It is possible to configure Windows to use different DNS servers for different domains?

1

It is possible to configure Windows to use different DNS servers for different domains?

I am configuring a company VPN. The VPN allows split-tunnelling (users can access the Internet directly, without going through the VPN). For performance, DNS queries use their local DNS server.

However, there are a number of internal system names. So I would like requests for mycompany.com to use the internal name server, rather that their default local DNS server.

paj28

Posted 2014-08-07T09:41:01.037

Reputation: 243

One search keyword you could look for is dns "conditional forwarding", e.g. http://technet.microsoft.com/en-us/library/cc794735(v=ws.10).aspx

– Jason C – 2014-08-07T09:58:27.757

Answers

1

I've had a similar problem on my Windows clients and I use a script that OpenVPN runs after connecting the VPN:

@netsh interface ipv4 add dnsservers name="YourVPNInterfaceName" address=YourCompanyDNSIP index=1 validate=no

YourVPNInterfaceName is the display name of TUN/TAP network interface that your VPN is being run on. To force OpenVPN to use specific interface, use dev-node "YourVPNInterfaceName" in OpenVPN config file. If you have only one interface, no need to force anything, of course.

To make OpenVPN run this script after connecting:

  1. go to your config dir (default: %ProgramFiles%\OpenVPN\config\)
  2. check your .ovpn file name (eg. myVPN.ovpn)
  3. save script as MyFileName_up.bat (eg. myVPN_up.bat) in the same dir

OpenVPN will automatically recognize and use this file.

Michał Sacharewicz

Posted 2014-08-07T09:41:01.037

Reputation: 1 944

Thanks Michal. What queries will go through this name server? All of them - or just ones for some particular domain? Also, what is the difference between this and pushing a DNS server via DHCP option? – paj28 – 2014-08-07T13:37:26.163

All queries will go through this nameserver (or should, I'll write more in next comment). Pushing this via OpenVPN server with DHCP option should be equally effective, though I had trouble getting enough attention from person who administers OpenVPN and decided to fix things client-side. I assumed you also had no administrative access over OpenVPN server. – Michał Sacharewicz – 2014-08-07T18:01:52.723

Also since writing this down, I began to wonder why does it really work. I don't exactly know how did Microsoft design it's system. If you assume that Windows uses DNS servers from all interfaces, you would expect random problems with resolving names. I did not ecounter such problems. If you assume it uses DNS from the interface that has been upped as last one, then you'd expect DNS not working when upping the OpenVPN server with no DNS passed through DHCP. Probably truth is somewhere between :) – Michał Sacharewicz – 2014-08-07T18:05:59.827

Yeah, I do have admin access. Thanks for your suggestion, but I don't think this helps me. DNS servers are a global list, they're not per-interface, as Windows doesn't know which interface a host name goes to until after the DNS lookup. – paj28 – 2014-08-07T19:39:46.117

Other than that, you have only two real alternatives. You may setup your own DNS server in your network or directly on your client if you want it mobile. – Michał Sacharewicz – 2014-08-08T07:59:16.873

You may deploy some lightweight DNS server like MaraDNS and indeed set up some conditional forwarders. This would work efficiently only when your company domain names have some common root, though.

– Michał Sacharewicz – 2014-08-08T08:04:26.093

Asked: 2014-08-07T09:41:01.037

Viewed: 1 324 times

Active: 2014-08-07T11:29:04.847