Hi AEK, 

Yes, we tried nslookup and you can see that it seems to use the ISP DNS servers.  You are able to ping the DCs and if you use nslookup but tell nslookup (nslookup <fdqn> <company dns server) to use the company dns servers it will resolve the name, it is almost like there is a preference.  When you do an ipconfig /all you can see that the VPN interface does not populate the splitdns server addresses either.   I will take a look at the guide in case something I can tweak....what is interesting, myself running the latest client do not see any of these splitDNS problems and I am also running Windows 11, but my colleague who is also running Windows 11 is seeing this issue all the time to the point he now uses a local host file to add the entries so he can work. We also tried an older client (7.2.1.0779) which we were told may help but he has the same issue.

Hi Rodia

That's interesting.. Same OS and same client version but different behavior, then I think it may be related to some OS patch difference between the two hosts. As stated in the shared tech tip: "This may occur due to the operating system driver" (which can be changed by a patch).

Hi AEK,

I am checking driver versions as like you say, it really is the only real difference.....as our workstations are controlled via intune and they are pretty much similar make and models, maybe 3 variants at most I will get a list of driver versions and see if something correlates and will come back to the post to update and maybe help others in the same situation.

Hi hbac,

Yes, we have tried both fqdn and non fqdn, for me both work but some of my colleagues splitdns will not work.  For example, the images show my colleague trying to resolve a fqdn address of the domain controller (dns server) but failing, but when using the IP of the domain controller (dns server) it resolves, ironically itself, you can see the failed attempt seems to use their routers gw for dns.  

You can see when I do this either using the IP or the fqdn of the domain controller it works either way.  This is the same for any host my colleague tries, sometimes he may get the odd occasion where splitDNS is working but its very rare which is why he has started to use local hosts file until we can resolve the issue.  We currently have around 5-10 clients reporting this, these are probably heavier users of the VPN but I have heard more reports, but those users are able to work around the problems.

@lrodia,

It might be a known issue with FortiClient 7.2.3. Please refer to https://docs.fortinet.com/document/forticlient/7.2.3/windows-release-notes/991883/known-issues

Regards, 

Hi,

I did see this in the release notes for that particular client, we also tested client 7.2.1.0779 which my colleague is running and having the same issue.  This was suggested to use by Fortinet Support as this shouldn't have splitDNS issues but he is still seeing the issue.  Is there anything I can run on the client possibly, as I mentioned, this user is running Windows 11 also.  I did enable debug logs on the client itself but from what I can see, not much related to DNS queries.