Problem description
Currently, Defguard only allows setting a single domain value in the DNS configuration. If a domain is specified (e.g. domain.local), it is applied as a search domain. If left empty, it defaults to ~. (global routing domain).
Not possible:
DNS: 192.168.1.2,192.168.100.5,domain.local ~.
This creates a limitation when using Linux systems with systemd-resolved, where it is often necessary to define both:
- a search domain (e.g. domain.local) for short hostname resolution
- and a routing domain (~.) to ensure all DNS queries are sent through the intended resolver (e.g. VPN DNS)
Problem:
There is currently no way to configure:
domain.local ~.
This leads to issues such as:
- Short hostnames (e.g. testvm01) not being resolved automatically
- Inconsistent DNS behavior compared to other platforms (e.g. setups where search domains work as expected)
Expected behavior:
Allow configuring multiple domain entries so that both search and routing domains can be applied simultaneously.
Proposed solution
Allow multiple domain values (space-separated), e.g.:
Or provide separate fields for:
- Search domains
- Routing domains
Alternatives considered
Dropping the search domain (domain.local) entirely and relying only on the default ~. routing domain.
This would avoid the configuration limitation, but would also mean losing short hostname resolution (e.g. testvm01 would no longer resolve to testvm01.domain.local).
Impact
Important
Problem description
Currently, Defguard only allows setting a single domain value in the DNS configuration. If a domain is specified (e.g. domain.local), it is applied as a search domain. If left empty, it defaults to ~. (global routing domain).
Not possible:
DNS:
192.168.1.2,192.168.100.5,domain.local ~.This creates a limitation when using Linux systems with systemd-resolved, where it is often necessary to define both:
Problem:
There is currently no way to configure:
domain.local ~.
This leads to issues such as:
Expected behavior:
Allow configuring multiple domain entries so that both search and routing domains can be applied simultaneously.
Proposed solution
Allow multiple domain values (space-separated), e.g.:
Or provide separate fields for:
Alternatives considered
Dropping the search domain (domain.local) entirely and relying only on the default ~. routing domain.
This would avoid the configuration limitation, but would also mean losing short hostname resolution (e.g. testvm01 would no longer resolve to testvm01.domain.local).
Impact
Important