DNS traffic not always using tunnel
-
I'm having some really weird DNS issues when connected to my VPN. In my VPN server profile, I configure a DNS server and a route over the VPN to the subnet that server is in. We're using split tunneling so only certain traffic, like this, back to our office goes over the VPN. The vast majority of the time, things work just fine. Sometimes, though, DNS traffic goes over my Ethernet interface unencrypted to that DNS server and, obviously, can't make it there. This seems to only happen with certain applications and I'm not sure if, even then, things are 100% consistent. The biggest offender is another VPN client, Forticlient. When I fire this up and try to connect to my other VPN while still on the original OpenVPN, I see a DNS request for an HTTPS record go over my first tunnel and get a response from my DNS server. After I authenticate, I then see a DNS request for an A record go out my Ethernet interface unencrypted and die. This happens every single time I attempt to connect. I see DNS requests associated with other programs also going out unencrypted, but this is the use case I can replicate every single time.
As a workaround, I've configured my VPN to push out a secondary, public, DNS server. This solves any kind of issues I have, but I'd sure like to figure out why this is happening in the first place. FWIW, these issues are happening on a Mac using Tunnelclick as my VPN client and I'm not the only one experiencing this. We don't have a lot of Windows users so I'm not able to confirm if this is an OS specific issue.