Re: Version 1.9.4 DNS Issues
Posted: Wed Sep 22, 2021 9:02 am
Hi rps,
If you are pushing no routes, no traffic should be going through the VPN thus DNS not resolving shouldn't be an issue in this case. The users local DNS servers should be answering connections. The exception here is if you are forcing users to Full DNS, of which case the local DNS servers will not be used and the user will fail all DNS requests as none will be available.
In this setup of selectively pushing routes, it may be better selectively pushing DNS Modes as well or instead. In the scenario where you push no routes for the user, you would be better off also pushing a DNS Mode of 'disabled'. In a scenario where you want all the users DNS to go through the VPN, you would be better off pushing a DNS mode of 'full'. Information on pushing DNS modes can be found here - https://sparklabs.com/support/kb/articl ... h-dns-mode
Regards,
Eric
If you are pushing no routes, no traffic should be going through the VPN thus DNS not resolving shouldn't be an issue in this case. The users local DNS servers should be answering connections. The exception here is if you are forcing users to Full DNS, of which case the local DNS servers will not be used and the user will fail all DNS requests as none will be available.
The DNS servers provided by the VPN can potentially be identical to the DNS servers provided via DHCP on the LAN interface.In this scenario, DNS requests will only go to which ever interface has the most accurate route. If you are set to Full DNS, but the local interface has the closer matching route for the DNS server, all DNS will fail. If you are set to Split DNS but the VPN has the closer matching route, only split-dns lookups will work. The log will show how DNS is setup as well as what is reachable - https://sparklabs.com/support/kb/articl ... envpn-log/
In this setup of selectively pushing routes, it may be better selectively pushing DNS Modes as well or instead. In the scenario where you push no routes for the user, you would be better off also pushing a DNS Mode of 'disabled'. In a scenario where you want all the users DNS to go through the VPN, you would be better off pushing a DNS mode of 'full'. Information on pushing DNS modes can be found here - https://sparklabs.com/support/kb/articl ... h-dns-mode
Regards,
Eric