Split Tunnel/DNS Issues

[xtophr]

Server configured in a split tunnel fashion, pushing a domain name and a DNS server.

All works fine in iOS, but not Android.

In iOS, anything matching the pushed domain name will use the internal pushed DNS, otherwise, it uses the external DNS.

In Android, if an internal DNS is pushed, internal names work fine, but lookups are not made against the external DNS servers for anything not matching the pushed domain. However, connections via IP address will work externally. The opposite also works; if no DNS is pushed, external names are looked up, and internal addresses are only accessible via IP address.

[janjust]

this is OS specific - Android is based on Linux, which also does not do split-DNS by default ; I'm quite surprised that iOS does allow split-DNS , as you could consider it a security risk.

On Linux it's possible to do split-DNS by modifying the /etc/nsswitch.conf file (IIRC) but I gather this will not be so easy in Android.
There's little OpenVPN can do about this - it is, as I said, OS specific.

[xtophr]

As far as I know, nsswitch only specifies the order of say, checking DNS versus the hosts file or a different service altogether.

Would one relatively easy way this could work, not relying on the OS, be for OpenVPN to set itself locally as the DNS server upon activation of the tunnel, and then forward the request to the appropriate actual DNS server based on pattern match?

[janjust]

that would mean that the openvpn client (also) needs to include a full blown DNS server - that's outside the scope of openvpn , I think

[samuharom]

Hi,

Try this:
push "dhcp-option DNS <your INTERNAL DNS server IP>"
push "dhcp-option DNS 8.8.8.8"

It worked for me on Android.

Samu

[xtophr]

samuharom, does your internal DNS resolve external addresses though?