We're primarily an Ubuntu shop, but have recently configured an OpenVPN network to allow senior management to connect to our servers from their home PCs.
One of the problems we're seeing is a large increase in the number of DNS lookups coming down through the OpenVPN pipes into our DNS server for home web traffic that should be going to their ISP's DNS server and not forwarding through our private DNS server.
That traffic IS successfully stopped at the DNS server, but are there options in XP/Vista/Win7 that will allow us to restrict DNS lookup requests to certain domain names and not send those requests down the OpenVPN pipes?
I am going to go with "No".
Even with split tunneling, I don't think there is a way to make Windows pick and choose a DNS sever based on the asking domain name.
The only thing you could do is have a local DNS server that would do this for you. This local DNS server could be packaged and configured with the VPN client and would refer the client to the correct DNS server. It's possible that such a solution currently exists.
Honestly, I wonder, why do you care about a few extra dns requests?
I'm going to go with user606723, surely he cant be making that many DNS requests that hes taxing your resources, unless its WHAT those reqests are for that you dont want in company logs, in any case, if your that worried about it you could set him up with his own DNS server in a VM and have that one only sync the records from your main server that you want. (internal lan I preseume) I do something similar on one of my servers because of a need to remap our internal LAN's IP addresses for remote clients.
EDIT: Also, depending on how technically savvy he is, you could just have him use IP addresses and not bother even setting up DNS for OpenVPN.
You're looking for Split Tunneling - though I have no idea how to configure it on OpenVPN. It's fairly easy using Cisco gear, from whence I am familiar with it.