Cisco is looking for an enhancement of chrome.vpnProvider to allow a network configuration where public DNS names are solved against the public interface's DNS servers, while private DNS names are resolved over a VPN tunnel. For example, if a service needs to go on prem but a different service does not, DNS can be used to whitelist and blacklist offering further granularity than per-app VPN.

This would likely require a splitDNSDomains field in setParameters. This would be an array of strings that would be matched against a DNS query to determine whether it should be resolved inside of the VPN tunnel or not. If this field is empty, it would revert to the default or current behavior chosen based on routing policy.