I have found some old threads regarding this, but they seems to be some years old. E.g. openVPN - Split-tunneling DNS priority
I'm on Windows.
I'm connected to a local network with local DNS.
I use OpenVPN to connect to another network, this network have resources available at *.example.com.
Is it even possible to have one DNS for *.example.com and another for everything else? I know I can setup a local DNS on my machine to solve it, or enter all the hostnames of example.com in my local hosts-file.
I am afraid it is not possible as DNS resolver do the work independently on what you are resolving...
On Windows there is one "feature" that default metric on interface is used also to priority (order) setting related to DNS server(s) which to use for resolving. So based on which DNS server (if local one or on VPN reachable network) you are planning to use you should set up default metric on TAP interface before the connection is established.
Only option could be (depends on specific behaviour of resolver) to set up DNS server on VPN to resolve only specific domains and not do recursion. So once the DNS server doesn't offer answer "for the rest of zones" it may be possible that local DNS resolver on the system can try next DNS server. So for sure once the VPN's DNS server (at least for the view) will do the recursion the other DNS server will not be used... Anyway this behaviour on DNS resolver side (client) may vary on implementation :-(.
Most VPN clients have a setting to override the DNS server settings when you open the VPN connection, but this will forward all DNS queries to the corporate DNS servers. Having different conditional forwarders for different domains is only possible if you run a DNS server on the machine running the VPN.
There are some VPN clients that correctly implements Split DNS when you are connected to your OpenVPN VPN(s). With these clients I'm able to connect to multiple remote OpenVPN VPNs at the same time, and use different DNSes for each domain in each VPN connection.
For Windows and MacOS you can use Viscosity. It's not free, but it works.
In modern linux desktops, I use Ubuntu, split DNS is activated by default when you add the appropiate packages for NetworkManager and your desktop (NetworkManager has all the magic to talk to systemd-resolved to setup the appropiate split dns at each connection).
I seem to have to figure this out whenever I update OpenVPN so here is what I've discovered on the latest, as of this writing, 2.5.4-I603.
Typically, this problem is resolved using the "block-outside-dns" option forcing all DNS queries through the VPN. In my case, however, I have local Intranet in my home with devices I want to reach, as well, and my VPN DNS knows nothing of them.
My default gateway must remain my local router but my VPN server pushes the VPN network routes to the client so that is not an issue. I only need my VPN DNS to be queried before my ISP DNS so the VPN IP address will be returned for those hosts that have public IP addresses, as well (split-DNS), and those that exist only on the VPN network.
To accomplish this, my OpenVPN interface must have the lowest "Interface Metric," not to be confused with the "Route Metric," which I always do.
You can set the Interface Metric from the command line and here is an excellent example of how to do that.
This can also be done from the OpenVPN client config file:
Unfortunately, even with the latest OpenVPN version, this requires Administrator privileges.