Prevent VPN from changing DNS on Windows 7 / 8 developer preview

I don't believe there is a way to prevent it from happening, apart from statically assigning the DNS servers on the VPN connection.

To change the order in which DNS servers are queried, one is supposed to be able to change the interface binding order as per https://superuser.com/a/314379/120267, but that doesn't seem to affect VPN connections in my personal testing on Windows 7; I've confirmed that my VPN connection is consistently added to the top of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Linkage\Bind list, regardless of the interface binding order settings.

However, you can reset the DNS changes after the VPN connection is established.

Collecting Information

Open up a command prompt (Start -> Run... -> cmd) and then run netsh interface ipv4 show dnsservers. You will see output similar to the following:

Configuration for interface "My VPN"
    Statically Configured DNS Servers:    11.22.33.44
                                          55.66.77.88
   ...

Configuration for interface "Local Network Connection"
    DNS servers configured through DHCP:  192.168.0.1
                                          192.168.0.2
    ...

You need the interface name for the VPN, and optionally your non-VPN connection's first DNS server. In this example, they are My VPN and 192.168.0.1, respectively.

Setting It All Up

Option 1: Disable VPN DNS

Assuming you don't need your VPN's DNS servers at all, you can simply run the following in the command prompt:

netsh interface ipv4 delete dnsservers name="<Interface Name>" address=all validate=no

Eg: netsh interface ipv4 delete dnsservers name="My VPN" address=all validate=no

If you run netsh interface ipv4 show dnsservers again, you will see that the DNS servers associated with the VPN have been removed; your non-VPN connection's DNS servers will be used to resolve hostnames.

Option 2: Supplement VPN DNS

If you need your VPN's DNS servers to resolve intranet hostnames, you can run the following in the command prompt:

netsh interface ipv4 add dnsservers name="<Interface Name>" address=<Non-VPN DNS server> index=1 validate=no

Eg: netsh interface ipv4 add dnsservers name="My VPN" address=192.168.0.1 index=1 validate=no

In this case, netsh interface ipv4 show dnsservers will show that your non-VPN connection's first DNS server has been added to the top of the list of your VPN's DNS servers. It will be used to resolve hostnames first, and if unsuccessful, fall back to using your VPN's regular DNS servers.


Unfortunately netsh can not delete dns servers assigned by dhcp. But this can be done by clearing DhcpNameServer parameter in 

HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{id}

registry key.

Tags:

Routing

Windows 7

Vpn

Windows 8 Preview

Recent Posts