Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




16231 posts

Uber Geek

Trusted
Subscriber

#272688 9-Jul-2020 13:23
Send private message quote this post

I occasionally connect to a VPN for work, using the Windows 10 VPN built in service. It's configured automatically by group policy, and used to work fine for me. Recently it's stopped resolving DNS servers through the VPN. I know the VPN is fine as I can ping IPs down the VPN and I can use nslookup to do DNS queries if I specify the server. I don't know what caused the problem - I got a new laptop set up a bit differently from my old one, and I started using Pi Hole DHCP and Pi Hole DNS.

 

When the VPN isn't connected everything works fine. DHCP on the Pi Hole hands out IPs and sets my DNS servers as the Pi Hole. All good.

 

When I connect the VPN I expect Windows to know that it should send DNS queries to the DNS servers configured on that network interface, but it doesn't. If I explicitly tell nslookup to use the DNS server behind the VPN it works fine.

 

Question: How can I get Windows to send DNS queries to all DNS servers configured on a network interface?

 

Network Interfaces

 

Here's the relevant parts of my ipconfig/all information (some info redacted)

 

Ethernet adapter Ethernet 6:

 

   Connection-specific DNS Suffix  . : lan
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : PI HOLE IPv4
   DNS Servers . . . . . . . . . . . : PI HOLE IPv6
                                       PI HOLE IPv4

 


PPP adapter (work VPN)

 

   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 172.(removed)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 172.(removed)
                                       172.(removed)

 

 

 

Here's two NSLookups

 

>> nslookup internal.domain.name 172.0.0.1
Server:  (internal DNS server name)
Address:  172.0.0.2 (success)

 

>> nslookup internal.domain.name
Server:  pihole2
Address:  fd00::6686:5777:95b:90db

 

*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for internal.domain.name (failure)

 

 

 

 


Filter this topic showing only the reply marked as answer Create new topic
1996 posts

Uber Geek

Trusted
Subscriber

  #2520078 9-Jul-2020 13:27
Send private message quote this post

Lots of VPN have been changed during COVID to limit the traffic that goes through them (split VPN).

 

Only the corp traffic goes through the VPN, when previously it would have sent everything (all browsing etc).





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 




16231 posts

Uber Geek

Trusted
Subscriber

  #2520091 9-Jul-2020 14:05
Send private message quote this post

Pretty sure it's a split tunnel VPN. How would I find out the details of what is routed down the VPN, and why DNS isn't resolving using its DNS servers?

 

I know enough about networking to set up VPNs at home and in AWS, but not enough about Windows to do diagnostics. I've been using Windows for decades but it usually just works so I've never needed to do the diagnostics before.


 
 
 
 


2215 posts

Uber Geek


  #2520130 9-Jul-2020 15:00
Send private message quote this post

ipconfig /all
to show DNS servers when VPN is connected ?

 

 

 

I would initially presume its NOT a split VPN , by default (untill shown to be otherwise)

 

try this (from my notes, its been a while since Ive done this)
https://community.spiceworks.com/how_to/75078-configuring-split-tunnel-client-vpn-on-windows

 

 


1 post

Wannabe Geek


  #2520132 9-Jul-2020 15:06
Send private message quote this post

As far as I remember the DNS query won't go through the second DNS server, as long as the default one is up. So perhaps the problem you see if because pi-hole has been configured at the first choice (default dns server). 

 

If I was in the same situation I might just modify hosts file locally (if you have admin right on your laptop) or on my router (if it's based on linux/openwrt with ssh/telnet access) for ad-blocking, which should get similar result as pi-hole.




16231 posts

Uber Geek

Trusted
Subscriber

  #2520137 9-Jul-2020 15:20
Send private message quote this post

@1101 I added the relevant parts of ipconfig/all above. I don't know the IP ranges so not sure I could set up a split tunnel myself properly. Is there a way to work out if a VPN is split tunnel? I did look at something similar a while back, I did find a way to look at network details.

 

@2bjca5i thanks for the suggestion. It'd be handy if it tried secondary DNS if first one didn't resolve. I did find Microsoft documentation that said it should fall back, but that might be if it doesn't reply rather than if it returned "no result". Good idea about hosts file, I use that for some things, but there are many domains and adding them manually would be a PITA.

 

I guess I'm looking for how to do diagnostics. I'll try Googling it at some point, hoped someone was already an expert and could point me in the right direction. I could always call support but I work remotely and it's maybe because of my weird network setup.


1996 posts

Uber Geek

Trusted
Subscriber

  #2521283 11-Jul-2020 21:06
Send private message quote this post

What's broken?

 

 

Assume you're not able to access local servers by name with the VPN running?

 

 

I just used the hostfile instead to solve that one...




CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 




16231 posts

Uber Geek

Trusted
Subscriber

  #2523905 16-Jul-2020 08:29
Send private message quote this post

I solved this by disabling IPv6 on the network connection associated with the VPN. I did this by going into "view network connections", right clicking on the network connection, choosing properties, and unchecking "Internet Protocol Version 6".

 

My assumption (could be wrong) is that IPv6 is used in preference to IPv4 by Windows, and the VPN only offers IPv4.


 
 
 
 


1996 posts

Uber Geek

Trusted
Subscriber

  #2523929 16-Jul-2020 08:50
Send private message quote this post

Ahh yes!

 

I did this the other day when was having issues with Windows AD not working correctly when DC was at other end of the VPN.





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


Filter this topic showing only the reply marked as answer Create new topic




News »

Pre-orders for Huawei MateBook 13 open now
Posted 14-Aug-2020 14:26


Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.