Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Friday, August 17, 2018 8:14 PM
I have several Widnows 7/10 clients using custom (CMAK) VPN dialers and manually-created VPN dialers
In 99% of the cases, name resolution work well, because my VPN dialers tell VPN clients to use a set of FIXED DNS Servers as DNS resolvers, so, users can resolve names to INTERNAL LAN Ip addresses
But...
A particularr machine, a user is inside his home, using a Tenda WifiRouter and a Home cable internet.
When the user is in this particular scenario, all name resolutions are going through local WIFI router (192.168.0.1) even, when VPN interface connected and DNS servers statically defined in the VPN client config.
Like a route with priority, user looks like resolving names using the DNS server of the local EThernet interface insted of using the DNS server defined in the VPN interface.
Dozens users are using this very VPN connection daily and for now, only this particular user is resolving external names instead internal LAN names
the ethernet profile is "PUBLIC", which makes sense, is a home connection
the VPN conenction profile is DomainAuthenticated, which also makes sense, the VPN is AD-integrated
All VPN clients are configured to force their traffic to flow through VPN and the PC is the the domain-joined and uses a GPO to two DNS domain suffixes, so, uers don´t need to type dns suffixes when access internal LAN systems
so.. how can I make sure that, when connected by VPN, all DNS name resolutions must use the VPN interface?
additional info:
Before connecting VPN:
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 35
After VPN connection, metric for LAN is raised to a BIG number!
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 4260
0.0.0.0 0.0.0.0 On-Link 172.24.1.3 36
Monday, August 20, 2018 2:35 AM
Hi,
I'm not sure if this is about IPV6.
You could disable IPv6 on the LAN network adapter to check.
Also please refer to the link below about Windows 10 DNS resolution via VPN connection not working to check if it is helpful.
https://superuser.com/questions/966832/windows-10-dns-resolution-via-vpn-connection-not-working
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Monday, August 20, 2018 7:21 PM
My next step is to test:
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient" -Name DisableSmartNameResolution -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" -Name DisableParallelAandAAAA -Value 1 -Type DWord
But as far as I get, id doen´st work in Windows 10, so maybe the procedure is to use gpedit.msc and:
SMHNR is slightly changed for Windows 10 compared to Windows 8. In Windows 10, you can’t turn it off via the registry.
As for Windows 8, the best solution is to change the DNS settings for all network interfaces.
For Windows 10, you can use "Local Policies" to deactivate the feature. Follow the steps below to do this:
- Press WIN+R and write gpedit.msc
- Expand Administrative templates
- Expand Network
- Click DNS-client
- Double-click "Turn off smart multi-homed name resolution"
- Check the box called "Enabled"
- Click "Apply all" and then "OK"
https://superuser.com/questions/969171/multihomed-windows-10-dns-resolution-timeouts
https://www.ovpn.com/en/blog/deactivate-smart-multi-homed-name-resolution-in-windows-8-8-1-and-10/
https://www.ghacks.net/2017/08/14/turn-off-smart-multi-homed-name-resolution-in-windows/
https://gist.github.com/NickCraver/0a8fbf4917ffa558340f5151acadf746