Forum Discussion
Skype split tunneling - adding external DNS entry to internal DNS servers
Thanks. We have looked into DNS doctoring but our network team would prefer not to implement it hence wondering if we could just add the lyncdiscover record to our internal AD DNS servers, and by preventing clients from reaching the internal addresses over VPN (using client firewalls) force Skype external.
We are not using Server 2016 DNS yet so don't have the options that offers for split tunnel scenarios so we wouldn't be able to change the other internal address resolutions (such as those you suggest need to resolve to 127.0.0.1) so not sure if this would work? If it is simply name resolution that the client goes on, and lyncdiscoverinternal would still resolve then we wouldn't be able to try this, but if we could rely on the Skype client trying internal, failing and then going external it could be an option??
Thanks
Mark
Skype client will try with lyncdiscoverinternal.<domain> before lyncdiscover.<domain> so there you will hit the first problem if you don't do DNS doctoring or use separated DNS for VPN and internal.
So if you can block lyncdiscoverinternal, point lyncdiscover to public IP, point meet etc to public addresses and block access to internal servers it should work for you.
- Thanks. Will test out.
Mark