Page 1 of 1

Split-dns - per user

Posted: Sat Dec 11, 2021 3:58 pm
by herve
Hello,
I'm using OpenVPN AS for a split tunnel.
The user park is a mix of Windows, Macos and Linux machines

I want to set a split dns as part of the split tunnel for the internal domain names we uses. This works relly well (seamless on Linux and Windows machines) but it looks like split dns is not in great shape on Macos. It works for some apps, but a lot of terminal apps do not resolve those domains correctly.
From what I gathered, it seems to be a problem of the DNS system on Macos and this bug has been there for years, so is unlikely to be fixed one day.

Now, on Linux distributions using systemd-resolved, I have the opposite problem. When not using the split dns, those internal domains never resolve using the internal domain name server.

I think I'm in a situation where I cannot have one solution that fits all, so I was looking for one of those two options:
- Is it possible to set split dns settings per user/group on OpenVPN AS
- As an alternative, can I disable the split dns on the server and customize the ovpn profile file given to Linux users with command for split dns

Re: Split-dns - per user

Posted: Sat Dec 11, 2021 5:46 pm
by openvpn_inc
Hi,

According to this link, second paragraph:
It is not possible to push a specific DNS server to a specific user or group. The DNS servers that are pushed are set globally, and only the act of pushing it to a user or group can be switched on or off.
So, no.

You might want to try the view feature in named(8). You could run named on the Access Server and use a static IP address for your user. Then push the server as the DNS server, and have named answer that IP address from the proper view.

ISC's BIND 9 ARM documentation

hth, regards, rob0