DNSCrypt: How to prevent Windows from resolving blacklisted names?

1

I set up DNSCrypt in Windows 10 and disabled the DNS Client service, which caches and resolves DNS. Then, for testing purpose, I put *google* in the DNSCrypt block list and tried to resolve the name. Indeed it blocks:

enter image description here

However, when I try to navigate to google.com in the browser it opens the website (although it takes longer to resolve the name)

So why the name was resolved and who resolved it? Is there a way to avoid these DNS "trespassing"?

enter image description here

Azevedo

Posted 2018-08-15T22:40:46.473

Reputation: 511

Answers

1

I found the problem and the solution.

Turns out, when you change the DNS IP in the NIC, Windows will not discard that DNS IP. It will keep that DNS IP in a "hidden" list. Later, it will use those DNS you have removed. Tricky and nasty Windows. Just click in 'advanced' and then you can see Windows kept all the old DNS IPs you once have used.

enter image description here

I removed all those IPs and set only 127.0.0.1. Problem solved.

Note that Mozilla Firefox 60 may use its own DNS to resolve addresses.

Update: to remove all prior DNS server IPs from the command line:

netsh interface ipv4 delete dnsserver "Ethernet" all

Azevedo

Posted 2018-08-15T22:40:46.473

Reputation: 511

Asked: 2018-08-15T22:40:46.473

Viewed: 618 times

Active: 2018-08-16T16:40:35.850