Split tunnel configuration fails to split DNS requests

[fran-penedo]

General information

1. Android 12
2. Samsung
3. S21
4. Play store (0.7.37)

Description of the issue

In a split tunnel configuration, I'm pushing a DNS that only resolves local addresses for a domain. The relevant configuration options in the server are:

push "dhcp-option DNS 10.111.0.1" 
push "dhcp-option DOMAIN lan"

This configuration works fine with a Linux client: *.lan and unqualified hosts are resolved in the DNS at 10.111.0.1, while everything else is resolved with the existing DNS for the connection (for example 1.1.1.1). However, in Android the local addresses work fine, while everything else fails. If I try to override the DNS configuration pulled from the server in the app so that both 10.111.0.1 and 1.1.1.1 are used, whichever DNS I use as primary is the only one queried; if it fails to resolve, the secondary is not used. As far as I can understand, the existing DNS servers are fully overridden by the VPN connection and at no point queried.

Is it at all possible to split DNS like this in Android? If not, would it be possible to, at the very least, try the secondary DNS if the primary can't resolve?

Thanks.

[schwabe]

There are two problems here with what you are trying to achieve. First, your configuration does not configure split DNS. It just sets the DOMAIN name to lan. And secondly and more importantly, there is no split DNS support whatsoever on Android. So since the platform does not support split DNS, the app is limited to what the OS provides.

[fran-penedo]

Ah, my apologies, I think I picked up the wrong terminology when trying to look into this issue. Let's forget about split DNS then. Is the behavior I see in Linux not possible in Android then? To be clear: I'd like anything like *.lan to be resolved by my DNS server, while everything else is resolved by the DNS servers already in place for this connection.

I have already considered setting up my DNS server to resolve everything, which is not ideal because it would introduce more latency. I would also need to drop the VPN connection from time to time to use my ISP's DNS server to do whatever it needs to do to set up my connection. This is in fact an issue anyway, independent of what I'm trying to do.

Thank you for taking the time to look into this.