Preview Tool

Cisco Bug: CSCvi23971 - DNS Queries for Split DNS Domains Sent Publicly When Client-Bypass-Protocol Enabled

Last Modified

Aug 15, 2018

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases


Description (partial)

When split-dns values are added to an AnyConnect group-policy, AnyConnect will only send queries for those domains over the private tunnel; however, if client-bypass-protocol is enabled for IPv4 or IPv6, queries will be sent out of the bypassed protocol's public adapter.

Seen when the following conditions are ALL met:

1) 'client-bypass-enable', 'split-tunnel-all-dns disable', and 'split-dns value' are all configured under the same group-policy

2) AnyConnect is configured to give out IPv4 addresses OR IPv6 addresses - not both

3) The client machine has both IPv4 and IPv6 enabled on their NIC
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.