Windows 10 DNS resolution via VPN connection not working












43














In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.



The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).



This was working properly in previous version of Windows.



This was widely discussed on this microsoft answers thread.










share|improve this question
























  • It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
    – Máté Juhász
    Sep 3 '15 at 14:05










  • Edited as suggested.
    – ECC-Dan
    Sep 3 '15 at 16:04










  • tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
    – dognose
    Jun 29 '16 at 23:22


















43














In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.



The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).



This was working properly in previous version of Windows.



This was widely discussed on this microsoft answers thread.










share|improve this question
























  • It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
    – Máté Juhász
    Sep 3 '15 at 14:05










  • Edited as suggested.
    – ECC-Dan
    Sep 3 '15 at 16:04










  • tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
    – dognose
    Jun 29 '16 at 23:22
















43












43








43


17





In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.



The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).



This was working properly in previous version of Windows.



This was widely discussed on this microsoft answers thread.










share|improve this question















In Windows 10, when connected to a VPN with Split Tunneling enabled (Gateway disabled), DNS resolution always uses the LAN DNS servers, ignoring the DNS servers and the DNS Suffix set on the VPN connection.



The expected behavior is to use the VPN's DNS servers, otherwise it becomes impossible to resolve DNS entries on the remote network (such as domain computers).



This was working properly in previous version of Windows.



This was widely discussed on this microsoft answers thread.







vpn dns windows-10






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 3 '15 at 16:21

























asked Sep 3 '15 at 13:42









ECC-Dan

7661610




7661610












  • It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
    – Máté Juhász
    Sep 3 '15 at 14:05










  • Edited as suggested.
    – ECC-Dan
    Sep 3 '15 at 16:04










  • tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
    – dognose
    Jun 29 '16 at 23:22




















  • It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
    – Máté Juhász
    Sep 3 '15 at 14:05










  • Edited as suggested.
    – ECC-Dan
    Sep 3 '15 at 16:04










  • tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
    – dognose
    Jun 29 '16 at 23:22


















It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05




It's not clear from your question what is your problem (do you want it to use DNS server specified by the VPN?), please edit it.
– Máté Juhász
Sep 3 '15 at 14:05












Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04




Edited as suggested.
– ECC-Dan
Sep 3 '15 at 16:04












tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22






tbh: Then there is something wrong with your servers. The first DNS request should ALWAYS hit the local servers. Only if the host is unresolvable the system should attempt to query the Remote-DNS. Your issue might be, that local and remote networks are running on the same subnets, thus the local one is claiming "to be able to resolve the query", but delivers "host not found"? (If a Server configured to server the subnet a.b.c.d cannot resolve a host, no further dns-server for this subnet is queried, unless primary is offline, since they SHOULD be in sync - hence it assumes the host is unknown)
– dognose
Jun 29 '16 at 23:22












3 Answers
3






active

oldest

votes


















45














I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).



This can be done two ways:





  • Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;


  • Command line: netsh int ip set interface interface="LAN CONNECTION NAME" metric=15


The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.



This works with Split Tunneling and is a permanent fix across reconnections and reboots.



Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.



Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.



Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:



1. Get-VpnConnection
2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local





share|improve this answer



















  • 2




    For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
    – ceinmart
    Oct 28 '15 at 1:04








  • 3




    This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
    – Adam Strohl
    Jan 30 '16 at 11:32












  • Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
    – dognose
    Jun 29 '16 at 23:13












  • Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
    – Gaia
    Jul 29 '16 at 17:36










  • Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as 1, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
    – RayLuo
    Nov 29 '16 at 8:54



















9














I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":



http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1



Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:



https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda



Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:



Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
Value: DisableSmartNameResolution
Data: 1

Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
Value: DisableParallelAandAAAA
Data: 1


Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.






share|improve this answer































    1














    It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).



    It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).



    It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).






    share|improve this answer




















      protected by Community Jul 17 '16 at 14:06



      Thank you for your interest in this question.
      Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



      Would you like to answer one of these unanswered questions instead?














      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      45














      I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).



      This can be done two ways:





      • Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;


      • Command line: netsh int ip set interface interface="LAN CONNECTION NAME" metric=15


      The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.



      This works with Split Tunneling and is a permanent fix across reconnections and reboots.



      Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.



      Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.



      Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:



      1. Get-VpnConnection
      2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
      3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local





      share|improve this answer



















      • 2




        For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
        – ceinmart
        Oct 28 '15 at 1:04








      • 3




        This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
        – Adam Strohl
        Jan 30 '16 at 11:32












      • Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
        – dognose
        Jun 29 '16 at 23:13












      • Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
        – Gaia
        Jul 29 '16 at 17:36










      • Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as 1, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
        – RayLuo
        Nov 29 '16 at 8:54
















      45














      I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).



      This can be done two ways:





      • Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;


      • Command line: netsh int ip set interface interface="LAN CONNECTION NAME" metric=15


      The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.



      This works with Split Tunneling and is a permanent fix across reconnections and reboots.



      Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.



      Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.



      Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:



      1. Get-VpnConnection
      2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
      3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local





      share|improve this answer



















      • 2




        For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
        – ceinmart
        Oct 28 '15 at 1:04








      • 3




        This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
        – Adam Strohl
        Jan 30 '16 at 11:32












      • Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
        – dognose
        Jun 29 '16 at 23:13












      • Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
        – Gaia
        Jul 29 '16 at 17:36










      • Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as 1, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
        – RayLuo
        Nov 29 '16 at 8:54














      45












      45








      45






      I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).



      This can be done two ways:





      • Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;


      • Command line: netsh int ip set interface interface="LAN CONNECTION NAME" metric=15


      The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.



      This works with Split Tunneling and is a permanent fix across reconnections and reboots.



      Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.



      Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.



      Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:



      1. Get-VpnConnection
      2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
      3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local





      share|improve this answer














      I have fixed this problem permanently by manually setting the metric of my LAN connection to be higher (15) than the one windows assigns to my VPN (11).



      This can be done two ways:





      • Through the GUI: Network connections, Properties, TCP/IP v4 Properties, Advanced, Set Metric to 15;


      • Command line: netsh int ip set interface interface="LAN CONNECTION NAME" metric=15


      The effect is immediate (at least when using the command line) and DNS lookups now go through my VPN as expected.



      This works with Split Tunneling and is a permanent fix across reconnections and reboots.



      Note that you could also change the metric of the VPN instead of the LAN connection, but this wouldn't be permanent as Windows resets the metric when the connection is established.



      Depending on your environment, you may have a different default metric for your LAN and VPN connection. Simply adjust accordingly so that your VPN has a lower metric than your LAN connection.



      Furthermore, if you find that you cannot edit your VPN's TCP/IP properties because that was also broken in Windows 10, you can set most properties through Powershell:



      1. Get-VpnConnection
      2. Set-VpnConnection -Name "myVPN" -SplitTunneling $True
      3. Set-VpnConnection -Name "myVPN" -DnsSuffix yourdomain.local






      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Mar 20 '17 at 10:04









      Community

      1




      1










      answered Sep 3 '15 at 13:42









      ECC-Dan

      7661610




      7661610








      • 2




        For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
        – ceinmart
        Oct 28 '15 at 1:04








      • 3




        This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
        – Adam Strohl
        Jan 30 '16 at 11:32












      • Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
        – dognose
        Jun 29 '16 at 23:13












      • Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
        – Gaia
        Jul 29 '16 at 17:36










      • Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as 1, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
        – RayLuo
        Nov 29 '16 at 8:54














      • 2




        For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
        – ceinmart
        Oct 28 '15 at 1:04








      • 3




        This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
        – Adam Strohl
        Jan 30 '16 at 11:32












      • Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
        – dognose
        Jun 29 '16 at 23:13












      • Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
        – Gaia
        Jul 29 '16 at 17:36










      • Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as 1, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
        – RayLuo
        Nov 29 '16 at 8:54








      2




      2




      For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
      – ceinmart
      Oct 28 '15 at 1:04






      For me this not work... I have two machine with windows 10 , one works all fine other is problematic with VPN. I able to resolve the default gateway enabling the SplitTunneling, but the DNS of VPN still not recognize either when I change the metric...
      – ceinmart
      Oct 28 '15 at 1:04






      3




      3




      This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
      – Adam Strohl
      Jan 30 '16 at 11:32






      This fixed the issue for us (and we've been battling it for some time), with one important additional step -- disabling IPv6. Our VPN does not do IPv6 but my understanding is any IPv6 resolver will take precedent over IPv4 ones. Once we disabled IPv6 on the adapters then adjusted the metrics split-tunnel DNS resumed working. If your VPN supports IPv6 this is likely not needed and if the metric adjustment by itself fixes DNS for you keep IPv6 enabled on your adapter.
      – Adam Strohl
      Jan 30 '16 at 11:32














      Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
      – dognose
      Jun 29 '16 at 23:13






      Fun fact: For me the issue was "vice versa" - When connected to VPN, Windows was unable to resolve local FQDNs... It was setting up the default Metric for the "VPN-Connection" to 1 - so I gave the local connection a lower number which resolved my issue. (My local servers are configured correctly, so any unresolvable name will be queried on the connection of "second preference" - which makes now both: local and remote dns to work as expected while VPN is established.)
      – dognose
      Jun 29 '16 at 23:13














      Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
      – Gaia
      Jul 29 '16 at 17:36




      Any idea why this fix is only needed for me when connecting via one ISP but not the other (both coaxial cable connected)?
      – Gaia
      Jul 29 '16 at 17:36












      Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as 1, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
      – RayLuo
      Nov 29 '16 at 8:54




      Somehow I got the reversed issue in the first place: my local Win10 laptop automatically uses only the DNS in VPN (most of the time), and because that DNS in that internal VPN is not (yet) configurated to provide DNS service, I can not browse any internet website during my VPN enabling period. So, I use this solution in a reverse way, i.e. setting my local LAN connection to be a number as small as 1, which seemingly solves the problem for now. FWIW, I don't know the metric value for my VPN connection though, because there is no "Advance" button in the VPN connection properties pop-up window.
      – RayLuo
      Nov 29 '16 at 8:54













      9














      I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":



      http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1



      Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



      On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



      Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:



      https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda



      Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:



      Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
      Value: DisableSmartNameResolution
      Data: 1

      Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
      Value: DisableParallelAandAAAA
      Data: 1


      Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.






      share|improve this answer




























        9














        I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":



        http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1



        Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



        On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



        Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:



        https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda



        Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:



        Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
        Value: DisableSmartNameResolution
        Data: 1

        Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
        Value: DisableParallelAandAAAA
        Data: 1


        Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.






        share|improve this answer


























          9












          9








          9






          I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":



          http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1



          Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



          On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



          Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:



          https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda



          Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:



          Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
          Value: DisableSmartNameResolution
          Data: 1

          Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
          Value: DisableParallelAandAAAA
          Data: 1


          Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.






          share|improve this answer














          I spun up a fresh install of Windows 10 in a VM to test on after seeing this issue on every physical Win10 machine I have. I tested all of the answers in this thread and none of them worked. I discovered that the solution is to combine the answers posted here by "Keenans" and "ECC-Dan":



          http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/win-10-dns-resolution-of-remote-network-via-vpn/513bdeea-0d18-462e-9ec3-a41129eec736?page=1



          Control Panel > Network and Sharing Center > Change adapter settings > Right click your Ethernet or Wifi adapter > Properties > double click IPv4 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



          On that same Properties page, double click IPv6 > Advanced > Uncheck Automatic Metric > Enter 15 for interface metric > OK > OK.



          Only after changing both of those settings is the issue resolved. I tested changing either one back and it breaks again. After changing both I ran nslookup from command line and it returned the DNS server on the remote network where the VPN is connected to, where as otherwise it would return the local DNS server. I then used Wireshark capturing on the Ethernet interface, did some pings to random websites, and verified that there were no DNS packets captured. This proves that after making the changes, DNS queries are being sent ONLY over the VPN connection, and not simultaneously over all connections (which is known as the Win10 DNS leak). So this is also part of the solution for the Win10 DNS leak:



          https://medium.com/@ValdikSS/beware-of-windows-10-dns-resolver-and-dns-leaks-5bc5bfb4e3f1#.7ppsn1nda



          Note that fix the DNS leak, you first need to do the steps above. Then you need to set two registry values. The linked articles only list one, which by itself, does not fix the issue in newer builds of Win10. Set these registry values:



          Key: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows NTDNSClient
          Value: DisableSmartNameResolution
          Data: 1

          Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDnscacheParameters
          Value: DisableParallelAandAAAA
          Data: 1


          Only after doing all of that, will your DNS client behavior be back to the way it was in Win7. You have to wonder how this got through QA at Microsoft.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Feb 23 '16 at 1:09

























          answered Feb 20 '16 at 1:07









          LikeARock47

          9113




          9113























              1














              It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).



              It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).



              It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).






              share|improve this answer


























                1














                It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).



                It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).



                It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).






                share|improve this answer
























                  1












                  1








                  1






                  It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).



                  It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).



                  It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).






                  share|improve this answer












                  It does not work even I changed metrics on both IPv4 and IPv6 and used registry DisableSmartNameResolution and DisableParallelAandAAAA with current Windows 10 Edu (as of December 2018) when the client is connected by UTP cable and IPv6 protocol is supported on the local LAN (ie. client has public/global IPv6 address).



                  It is sufficient to disable IPv6 protocol on UTP/LAN interface used for VPN to make it work (to remove/not_use global IPv6 address on the client).



                  It works with no problem when the client is connected to the Internet by Wi-Fi and IPv6 is available (client has global IPv6 address and has no UTP/LAN connection).







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 7 at 20:36









                  Milan Kerslager

                  514




                  514

















                      protected by Community Jul 17 '16 at 14:06



                      Thank you for your interest in this question.
                      Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                      Would you like to answer one of these unanswered questions instead?



                      Popular posts from this blog

                      "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                      Alcedinidae

                      Origin of the phrase “under your belt”?