Community discussions

MikroTik App
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Undocumented ipsec mode config option split-dns ?

Mon Dec 21, 2020 5:16 pm

When I print my mode config options, I see something like this:
 /ip ipsec mode-config> print
Flags: * - default, R - responder
 0 *  name="request-only" responder=no use-responder-dns=exclusively

 1  R name="modeconf vpn.mydomain.com" system-dns=no static-dns=10.0.88.1 address-pool=pool.mydomain.com
      address-prefix-length=32 split-include=192.168.13.0/24 split-dns=""
The mode-config is documented here: https://wiki.mikrotik.com/wiki/Manual:I ... de_configs but the split-dns option is missing. I can see that it is a string, but what does it mean? What is it for?
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Undocumented ipsec mode config option split-dns ?

Tue Dec 22, 2020 8:21 pm

Split DNS can be used to tell the VPN client to query specific DNS domains over the provided DNS server, rather than all DNS requests.
For example, you can input "corp.local", and the client would only query DNS queries for "*.corp.local" over the VPN-provided DNS, rather than all DNS queries.

It's the same concept as for split-routing, applied to DNS.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Undocumented ipsec mode config option split-dns ?

Tue Dec 22, 2020 9:08 pm

just i want to add something here, if you want to use that features by using windows machine you would be not able to get , because windows doesn't support it
 
nagylzs
Member
Member
Topic Author
Posts: 353
Joined: Sun May 26, 2019 2:08 pm

Re: Undocumented ipsec mode config option split-dns ?

Sun Apr 04, 2021 11:24 pm

Thanks. Sorry for the late reply. Does mikrotik ipsec ikev2 client support split-dns? I can only see that modeconf has this option on the server side.

Who is online

Users browsing this forum: Amazon [Bot], xrlls and 83 guests