Win 10: DNS resolution of remote network via VPN connection not working

Hello,

when you created a new VPN connection with Windows 7, 8 and 8.1 and connected it you was abel to resolve DNS names of the remote network.

With Windows 10 this does not work anymore.

I compared the VPN connection/adapter settings of both Win 8.1 and Win 10, they looks equal.

Also the status page of the connected VPN connection lists the remote DNS servers.

I could no compare the IPv4 and IPv6 settings due this problem:

http://answers.microsoft.com/thread/211c9745-f07b-4910-b94a-ba636cfe63f7

 
Question Info

Last updated August 14, 2018 Views 111,793 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

This seems to be IPv6 related.

It keeps using my ISP's IPv6 DNS server instead of my company's (IPv4 only) DNS server.

If I disable IPv6 on my LAN network adapter, it starts working.

30 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I disabled IPv6 on the local ethernet adapter, but it is still using the IPv4 DNS server of the local router.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Ok, it works, when SplitTunneling is disabled (Remote Gateway on) and IPv6 disabled.

But disabled IPv6 is not really a solution, isn't it? ;)

7 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

You're correct. I thought I had SplitTunneling enabled but appears I disabled it to test.

Not really a solution for us ...

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Exact same works for me. SplitTunneling was always off and that's what I want as I need to resolve remote addresses, but it was defaulting to my LAN gateway.

Disabled IPv6 and sure enough, remote resolves now.

This is a definite bug introduced in Windows 10. My connections are exactly as they were configured in 8.1 where they worked fine.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello,

I believe the problem you are seeing is stemming from the fact that in Windows 8.1 the DNS Client began sending IPv4 & IPv6 queries in parallel. Where as in previous OS's the IPv4 query was sent and then the IPv6 query was serialized.

So what I believe is happening is that the IPv6 query is hitting your ISP first and responding in such a way as to make the DNS Client think the name is unresolvable.

Other replies to this thread support this since they indicate that disabling IPv6 makes the name resolution work the way you need it too. So another way to fix this would be to revert the DNS Client behavior to be like it used to be, you can accomplish that by setting this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\ DisableParallelAandAAAA [REG_DWORD 0]

If you need help in navigating or editing the registry please take a look at this article: https://support.microsoft.com/en-us/kb/136393

10 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

MarkMosbrucker:

Even with IPv6 fully disabled it still doens't work when split tunneling is enabled.

Windows 10 keeps using my ISP's DNS server in that case, where Windows 8.1 would use my company's DNS server regardless of the split tunneling option.

The parallel DNS queries seem to be only part of the problem.

4 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello,

I believe the problem you are seeing is stemming from the fact that in Windows 8.1 the DNS Client began sending IPv4 & IPv6 queries in parallel. Where as in previous OS's the IPv4 query was sent and then the IPv6 query was serialized.

It was also working on Win 7 and 8 and 8.1 ... so if only Win 8.1 hat this feature it is not the real problem.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Ok, since this seems to be a split tunnel issue. Do you notice any difference when using fully qualified domain names as opposed to short names? Also take a look at ipconfig /all and see if the VPN interface has DNS suffixes configured for it that correspond to the domain names reachable only over the VPN. Lastly, have you taken a look at the routing metrics for the VPN interface vs your LAN\ISP? The DNS client uses this to determine the interface to use if the interfaces are missing any suffix configuration.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

FQDN's also don't work when either split tunneling or IPv6 is enabled. It doesn't use my companies DNS server for any query in that case (it does without split tunneling and IPv6 disabled).

Here is the command line output of (ipconfig /all, route print and nslookup). I use a static IP adres on my PC. I also tried with DHCP, but it didn't make a difference.

IPv6 disabled, No VPN connection: https://gist.github.com/sdekock/2e9ae77bd6b935cd7e27
IPv6 disabled, VPN without split tunneling: https://gist.github.com/sdekock/7395ae0aefd1be84e6c5 (works!)

IPv6 disabled, VPN with split tunneling enabled: https://gist.github.com/sdekock/fd41702fd1aaf0683896 (does not work)

IPv6 enabled VPN without split tunneling: https://gist.github.com/sdekock/6201a2e2727c95826df8 (does not work)

IPv6 enabled VPN with split tunneling enabled: https://gist.github.com/sdekock/9ee260bd8a356265b0eb (does not work)

This does not seem to be related to dns suffixes, but rather which DNS server is being used.

I can provide you with TeamViewer or Remote Desktop access if you want to diagnose.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.