Join Log in
Score:0
avatar Server

DNS Server Search order in Windows 10 and VPNs

ph flag
JamesThomasMoon

DNS queries to hosts accessible through a VPN fail. How to fix?

On a Windows 10 host, DNS queries for hosts known only to the VPN-accessible DNS Server fail to resolve. The DNS queries are sent to my local DNS Server (192.168.1.1) which returns no DNS Answers. DNS queries are not sent to the VPN-accessible DNS Server (10.0.1.1).

Powershell Get-DnsClientServerAddress shows:

PS> Get-DnsClientServerAddress
InterfaceAlias               Interface Address ServerAddresses
                             Index     Family
--------------               --------- ------- ---------------
Ethernet                            10 IPv4    {192.168.1.1}
Ethernet                            10 IPv6    {}
VPN                                 20 IPv4    {10.0.1.1}
VPN                                 20 IPv6    {}

Pinging the VPN DNS Server succeeds (ping 10.0.1.1).
Resolving a DNS name of google.com succeeds (Resolve-DnsName google.com).
However, resolving a DNS name of VPN-accessible host server.corp.com fails.

PS> Resolve-DNSName server.corp.com
PS>

How can I force DNS queries to prefer the VPN-accessible DNS Server at 10.0.1.1?

236
1 + 0
vpn
Score:0
avatar Server
ph flag
JamesThomasMoon

Change the InterfaceMetric for the VPN interface to be lower in value (more important) than the local Ethernet interface.

Using Get-NetIPInterface, the interface metrics were

PS> Get-NetIPInterface
ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
------- -------------- ------------- ------------ --------------- ----     --------------- -----------
10      Ethernet       IPv6                  1500              35 Enabled  Connected       ActiveStore
10      Ethernet       IPv4                  1500            4000 Enabled  Connected       ActiveStore
20      VPN            IPv4                  1400              35 Disabled Connected       ActiveStore

(yes, it is odd that the Ethernet interface has AddressFamily IPv4 high integer value 4000 for InterfaceMetric, has AddressFamily IPv6 low integer value 35 for InterfaceMetric yet no IPv6 Address is assigned to the interface)

Using Set-NetIPInterface I changed the VPN interface property InterfaceMetric to lower integer value 15 for AddressFamily IPv4 (requires Administrator permissions)

PS> Set-NetIPInterface -InterfaceIndex 20 -InterfaceMetric 15

Now the DNS queries for hosts known to the VPN-accessible DNS Server will succeed.

PS> Resolve-DNSName server.corp.com
Name                  Type   TTL   Section    IPAddress
----                  ----   ---   -------    ---------
server.corp.com       A      130   Answer     10.0.1.2
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.