Pushed DNS Servers and Search Domains on iOS

Abstract

Understand how DNS servers behave on a mobile device using OpenVPN Connect to connect to a VPN server.

On a split tunnel, where the server doesn't push redirect-gateway, and at least one pushed DNS server is present, you should do one of the following:

Route all DNS requests through pushed DNS server(s) if no added search domains.
Route DNS requests for added search domains only if at least one added search domain.

Example 2. The following directive on the server directs the client to route all DNS requests to 172.16.0.23:

push "dhcp-option DNS 172.16.0.23"

Alternatively, these directives on the server only route foo.tld and bar.tld DNS requests to 172.16.0.23:

push "dhcp-option DNS 172.16.0.23"
push "dhcp-option DOMAIN foo.tld"
push "dhcp-option DOMAIN bar.tld"

Important

With redirect-gateway, the above discussion is moot since all DNS requests always route through the VPN regardless of the presence or absence of added search domains.

In this section:

Pushed DNS Servers and Search Domains on iOS

Important

Search results