Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsWindows not resolving DNS over VPN
timmmay

20867 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

#272688 9-Jul-2020 13:23
Send private message

I occasionally connect to a VPN for work, using the Windows 10 VPN built in service. It's configured automatically by group policy, and used to work fine for me. Recently it's stopped resolving DNS servers through the VPN. I know the VPN is fine as I can ping IPs down the VPN and I can use nslookup to do DNS queries if I specify the server. I don't know what caused the problem - I got a new laptop set up a bit differently from my old one, and I started using Pi Hole DHCP and Pi Hole DNS.

 

When the VPN isn't connected everything works fine. DHCP on the Pi Hole hands out IPs and sets my DNS servers as the Pi Hole. All good.

 

When I connect the VPN I expect Windows to know that it should send DNS queries to the DNS servers configured on that network interface, but it doesn't. If I explicitly tell nslookup to use the DNS server behind the VPN it works fine.

 

Question: How can I get Windows to send DNS queries to all DNS servers configured on a network interface?

 

Network Interfaces

 

Here's the relevant parts of my ipconfig/all information (some info redacted)

 

Ethernet adapter Ethernet 6:

 

   Connection-specific DNS Suffix  . : lan
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : PI HOLE IPv4
   DNS Servers . . . . . . . . . . . : PI HOLE IPv6
                                       PI HOLE IPv4

 


PPP adapter (work VPN)

 

   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.(removed)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 172.(removed)
                                       172.(removed)

 

 

 

Here's two NSLookups

 

>> nslookup internal.domain.name 172.0.0.1
Server:  (internal DNS server name)
Address:  172.0.0.2 (success)

 

>> nslookup internal.domain.name
Server:  pihole2
Address:  fd00::6686:5777:95b:90db

 

*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for internal.domain.name (failure)

 

 

 

 

Filter this topic showing only the reply marked as answer Create new topic
mentalinc
3385 posts

Uber Geek
+1 received by user: 1025

Trusted

  #2520078 9-Jul-2020 13:27
Send private message

Lots of VPN have been changed during COVID to limit the traffic that goes through them (split VPN).

 

Only the corp traffic goes through the VPN, when previously it would have sent everything (all browsing etc).




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 



timmmay

20867 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #2520091 9-Jul-2020 14:05
Send private message

Pretty sure it's a split tunnel VPN. How would I find out the details of what is routed down the VPN, and why DNS isn't resolving using its DNS servers?

 

I know enough about networking to set up VPNs at home and in AWS, but not enough about Windows to do diagnostics. I've been using Windows for decades but it usually just works so I've never needed to do the diagnostics before.

1101
3141 posts

Uber Geek
+1 received by user: 1143


  #2520130 9-Jul-2020 15:00
Send private message

ipconfig /all
to show DNS servers when VPN is connected ?

 

 

 

I would initially presume its NOT a split VPN , by default (untill shown to be otherwise)

 

try this (from my notes, its been a while since Ive done this)
https://community.spiceworks.com/how_to/75078-configuring-split-tunnel-client-vpn-on-windows

 

 



2bjca5i
5 posts

Wannabe Geek


  #2520132 9-Jul-2020 15:06
Send private message

As far as I remember the DNS query won't go through the second DNS server, as long as the default one is up. So perhaps the problem you see if because pi-hole has been configured at the first choice (default dns server). 

 

If I was in the same situation I might just modify hosts file locally (if you have admin right on your laptop) or on my router (if it's based on linux/openwrt with ssh/telnet access) for ad-blocking, which should get similar result as pi-hole.

timmmay

20867 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #2520137 9-Jul-2020 15:20
Send private message

@1101 I added the relevant parts of ipconfig/all above. I don't know the IP ranges so not sure I could set up a split tunnel myself properly. Is there a way to work out if a VPN is split tunnel? I did look at something similar a while back, I did find a way to look at network details.

 

@2bjca5i thanks for the suggestion. It'd be handy if it tried secondary DNS if first one didn't resolve. I did find Microsoft documentation that said it should fall back, but that might be if it doesn't reply rather than if it returned "no result". Good idea about hosts file, I use that for some things, but there are many domains and adding them manually would be a PITA.

 

I guess I'm looking for how to do diagnostics. I'll try Googling it at some point, hoped someone was already an expert and could point me in the right direction. I could always call support but I work remotely and it's maybe because of my weird network setup.

mentalinc
3385 posts

Uber Geek
+1 received by user: 1025

Trusted

  #2521283 11-Jul-2020 21:06
Send private message

What's broken?

 

 

Assume you're not able to access local servers by name with the VPN running?

 

 

I just used the hostfile instead to solve that one...




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

 
 
 
 

Shop now at Mighty Ape (affiliate link).
timmmay

20867 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #2523905 16-Jul-2020 08:29
Send private message

I solved this by disabling IPv6 on the network connection associated with the VPN. I did this by going into "view network connections", right clicking on the network connection, choosing properties, and unchecking "Internet Protocol Version 6".

 

My assumption (could be wrong) is that IPv6 is used in preference to IPv4 by Windows, and the VPN only offers IPv4.

mentalinc
3385 posts

Uber Geek
+1 received by user: 1025

Trusted

  #2523929 16-Jul-2020 08:50
Send private message

Ahh yes!

 

I did this the other day when was having issues with Windows AD not working correctly when DC was at other end of the VPN.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Filter this topic showing only the reply marked as answer Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright