Bypass Internal Domains from DNS-over-HTTPS (DoH)
Cisco Secure Access provides a secure DNS-over-HTTPS (DoH) service for resolving domain names. However, some customers may prefer to bypass this service in the following scenarios:
- When internal domains need to be resolved through internal DNS servers instead of Secure Access DoH resolvers, which cannot resolve these domains.
- When split domains require different resolutions when accessed internally and externally.
To bypass internal domain DNS resolution, use the DNS over HTTPS included and excluded domains feature in the Google Admin console. This feature allows administrators to exclude specific domains from being resolved by Secure Access DoH resolvers, ensuring that internal DNS infrastructure handles these queries.
This solution offers customers the flexibility to manage DNS resolution for specific internal domains through their internal DNS infrastructure.
Note: The DNS over HTTPS included and excluded domains feature is supported starting from ChromeOS version 131. For more details, see the ChromeOS 131 release notes.