Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.6+ on Windows: can it actually implement split DNS? #473

Open
dmick opened this issue Dec 7, 2023 · 4 comments
Open

v2.6+ on Windows: can it actually implement split DNS? #473

dmick opened this issue Dec 7, 2023 · 4 comments
Assignees
@d12fk
Labels
enhancement feature Windows

Comments

@dmick
Copy link

dmick commented Dec 7, 2023

I'm extremely sorry to resort to an issue for this, but please feel free to redirect and close:

I can't figure out if the community Windows client can actually implement split DNS or not. For a long time I believed Windows 10 did not have the capability at the OS level, but then I discovered

  1. the Powershell-accessible DnsClient, and specifically the NRPT (Name Resolution Policy Table), also accessible through a GUI system management interface, that claims to be able to apply specific rules for specific domains, which is exactly what one would need for split DNS, and

  2. the new 'dns' config option in v2.6+

Together, those look like they have the capability to make it happen, but two things are stopping me from feeling as though I understand correctly:

  1. I can't find a place in the code that treats the dns option as affecting anything like DnsClient, and

  2. I can't understand what the 'numbers' for dns servers are in the "dns server" option, and whether the choice is completely arbitrary or what it might correspond to

So I guess those are two subquestions to the "can it do split DNS on Windows": 2a) does it use DnsClient (and if not, does it need to), and 2b) are the choices of numbers in the dns server options constrained in some way?
@cron2
Copy link
Contributor

cron2 commented Dec 7, 2023

This is work in progress. As of today, no support for NRPT yet, but it's being worked on.

The "number" (dns server <n>) is a priority table, so you can have DNS servers pushed by the OpenVPN server possibly overruled by the client config, or extended

              The --dns server directive is used to configure DNS server n.
              The server id n must be a value between -128 and 127. For pushed
              DNS server options it must be between 0 and 127. The server id
              is used to group options and also for ordering the list of
              configured DNS servers; lower numbers come first. DNS servers
              being pushed to a client replace already configured DNS servers
              with the same server id.

as of today, on windows, the first 4 servers (those with the lowest number) are used - with no further differentiation towards windows - and the rest is ignored.

@d12fk d12fk self-assigned this Dec 7, 2023
@dmick
Copy link
Author

dmick commented Dec 8, 2023
edited

just so I understand, then: is using NRPT critical to allowing split DNS to work? (I don't really understand what it means to set a domain..or was it the server IP?...on the tun/tap driver)

@dmick
Copy link
Author

dmick commented Dec 15, 2023

@cron2, can you help me understand the above ^ ?

@d12fk
Copy link
Contributor

d12fk commented Dec 15, 2023

Yeah, NRPT is the way to do split-DNS on Windows. The domains you enter in the regular UI with the rest of the interface config are just to complete non-fully qualified names during lookup, i.e. search domains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@d12fk d12fk

Labels
enhancement feature Windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmick @cron2 @d12fk