Share via


Windows 10 as VPN client is not resolving names with the appropriate DNS Servers

Question

Friday, August 17, 2018 8:14 PM

I have several Widnows 7/10 clients using custom (CMAK) VPN dialers and manually-created VPN dialers

In 99% of the cases, name resolution work well, because my VPN dialers tell VPN clients to use a set of FIXED DNS Servers as DNS resolvers, so, users can resolve names to INTERNAL LAN Ip addresses

But...

A particularr machine, a user is inside his home, using a Tenda WifiRouter and a Home cable internet.

When the user is in this particular scenario, all name resolutions are going through local WIFI router (192.168.0.1) even, when VPN interface connected and DNS servers statically defined in the VPN client config.

Like a route with priority, user looks like resolving names using the DNS server of the local EThernet interface insted  of using the DNS server defined in the VPN interface.

Dozens users are using this very VPN connection daily and for now, only this particular user is resolving external names instead internal LAN names

the ethernet profile is "PUBLIC",  which makes sense, is a home connection

the VPN conenction profile is DomainAuthenticated, which also makes sense, the VPN is AD-integrated

All VPN clients are configured to force their traffic to flow through VPN and the PC is the the domain-joined and uses a GPO to two DNS domain suffixes, so, uers don´t need to type dns suffixes when access internal LAN systems

so.. how can I make sure that, when connected by VPN, all DNS name resolutions must use the VPN interface?

additional info:

Before connecting VPN:

          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100     35

After VPN connection, metric for LAN is raised to a BIG number!

          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.100   4260
          0.0.0.0          0.0.0.0      On-Link        172.24.1.3      36

All replies (2)

Monday, August 20, 2018 2:35 AM

Hi,

I'm not sure if this is about IPV6.

You could disable IPv6 on the LAN network adapter to check.

Also please refer to the link below about Windows 10 DNS resolution via VPN connection not working to check if it is helpful.

https://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working

Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Regards,

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


Monday, August 20, 2018 7:21 PM

My next step is to test:

Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient" -Name DisableSmartNameResolution -Value 1 -Type DWord

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" -Name DisableParallelAandAAAA -Value 1 -Type DWord

But as far as I get, id doen´st work in Windows 10, so maybe the procedure is to use gpedit.msc and:

Windows 10

SMHNR is slightly changed for Windows 10 compared to Windows 8. In Windows 10, you can’t turn it off via the registry.

As for Windows 8, the best solution is to change the DNS settings for all network interfaces.

For Windows 10, you can use "Local Policies" to deactivate the feature. Follow the steps below to do this:

  1. Press WIN+R and write gpedit.msc
  2. Expand Administrative templates
  3. Expand Network
  4. Click DNS-client
  5. Double-click "Turn off smart multi-homed name resolution"
  6. Check the box called "Enabled"
  7. Click "Apply all" and then "OK"

https://superuser.com/questions/969171/multihomed-windows-10-dns-resolution-timeouts
https://www.ovpn.com/en/blog/deactivate-smart-multi-homed-name-resolution-in-windows-8-8-1-and-10/
https://www.ghacks.net/2017/08/14/turn-off-smart-multi-homed-name-resolution-in-windows/
https://gist.github.com/NickCraver/0a8fbf4917ffa558340f5151acadf746