You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm extremely sorry to resort to an issue for this, but please feel free to redirect and close:
I can't figure out if the community Windows client can actually implement split DNS or not. For a long time I believed Windows 10 did not have the capability at the OS level, but then I discovered
the Powershell-accessible DnsClient, and specifically the NRPT (Name Resolution Policy Table), also accessible through a GUI system management interface, that claims to be able to apply specific rules for specific domains, which is exactly what one would need for split DNS, and
the new 'dns' config option in v2.6+
Together, those look like they have the capability to make it happen, but two things are stopping me from feeling as though I understand correctly:
I can't find a place in the code that treats the dns option as affecting anything like DnsClient, and
I can't understand what the 'numbers' for dns servers are in the "dns server" option, and whether the choice is completely arbitrary or what it might correspond to
So I guess those are two subquestions to the "can it do split DNS on Windows": 2a) does it use DnsClient (and if not, does it need to), and 2b) are the choices of numbers in the dns server options constrained in some way?
The text was updated successfully, but these errors were encountered:
This is work in progress. As of today, no support for NRPT yet, but it's being worked on.
The "number" (dns server <n>) is a priority table, so you can have DNS servers pushed by the OpenVPN server possibly overruled by the client config, or extended
The --dns server directive is used to configure DNS server n.
The server id n must be a value between -128 and 127. For pushed
DNS server options it must be between 0 and 127. The server id
is used to group options and also for ordering the list of
configured DNS servers; lower numbers come first. DNS servers
being pushed to a client replace already configured DNS servers
with the same server id.
as of today, on windows, the first 4 servers (those with the lowest number) are used - with no further differentiation towards windows - and the rest is ignored.
just so I understand, then: is using NRPT critical to allowing split DNS to work? (I don't really understand what it means to set a domain..or was it the server IP?...on the tun/tap driver)
Yeah, NRPT is the way to do split-DNS on Windows. The domains you enter in the regular UI with the rest of the interface config are just to complete non-fully qualified names during lookup, i.e. search domains.
I'm extremely sorry to resort to an issue for this, but please feel free to redirect and close:
I can't figure out if the community Windows client can actually implement split DNS or not. For a long time I believed Windows 10 did not have the capability at the OS level, but then I discovered
the Powershell-accessible DnsClient, and specifically the NRPT (Name Resolution Policy Table), also accessible through a GUI system management interface, that claims to be able to apply specific rules for specific domains, which is exactly what one would need for split DNS, and
the new 'dns' config option in v2.6+
Together, those look like they have the capability to make it happen, but two things are stopping me from feeling as though I understand correctly:
I can't find a place in the code that treats the dns option as affecting anything like DnsClient, and
I can't understand what the 'numbers' for dns servers are in the "dns server" option, and whether the choice is completely arbitrary or what it might correspond to
So I guess those are two subquestions to the "can it do split DNS on Windows": 2a) does it use DnsClient (and if not, does it need to), and 2b) are the choices of numbers in the dns server options constrained in some way?
The text was updated successfully, but these errors were encountered: