none
DNS resolver not honoring interface metrics

    Question

  • There are already a lot of threads about which DNS Server gets used if there are multiple NICs/VPN connections. From what I learned from those, the DNS server of the preferred adapter will always be used first. So that must be the one with the lowest metric value, right?

    My configuration:

    1 physical NIC

    2 virtual VPN adaptors

    I always want to use the DNS server which the physical NIC got via DHCP. All three adapters had an automatically assigned metric value of '20'. So I set the metric of the physical interface to '1'. The two VPN adapters stayed on Automatic Metric which was still '20'. Now I would have assumed that every DNS query from that moment on would use the server of the physical NIC but that wasn't always the case. In fact when I set the metric back to automatic, then the desired DNS server was used, although all three interfaces were back to a metric of '20'.

    So, I assume that there must be other factors that are considered by the system when choosing which DNS server will be used first for the next query. Is that right?

    Tuesday, December 19, 2017 12:14 PM

All replies

  • Hi,

    As I understand, the question is that the costumer has a physical NIC and two VPN, then he change the metric of the interface, but when he testes he find that it seems to be not useful?

    According to my understanding and researches, when we configure DNS address in DHCP scope, it will choose the first one DNS server to use.

    In addition, we can find the binding order, which is stored in the registry in the following location: 

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Linkage\Bind. <o:p>

    The list includes all the device GUIDs for network adapters and active connections in the binding priority order. You can change order of the GUIDs in the registry does impact the binding order, including for VPN connections.

    You can refer to the following link: https://serverfault.com/questions/356115/vpn-connection-causes-dns-to-use-wrong-dns-server

    Note: this is a 3rd party link, we don't have any warranties on this website. It's just for your convenience. 

    If you have any questions or requirements, please feel free to let me know.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Thursday, December 21, 2017 8:50 AM
  • Hi,

    What is going on?

    If you have further problems, feel free to contact me.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 22, 2017 5:51 AM
  • Hi,

    sorry for the late reply.

    I already tried to set the binding order, too. But it had no effect which is why I changed the interface metrics in the first place.

    Wednesday, January 3, 2018 9:19 PM
  • Hi,

    To know more information about the problem, I have a few things that should confirm with you:

    1.How many DHCP scope do you have?

    2.What is the DNS ip address in each DHCP scope?

    3.If the IP address of the DNS physical NIC can be set to static, you can test to configure it as a static one.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 4, 2018 6:10 AM
  • Hi,

    Any updates?


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 8, 2018 2:21 AM
  • Hi and again sorry for the delayed reply,

    1. Since the two VPN connections are point-to-point there is only the local Ethernet connection using DHCP.

    2. The Ethernet connection gets the local routers IP address assigned for default gateway and DNS. For the two VPN connections I have set the respective DNS server's address in their subnets. Interestingly, if I leave the DNS setting on "automatic" one VPN adapter sometimes uses an address from the subnet of the other one. I don't know why this happens.

    3. You mean setting the DNS address for the Ethernet connection statically instead of receiving it via DHCP? I just did that and now "nslookup" does indeed use the DNS Server from the physical Ethernet connection. But why does it make a difference if the address is set manually and why is not the DNS server of the interface with the lowest metric the first choice for the resolver?





    • Edited by WurstCase Wednesday, January 24, 2018 1:54 PM
    Wednesday, January 24, 2018 1:51 PM
  • As an addition: Today I noticed that although I manually set the Ethernet connection's DNS address to a fixed value, it changed after a reboot to an address from one of the VPN connection's subnet. Very strange behavior.
    Thursday, January 25, 2018 7:22 PM
  • It could be by design that when your client connect to VPN, it will automatically request from DNS(virtual VPN adapter) on the VPN server. So we need to manually add the DNS IP address. In your DHCP configuration, what if you set only one DNS on the physical adapter? In this case, it can send request to the specific DNS IP address when resolving.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 29, 2018 10:00 AM
  • I have now set the DNS address setting for the two VPN connections back to automatic. For now the physical Ethernet connection seems to to keep the fixed setting after reconnecting to the VPNs. I will keep an eye on it and report back later.
    Thursday, February 8, 2018 7:17 PM
  • OK. Any updates are welcome.

    Remember to mark it as an answer if the suggestions did any help.

    Regards,

    Vivian


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 9, 2018 1:38 AM