Win 10: DNS resolution of remote network via VPN connection not working

This seems to be IPv6 related.

It keeps using my ISP's IPv6 DNS server instead of my company's (IPv4 only) DNS server.

If I disable IPv6 on my LAN network adapter, it starts working.

Ok, it works, when SplitTunneling is disabled (Remote Gateway on) and IPv6 disabled.

But disabled IPv6 is not really a solution, isn't it? ;)

You're correct. I thought I had SplitTunneling enabled but appears I disabled it to test.

Not really a solution for us ...

Exact same works for me. SplitTunneling was always off and that's what I want as I need to resolve remote addresses, but it was defaulting to my LAN gateway.

Disabled IPv6 and sure enough, remote resolves now.

This is a definite bug introduced in Windows 10. My connections are exactly as they were configured in 8.1 where they worked fine.

Hello,

I believe the problem you are seeing is stemming from the fact that in Windows 8.1 the DNS Client began sending IPv4 & IPv6 queries in parallel. Where as in previous OS's the IPv4 query was sent and then the IPv6 query was serialized.

So what I believe is happening is that the IPv6 query is hitting your ISP first and responding in such a way as to make the DNS Client think the name is unresolvable.

Other replies to this thread support this since they indicate that disabling IPv6 makes the name resolution work the way you need it too. So another way to fix this would be to revert the DNS Client behavior to be like it used to be, you can accomplish that by setting this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ DisableParallelAandAAAA [REG_DWORD 0]

If you need help in navigating or editing the registry please take a look at this article: https://support.microsoft.com/en-us/kb/136393

MarkMosbrucker:

Even with IPv6 fully disabled it still doens't work when split tunneling is enabled.

Windows 10 keeps using my ISP's DNS server in that case, where Windows 8.1 would use my company's DNS server regardless of the split tunneling option.

The parallel DNS queries seem to be only part of the problem.

Hello,

I believe the problem you are seeing is stemming from the fact that in Windows 8.1 the DNS Client began sending IPv4 & IPv6 queries in parallel. Where as in previous OS's the IPv4 query was sent and then the IPv6 query was serialized.

It was also working on Win 7 and 8 and 8.1 ... so if only Win 8.1 hat this feature it is not the real problem.

Ok, since this seems to be a split tunnel issue. Do you notice any difference when using fully qualified domain names as opposed to short names? Also take a look at ipconfig /all and see if the VPN interface has DNS suffixes configured for it that correspond to the domain names reachable only over the VPN. Lastly, have you taken a look at the routing metrics for the VPN interface vs your LAN\ISP? The DNS client uses this to determine the interface to use if the interfaces are missing any suffix configuration.

FQDN's also don't work when either split tunneling or IPv6 is enabled. It doesn't use my companies DNS server for any query in that case (it does without split tunneling and IPv6 disabled).

Here is the command line output of (ipconfig /all, route print and nslookup). I use a static IP adres on my PC. I also tried with DHCP, but it didn't make a difference.

IPv6 disabled, No VPN connection: https://gist.github.com/sdekock/2e9ae77bd6b935cd7e27
IPv6 disabled, VPN without split tunneling: https://gist.github.com/sdekock/7395ae0aefd1be84e6c5 (works!)

IPv6 disabled, VPN with split tunneling enabled: https://gist.github.com/sdekock/fd41702fd1aaf0683896 (does not work)

IPv6 enabled VPN without split tunneling: https://gist.github.com/sdekock/6201a2e2727c95826df8 (does not work)

IPv6 enabled VPN with split tunneling enabled: https://gist.github.com/sdekock/9ee260bd8a356265b0eb (does not work)

This does not seem to be related to dns suffixes, but rather which DNS server is being used.

I can provide you with TeamViewer or Remote Desktop access if you want to diagnose.