Question : Can we separate IAP-VPN L2-CENTRALIZED DNS request based on sub domain.
BY default IAP proxy the DNS request of the L2-Centralized users.
If we define "*" in the enterprise domain then all the DNS request will go through the tunnel. however, we could also define
abc.xyz.com in enterprise domain
in this case lmn.xyz.com will be proxy by the IAP and only abc.xyz.com will go through the tunnel.
So even for same domain we can separate the sub-domain as the FQDN is considered.