Product Documentation

Supporting DNS Queries by Using DNS Suffixes for Android Devices

Feb 03, 2014

When users establish a Micro VPN connection from an Android device, NetScaler Gateway sends split DNS settings to the user device. NetScaler Gateway supports split DNS queries based on the split DNS settings you configure. NetScaler Gateway can also support split DNS queries based on DNS suffixes you configure on the appliance. If users connect from an Android device, you must configure DNS settings on NetScaler Gateway.

Split DNS works in the following manner:

  • If you set split DNS to Local, the Android device sends all DNS requests to the local DNS server.
  • If you set split DNS to either Remote or Both, the Android device sends the DNS request based on the DNS suffixes. The setting Both is the default setting. If the DNS request ends with one of the configured DNS suffixes, the request is sent to NetScaler Gateway for resolution; otherwise, the request is sent to the local DNS server. For this reason, you must configure the DNS suffix when you set split DNS to Remote or Both.
  • If a DNS A record query matches the NetScaler Gateway fully qualified domain name (FQDN) to which users connect with a VPN connection, the user device replies with a cached local DNS server response. For example, if users establish a VPN connection to mycompany.ng.com and if the user device makes a DNS request for mycompany.ng.com, the DNS response comes from the cached DNS response. This is true even if the NetScaler Gateway FQDN matches the configured DNS suffix.

    If the DNS query does not contain a domain name, DNS requests are sent to NetScaler Gateway for resolution. For example, a user is connecting to an internal web site, such as mycompany and the DNS query is sent to NetScaler Gateway for resolution. If you configure split DNS to either Both or Remote, if users enter the full FQDN, mycompany.nginternal.com, the DNS resolution occurs based on the DNS suffix.

  • If the DNS query is not a DNS A record, the DNS query strictly follows the NetScaler Gateway split DNS setting.

For more information about configure DNS suffixes, see Configuring a DNS Suffix.

To configure split DNS globally on NetScaler Gateway

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway and then click Global Settings.
  2. In the details pane, under Settings, click Change global settings.
  3. On the Client Experience tab, click Advanced Settings.
  4. On the General tab, in Split DNS, select Both, Remote, or Local and then click OK.

To configure split DNS in a session policy on NetScaler Gateway

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway > Policies and then click Session.
  2. In the details pane, on the Policies tab, click Add.
  3. In Name, type a name for the policy.
  4. Next to Request Profile, click New.
  5. In Name, type a name for the profile.
  6. On the Client Experience tab, click Advanced Settings.
  7. On the General tab, next to Split DNS, click Override Global, select Both, Remote, or Local and then click OK.
  8. In the Create Session Policy dialog box, next to Named Expressions, select General, select True value, click Add Expression, click Create and then click Close.