve
OpenVpn Newbie
Posts: 1
Joined: Fri Dec 10, 2021 4:39 pm

Split-dns - per user

Post by herve » Sat Dec 11, 2021 3:58 pm

Hello,
I'm using OpenVPN AS for a split tunnel.
The user park is a mix of Windows, Macos and Linux machines

I want to set a split dns as part of the split tunnel for the internal domain names we uses. This works relly well (seamless on Linux and Windows machines) but it looks like split dns is not in great shape on Macos. It works for some apps, but a lot of terminal apps do not resolve those domains correctly.
From what I gathered, it seems to be a problem of the DNS system on Macos and this bug has been there for years, so is unlikely to be fixed one day.

Now, on Linux distributions using systemd-resolved, I have the opposite problem. When not using the split dns, those internal domains never resolve using the internal domain name server.

I think I'm in a situation where I cannot have one solution that fits all, so I was looking for one of those two options:
- Is it possible to set split dns settings per user/group on OpenVPN AS
- As an alternative, can I disable the split dns on the server and customize the ovpn profile file given to Linux users with command for split dns

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Split-dns - per user

Post by openvpn_inc » Sat Dec 11, 2021 5:46 pm

Hi,

According to this link, second paragraph:
It is not possible to push a specific DNS server to a specific user or group. The DNS servers that are pushed are set globally, and only the act of pushing it to a user or group can be switched on or off.
So, no.

You might want to try the view feature in named(8). You could run named on the Access Server and use a static IP address for your user. Then push the server as the DNS server, and have named answer that IP address from the proper view.

ISC's BIND 9 ARM documentation

hth, regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply