Windows 10 DNS resolution via VPN connection not working
In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.
The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).
This was working properly in previous version of Windows.
This was widely discussed on this microsoft answers thread.
vpn dns windows-10
add a comment |
In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.
The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).
This was working properly in previous version of Windows.
This was widely discussed on this microsoft answers thread.
vpn dns windows-10
It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05
Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04
tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22
add a comment |
In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.
The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).
This was working properly in previous version of Windows.
This was widely discussed on this microsoft answers thread.
vpn dns windows-10
In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.
The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).
This was working properly in previous version of Windows.
This was widely discussed on this microsoft answers thread.
vpn dns windows-10
vpn dns windows-10
edited Sep 3 '15 at 16:21
asked Sep 3 '15 at 13:42
ECC-Dan
7661610
7661610
It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05
Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04
tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22
add a comment |
It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05
Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04
tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22
It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05
It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05
Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04
Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04
tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22
tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22
add a comment |
3 Answers
3
active
oldest
votes
I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).
This can be done two ways:
Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;
Command line:netsh int ip set interface interface="LAN CONNECTION NAME" metric=15
The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.
This works with Split Tunneling and is a permanent fix across reconnections and reboots.
Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.
Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.
Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:
1. Get-VpnConnection
2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local
2
For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
– ceinmart
Oct 28 '15 at 1:04
3
This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
– Adam Strohl
Jan 30 '16 at 11:32
Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
– dognose
Jun 29 '16 at 23:13
Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
– Gaia
Jul 29 '16 at 17:36
Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as1
, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
– RayLuo
Nov 29 '16 at 8:54
add a comment |
I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":
http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1
Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:
https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda
Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:
Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
Value: DisableSmartNameResolution
Data: 1
Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
Value: DisableParallelAandAAAA
Data: 1
Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.
add a comment |
It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).
It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).
It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).
add a comment |
protected by Community♦ Jul 17 '16 at 14:06
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).
This can be done two ways:
Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;
Command line:netsh int ip set interface interface="LAN CONNECTION NAME" metric=15
The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.
This works with Split Tunneling and is a permanent fix across reconnections and reboots.
Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.
Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.
Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:
1. Get-VpnConnection
2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local
2
For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
– ceinmart
Oct 28 '15 at 1:04
3
This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
– Adam Strohl
Jan 30 '16 at 11:32
Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
– dognose
Jun 29 '16 at 23:13
Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
– Gaia
Jul 29 '16 at 17:36
Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as1
, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
– RayLuo
Nov 29 '16 at 8:54
add a comment |
I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).
This can be done two ways:
Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;
Command line:netsh int ip set interface interface="LAN CONNECTION NAME" metric=15
The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.
This works with Split Tunneling and is a permanent fix across reconnections and reboots.
Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.
Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.
Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:
1. Get-VpnConnection
2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local
2
For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
– ceinmart
Oct 28 '15 at 1:04
3
This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
– Adam Strohl
Jan 30 '16 at 11:32
Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
– dognose
Jun 29 '16 at 23:13
Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
– Gaia
Jul 29 '16 at 17:36
Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as1
, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
– RayLuo
Nov 29 '16 at 8:54
add a comment |
I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).
This can be done two ways:
Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;
Command line:netsh int ip set interface interface="LAN CONNECTION NAME" metric=15
The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.
This works with Split Tunneling and is a permanent fix across reconnections and reboots.
Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.
Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.
Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:
1. Get-VpnConnection
2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local
I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).
This can be done two ways:
Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;
Command line:netsh int ip set interface interface="LAN CONNECTION NAME" metric=15
The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.
This works with Split Tunneling and is a permanent fix across reconnections and reboots.
Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.
Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.
Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:
1. Get-VpnConnection
2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local
edited Mar 20 '17 at 10:04
Community♦
1
1
answered Sep 3 '15 at 13:42
ECC-Dan
7661610
7661610
2
For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
– ceinmart
Oct 28 '15 at 1:04
3
This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
– Adam Strohl
Jan 30 '16 at 11:32
Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
– dognose
Jun 29 '16 at 23:13
Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
– Gaia
Jul 29 '16 at 17:36
Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as1
, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
– RayLuo
Nov 29 '16 at 8:54
add a comment |
2
For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
– ceinmart
Oct 28 '15 at 1:04
3
This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
– Adam Strohl
Jan 30 '16 at 11:32
Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
– dognose
Jun 29 '16 at 23:13
Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
– Gaia
Jul 29 '16 at 17:36
Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as1
, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
– RayLuo
Nov 29 '16 at 8:54
2
2
For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
– ceinmart
Oct 28 '15 at 1:04
For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
– ceinmart
Oct 28 '15 at 1:04
3
3
This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
– Adam Strohl
Jan 30 '16 at 11:32
This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
– Adam Strohl
Jan 30 '16 at 11:32
Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
– dognose
Jun 29 '16 at 23:13
Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
– dognose
Jun 29 '16 at 23:13
Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
– Gaia
Jul 29 '16 at 17:36
Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
– Gaia
Jul 29 '16 at 17:36
Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as
1
, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.– RayLuo
Nov 29 '16 at 8:54
Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as
1
, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.– RayLuo
Nov 29 '16 at 8:54
add a comment |
I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":
http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1
Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:
https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda
Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:
Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
Value: DisableSmartNameResolution
Data: 1
Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
Value: DisableParallelAandAAAA
Data: 1
Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.
add a comment |
I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":
http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1
Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:
https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda
Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:
Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
Value: DisableSmartNameResolution
Data: 1
Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
Value: DisableParallelAandAAAA
Data: 1
Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.
add a comment |
I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":
http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1
Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:
https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda
Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:
Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
Value: DisableSmartNameResolution
Data: 1
Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
Value: DisableParallelAandAAAA
Data: 1
Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.
I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":
http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1
Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.
Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:
https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda
Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:
Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
Value: DisableSmartNameResolution
Data: 1
Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
Value: DisableParallelAandAAAA
Data: 1
Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.
edited Feb 23 '16 at 1:09
answered Feb 20 '16 at 1:07
LikeARock47
9113
9113
add a comment |
add a comment |
It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).
It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).
It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).
add a comment |
It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).
It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).
It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).
add a comment |
It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).
It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).
It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).
It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).
It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).
It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).
answered Dec 7 '18 at 20:36
Milan Kerslager
514
514
add a comment |
add a comment |
protected by Community♦ Jul 17 '16 at 14:06
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05
Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04
tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22