Windows 10, VPN and slow DNS lookups

10

4

I can't seem to figure this one out. I was using windows 7 and I had no issues with being VPN'ed into work and browsing websites. Since switching to Windows 10, it's another matter.

Windows 10 and no VPN, no issue. I can ping google.com and immediately get a response as well as the IP address. Windows 10 and VPN, The initial ping takes a good 10 seconds before getting responses. Once I get the IP it's fast, but the initial DNS lookup is slow. I can ping addresses directly and there's no delay so it's definitely DNS related.

I've done this in PowerShell:

Get-VpnConnection

Set-VpnConnection -Name "VPN Name" -SplitTunneling $True

I believe it works in the sense that very little traffic goes through the VPN, but DNS requests are still slow.

I've also disabled IPv6 from the VPN connection.

If it were possible to set the DNS servers to be used by the vpn connection, I think my issue would be gone, but I can't set them. The properties button on IPv4 doesn't do anything... at least not for the VPN connection.

Any other suggestions to get this to work smoothly?

Recognizer

Posted 2015-09-01T20:31:46.103

Reputation: 893

1

See if this answer improves the situation.

– harrymc – 2015-09-04T14:08:46.703

It didn't seem to unfortunately. – Recognizer – 2015-09-04T14:33:19.637

1

It seems like Windows 10 VPN is full of bugs and missing code. Try setting DisableParallelAandAAAA as described here and DisableSmartNameResolution as described here. Reboot after each change. It seems like VPN problems in Windows 10 have driven many people back to Windows 7/8, so you should be thankful that your problem is only a 10 seconds lag.

– harrymc – 2015-09-04T18:33:27.910

I might actually switch back to 7 myself. – Recognizer – 2015-09-04T19:38:19.767

If you have upgraded from 7 to 10 and not deleted the folder Windows.old, then going back is easy. – harrymc – 2015-09-04T21:31:24.367

It sounds like your VPN connection is appending the VPN DNS servers to the end of the list and leaving the non-VPN DNS at the top. Then the resolver is having to timeout on the non-DNS servers before it gets to the reachable VPN DNS. You can confirm this with IPCONFIG /ALL, comparing while disconnected and connected to the VPN. If this is in fact the case, you should be able to do some clever Powershell'ing or netsh'ing to workaround this (sorry, neither of those is my area of expertise so I can't propose examples) – Brandon Xavier – 2015-09-06T13:35:57.923

@BrandonXavier: Not for Windows 10, where the resolver was rewritten to issue DNS queries to all adapters in parallel, then take the first answer to arrive. Probably that rewrite introduced some new bug that the poster is encountering. – harrymc – 2015-09-06T17:57:38.077

Thanks harrymc. That's interesting and good to know. Also, just did a packet capture on my Windows 10 box, it seems nslookup doesn't use the SNR - test queries only produced single queries, while things using the resolver libraries (this browser, ping, etc.) produced parallel queries. Wonder if disabling SNR reverts it back to the classic sequential behavior? – Brandon Xavier – 2015-09-06T19:26:42.327

@BrandonXavier: My second comment above shows theoretically how to return the behavior as much as possible to that of previous Windows versions, but I don't know if the poster tried them. If you are tracing it, you might try these and comment upon them - I'm interested too. – harrymc – 2015-09-06T20:06:31.623

I have similar issues. Even after disconnecting from the VPN performance is bad until a reboot. I've got additional bugs like being unable to access IPv4 or IPv6 properties for any network adapters. This is on a fresh Win10 install. – Chris Herring – 2015-09-06T23:10:35.617

@ChrisHerring: Apparently the Properties-handling code went missing in Win10. I don't think that version 10 was really ready for release. – harrymc – 2015-09-07T05:40:22.420

@Recognizer: Comments were made, and it's time for you to indicate whether any of them should be expanded into an answer that is acceptable to you. IMO your choices are really (1) downgrade to Win7 or (2) waiting on Microsoft for a fix. – harrymc – 2015-09-07T06:58:06.713

I'll downgrade. Who knows how long it will be before Microsoft fixed the issue. – Recognizer – 2015-09-07T10:35:36.723

The procedure for the downgrade is detailed in my answer. – harrymc – 2015-09-07T17:56:52.237

Looks like this issue has been resolved at least as of Windows 10 build 10565. I have since returned back to Windows 10 and can confirm that I no longer get this issue. – Recognizer – 2015-11-23T19:12:12.677

Not sure if anyone mentioned this but we found setting the Automatic metric to a lower priority to help with DNS issue. Once we set the network connection for our VPN connection to 1, we could get all our resources. Our issue now is, the NIC is taking forever to connect and only when navigation to the Network interface does it finally connect. – Stacy Drakeford – 2018-06-25T12:02:23.113

Answers

3

If in the current version of Windows 10, VPN seems to have too many problems, this might leave only two options :

  1. Wait for VPN to be fixed in Windows 10
  2. Downgrade to Windows 7, as described below :

If you have installed Windows 10 over Windows 7, and you have kept the resulting folder C:\Windows.old, then you can use it to return to Windows 7.

This is the procedure :

  • In the Windows 10 Start menu select Settings
  • Click Update & Security
  • Under "Go back to a previous version of Windows", click Get started
  • Enter some angry message text into the "Why are you going back?" screen
  • Click Next and wait, as this will take some time
  • You will need to have your password to Windows 7 once the process is finished.

This is further explained in detail with screenshots in the article : How to downgrade Windows 10.

If you have deleted the Windows.old folder, a clean install of Windows 7 is probably the only remaining way to downgrade.

Ensure that you have a complete backup of your data before starting.

harrymc

Posted 2015-09-01T20:31:46.103

Reputation: 306 093

7

Disable IPv6 both on your NIC and the VPN. That did it for me.

Frank

Posted 2015-09-01T20:31:46.103

Reputation: 71

How does one do this exactly? – Ramhound – 2015-09-09T12:58:45.400

THANK YOU! worked for me too. @Ramhound, Network and Internet> Ethernet> Change Adapter options> <select your adapter>, right click properties. Uncheck Internet protocol version 6> OK. – asp316 – 2015-09-10T23:03:05.567

@asp316 - I know how. I was asking for clarification so the answer was of acceptable quality. – Ramhound – 2015-09-11T00:59:49.837

1

I had this problem in Win 10 - Chrome / Firefox and Edge. I disabled IPV6 on the ethernet NIC and the DNS lookup up time reduced from 20+ seconds to almost instantaneous. Settings / Network & Internet / Ethernet / Change Adapter Settings / Properties - and untick Internet Protocol V6.

Richard Goodband

Posted 2015-09-01T20:31:46.103

Reputation: 11

1

I had a same problem and found a solution which worked for me. What I did was to change the binding order of adapters in Windows 10 in such a way that Wifi has less priority than VPN. Here's how to do that:

  1. Open a PowerShell as Administrator
  2. See all the adapters with the command netstat -rn
  3. View the interface index using the command Get-NetIPInterface
  4. Change the metrics of the Wifi adapter to be a bigger number than the VPN (in my adapters list the VPN was listed as Microsoft Wi-Fi Direct Virtual Adapter)

You make this change with the following command: Set-NetIPInterface -InterfaceIndex "type the interface index of the wifi card inside double quotes" -InterfaceMetric "type the new metric which should be a bigger number than the virtual adapter inside double quotes"

I hope that helps, it worked for me.

nick

Posted 2015-09-01T20:31:46.103

Reputation: 11

Asked: 2015-09-01T20:31:46.103

Viewed: 14 489 times

Active: 2018-06-25T12:44:08.913