Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Split DNS over a site to site VPN?


I have a remote office that has an 871W and that's using a site-to-site VPN to an ASA 5505.  Currently all DNS traffic is going to the main office for resolution.  Is it possible to configure a split DNS so internal lookups continue across the VPN, but external requests use the remote office ISP?

I do have split tunneling enabled, but I can't figure out how to split the DNS.


Everyone's tags (4)

Re: Split DNS over a site to site VPN?


I've done this in the ASA or Concentrator.
On the ASA you have the option to configure split-dns in environments with split tunneling.
You go under the group-policy to configure the list of domains to be resolved through the
split tunneling.

group-policy sales attributes
split-dns value

I've never done it in IOS routers, but it seems that it can be done.

Hope this link helps:


New Member

Re: Split DNS over a site to site VPN?


I have been trying to get the same feature working and at last succeeded.  I've posted my config below which was added on an 877W, so should be good for you in your scenario too.

ACL 101 is my inbound ACL against Dialer0 interface.



interface BVI1
ip dns view-group mycomp_viewlist

ip dns view  mycomp
domain name-server  192.168.1.x
domain name-server   192.168.1.x
dns forwarder 192.168.1.x
dns forwarder 192.168.1.x
dns forwarding source-interface BVI1
ip dns view default
domain  name-server  212.x.x.x
domain name-server  212.x.x.x
dns  forwarder 212.x.x.x
dns forwarder 212.x.x.x
dns forwarding  source-interface BVI1
ip dns view-list default
ip dns view-list  mycomp_viewlist
view mycomp 5
  restrict name-group 10
view  default 10
ip dns name-list 10 permit .*.mycomp.CO.UK
ip dns  server

access-list  101 permit udp host 212.x.x.x eq domain any gt 1023
access-list 101  permit udp host 212.x.x.x eq domain any gt 1023

CreatePlease login to create content