This post is about getting the DNS servers to work correctly on Mac OSx when doing split tunnel (not sending all traffic across the VPN). I use StrongSwan as my VPN server and only want my local network traffic to go across the VPN and all other traffic to go out over the client's regular internet connection. The problem was that on the Mac (didn't test with Android/iPhone) it would not resolve the internal dns requests. Windows clients worked as expected. I spent a few hours figuring this out and it turned out you need to set a custom attribute.

In /etc/strongswan.d/charon/attr.conf you will need to add a new custom attribute 25 and set it to your local dns domain name.

My attr.conf now looks like this:

# Section to specify arbitrary attributes that are assigned to a peer via
# configuration payload (CP).
attr {
    25 = internaldomain.org

    # <attr> is an attribute name or an integer, values can be an IP address,
    # subnet or arbitrary value.
    # <attr> =

    # Whether to load the plugin. Can also be an integer to increase the
    # priority of this plugin.
    load = yes
}