9

When connected to a VPN network how does the windows DNS client choose a prefered DNS server, between the DNS servers configured for the local connection and the server statically defined for the VPN?

I have seen the answers to 'How does Windows decides which DNS Server to use when resolving names?' explaining that the interface metric is used to choose a preferred adapter and hence preferred DNS, however this does not seem to be the case when connected to a VPN?

Community
  • 1
Jem Tucker
  • 225
  • 1
  • 8
  • Because i have manually set the interface metric of the VPN adapter to be higher than any other, yet all DNS requests are still sent to the VPNs DNS server. – Jem Tucker Feb 02 '16 at 10:23
  • Yes i have verified the metric setting. The VPN has a single statically defined server, will this always be chosen then? – Jem Tucker Feb 02 '16 at 10:35
  • 1
    So the VPN is set up to only route traffic when the interface is explicitly bound to (e.g. route/if metrics are set higher than all others) however the DNS server of the VPN is being preferred and therefore no requests can resolve straight away. – Jem Tucker Feb 02 '16 at 10:45
  • @Reaces When I view `Adapter and Bindings` as per here: http://windows.microsoft.com/en-us/windows/change-network-protocol-bindings-order#1TC=windows-7 - my VPN is bellow at the end of the list. So does it mean, that DNS defined on the VPN connection is used only for VPN specific(local) addresses? – Vojtěch Dohnal Feb 02 '16 at 10:46
  • @VojtěchDohnal Are you asking whether the choice of which DNS server to use for resolving a host name depends on which IP address the host name resolves to? – kasperd Feb 05 '16 at 12:31
  • @kasperd Not exactly on the IP address resolved but on the domain name defined locally - domains defined on VPN's internal DNS resolve using that internal server, the rest uses the DNS server defined not on the VPN adapter but on the LAN adapter - but probably this is not the way it works, but this behavior would be useful for me. – Vojtěch Dohnal Feb 05 '16 at 12:44

1 Answers1

1

It depends of the VPN that you are using... usually, Windows resolves everything through the VPN tunnel.

Other solutions such as DirectAccess for example, let you define a NRPT to determine how a specific namespace should be resolved.

Swisstone
  • 6,357
  • 7
  • 21
  • 32