Due to the limitation from Apple, Pulse Secure recommends the following options:
- If search client DNS is configured first, all DNS requests will be sent to the client DNS servers; except for DNS requests made to the domains, which are configured on the PCS device. DNS request for domain names configured on the PCS device requests are sent to the PCS device DNS servers.
- If search Device DNS is configured first, all DNS requests will be sent to the device DNS servers; except for DNS requests made to the domains specified on the client device (if any).
If the PCS DNS servers are not able to resolve public domains, the recommendation would be to configure Search client DNS first, then device, then
specify the DNS Domains
on the PCS DNS servers should resolve on the connection profile. This will ensure that the public domains are resolvable by the client DNS servers and the corporate DNS Domains (which are configured on the PCS device DNS service) can be resolved by the PCS device DNS servers.