VPN DNS problem
We have two businesses. Each runs a small network with DNS and various services (mail, MySQL, file storage etc), some of which are available externally via a public IP address (eg mail services) and some are only available on the LAN or via VPN.
We use FQDN throughout the businesses, so when we are on the LAN, mail.company1.com will resolve to the local IP address, and when in the outside world mail.company1.com will resolve to the public IP address of the network.
filestore.company1.com also resolves to the same public IP address, and the router takes care of which server to send the request to. Some services like database.company1.com are only accessible on the LAN, for security reasons, but can be accessed via VPN.
So, I'm physically located at company 2, where filestore.company2.com resolves to the LAN IP address of filestore, and I also want to connect to a database in company 1.
I connect to company 1's VPN, so now I'm using company 1's DNS, and database.company1.com resolves correctly to the LAN IP address of the database server, so I can talk to it.
But. The VPN is set to highest priority in the network interface config, so when I now try to resolve filestore.company2.com, it's the DNS server at company 1 which gets asked, and it returns the public IP address of that FQDN rather than the local IP address. This means that the communication goes out to the world and comes back, rather than staying inside the network. This is effectively an incoming connection which, due to firewall configurations, might not work at all - meaning that as soon as we connect to the VPN, local services stop working.
If I change the network priority, so that ethernet is above VPN, I have the opposite problem. Now, local services at company 2 work fine, but if I try to connect to database.company1.com, the local DNS server returns the public IP address of company1, so instead of going through the VPN the connection goes out to the internet, and then gets blocked on the way back into company 1's network.
So what I need to figure out is a way of telling the client computer at company 2 that, when the VPN is connected, it should use company 1's DNS for lookups for company1.com, but use its default DNS for all other lookups.
I'm running various Mac Minis and MacBooks, on 10.12 and 10.13. DNS, DHCP and VPN services run on Mac Server 10.12 at one business and a Synology NAS at the other.
I hope this makes sense and that someone can help.
Thanks!
Mac mini, OS X Server, null