The SecureDNSAgent uses Wireguard VPN to connect to the SecureDNS servers directly via DNS split tunneling.
In some cases, the customer can have an existing (Wireguard) tunnel already in use for another application. This can have some conflicts on a Windows machine, especially because the SecureDNSAgent will prioritize the SecureDNS Wireguard network adapter metric for all DNS queries when active.
If a use case is present where you would need to connect to a certain domain on (remote) workstations through another specific network adapter, because the internal IP assigned to that other network adapter needs to be used for access purposes, this could solve your problem:
In a Powershell window with administrative rights, you can add a NRPT (Name Resolution Policy Table) rule to route the DNS traffic to a specific networkadapter like so:
Add-DnsClientNrptRule -Namespace "domain.com" -NameServers "10.10.10.10"
- Replace domain.com with the domain that you need access to with another network adapter
- Replace 10.10.10.10 with the IP address assigned to that network adapter.
Deleting the rule can be done like so:
Get-DnsClientNrptRule
- Copy the UID from "Name"
Remove-DnsClientNrptRule -Name "{UID}" -PassThru
- Replace UID with the copied UID from previous step.
This can also be done with GPO.
For more information, please consult the official Microsoft documentation: