Symptoms
- DNS resolution does not work.
Impact
- In some cases, DNS resolution may not work at all across the system.
- In some cases, DNS resolution may not work for some applications.
Conditions
- Windows 10
- DNS relay proxy is running.
- System's DNS is exactly same as the DNS received from the Network Access settings.
- Traffic for DNS queries goes over non-preferred adapter.
This may happen with a split tunnel configuration where traffic to the DNS servers is not going through the tunnel. (If metric for adapters is not changed, F5 VPN PPP adapter should be the preferred adapter with metric 1). In this case traffic for DNS queries would go through the non-VPN adapter, which is the non-preferred network interface.
This may also happen if an application binds a socket to the non-preferred adapter unicast IP address and makes DNS query over that socket connection. In this case the traffic would try to go over the non-VPN connection but the driver will try to route the DNS query packet (with source IP as the non-VPN adapter's unicast IP address) to the DNS relay proxy service listener on the PPP IP address and this packet would be dropped by Windows.
Workaround
There are a few workarounds:
- Do not use DNS relay proxy service for the VPN connection. Restarting DNS relay proxy after VPN has been established has the same effect. The service will not be intercepting DNS queries.
- If the network access settings have 2 DNS which exactly match with system DNS, remove one of the DNS from the network access settings.
- In the registry, set EnableMultiHomedRouteConflicts DWORD from HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient folder to 0 before establishing VPN connection.
