SSL VPN - Enforce DNS search order

Question

Hi,&nbsp;
On the SSL VPN, What does it mean "Enforce DNS search order" on the DNS/Hosts Tab of it?&nbsp;
I am using split tunnel for the SSL VPN, so should that box be ticked or unticked?&nbsp;
Thanks &nbsp;

youssef1 · Answer

Hi,
Response from F5:
If you look at the IPv4 properties of the PPP adapter that is created you should see the DNS servers listed. You should also see them if you type in "ipconfig /all" at a command prompt (assuming Windows client).
For the Enforce DNS search order it is described as:
When this setting is enabled, APM continuously checks the DNS order on the network interface, 
and sets the network access-supplied entries first in the list if they change during a session. 
To use your local DNS settings as primary and the network access-supplied DNS settings as secondary, 
clear this setting. This might be useful when split tunneling is in use and the client connects 
remotely.

So as you can see this is used to keep the tunnel DNS servers as a higher priority than your local DNS.
For the Static Hosts it is described as:
Type IP address and host name pairs to specify static hosts.
This is basically just adding entries to the local hosts file of the client for name resolution. You would use this for instances where you don't have the entry in DNS.
FYI: https://devcentral.f5.com/questions/dns-entry-in-the-apm

Forum Discussion

SSL VPN - Enforce DNS search order

1 Reply

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Enforce Server Cipher proposal in preferred order

iRule Event Order Flowchart

BoT Defense Profile, Signature Enforcement

How to search the latest security academic papers

Order of cookies