All of my computers are members of an Active Directory domain. What this means is they need to resolve DNS for the local network against the local DNS servers which are the Active Directory domain controllers, because these internal names do not exist in the public DNS.

I thought maybe if I use the split-tunnel feature of the app, so only the specified things are going thru the VPN. But it appears that Split-tunnel does not affect DNS, so all of it still goes thru the VPN.

Because all DNS lookups are going thru the VPN, this causes the problem where I can’t resolve names on the local network and breaks Active Directory.

This would affect any of your customers who use PureVPN on their work computers in a Microsoft Active Directory environment, and still need to actually get any work done which requires access to local network resources, because of this issue the local resources don't work correctly when the VPN is active.

To support such a situation, your developers need to add the following capabilities in the Windows app:

• Ability to turn off completely the DNS Leak Protection feature (this would be marked as not recommended and basically a last resort)
• Ability to specify a list of domain name exceptions to DNS Leak Protection (example "mycompany.com")
• Modify the DNS Leak Protection to send any domains on that list to the locally-defined DNS servers instead of yours.

So, if the above feature were added, I could add “mycompany.com” and “myothercompany.com” to the exceptions list and any hostname ending with those (example: filestorage.mycompany.com, mail.myothercompany.com) would not be sent to your DNS and instead would be resolved correctly by the local AD DNS. Thus allowing me to use VPN and local shared resources at the same time.