# 🏝️SD-WAN | DNS Split Tunneling examples on Nepean Network's SD-WAN for a Local Use Case Breakout🥥

It is possible to send traffic over a specified link using Nepean Network's SD-WAN. The mechanism used is known as classification and local breakout can be implemented using IP addresses, ports, or any other protocol marking available via [tc](https://tldp.org/HOWTO/Traffic-Control-HOWTO/intro.html). By default it is easy when using IPs but what if you want to use DNS?

Well hold onto your hats, we going to show you how to do this for [YouTube](https://www.linkedin.com/company/youtube/)! This is achieved using either the nftables or iptables functionality available in DNSMASQ. DNSMASQ is the DNS and DHCP network configuration engine available using Nepean Network's SD-WAN.

```plaintext
sudo ipset create split hash:ip timeout 3600


In custom DNSMASQ add the following:

ipset=/youtube.com/split


In the startup script, fusionreboot.sh add:

/usr/sbin/ipset create split hash:ip
/usr/sbin/iptables -t mangle -I PREROUTING 1 -m set --match-set split dst -j MARK --set-mark 241
```

Ensure you have tunnel bypass active.

To view the bypass rules and see the list of IPs:

```plaintext
sudo iptables -t mangle -L -v --line-numbers -n

sudo ipset list split
```

You can use any domain and add it to the DNSMASQ configuration. You can even force a whole country on local break out. Here we add Mauritius:

```plaintext
ipset=/youtube.com/mu/split
```

This results in all traffic to any Mauritius domain going local.

---

[Ronald Bartels](https://www.linkedin.com/in/ronaldxbartels/) ensures that Internet inhabiting things are connected reliably online at [Nepean Networks](https://www.linkedin.com/company/fusion-broadband-south-africa/) - the leading specialized SD-WAN provider in South Africa. 👉 [Contact Nepean](https://nepeannetworks.com/company/contact-us)☕

---

%[https://hubandspoke.amastelek.com/discover-fusion]
