Sounds interesting, and it looks like it covers a lot of what our network VPN does (I can’t get any DNS resolution to any DNS servers other than the designated Corp ones, which is annoying as shit when trying to test other reachable servers). My only concern is if this policy would block local DNS resolution prior to the VPN coming up, as it might introduce a catch 22 where I can’t resolve my VPN endpoint in order to auth and access the internal resolver
Sounds interesting, and it looks like it covers a lot of what our network VPN does (I can’t get any DNS resolution to any DNS servers other than the designated Corp ones, which is annoying as shit when trying to test other reachable servers). My only concern is if this policy would block local DNS resolution prior to the VPN coming up, as it might introduce a catch 22 where I can’t resolve my VPN endpoint in order to auth and access the internal resolver
That’s because you’re using a full tunnel vpn