blog

While providing windows dial-in vpn clients with the dns servers addresses of the internal network using the dhcp-option DNS parameter, I found out that the name resolution didn't work reliably. After some research it turned out that this was due to windows just adding the provided dns addresses to the ones already present on the system, and using all of them for the actual name resolution.

Luckily, openvpn already provided a solution for these windows clients: it's enough to add the block-outside-dns option. This is sufficient to make windows resolve names using the provided internal dns addresses only.