Weblog Archives: October 2009

Force Windows to Use a VPN's DNS Server

I often connect to my home network when I'm on the road, to encrypt my traffic as well as access my computers at home. Unfortunately, even though I had set up the VPN as the default route ("Use default gateway on remote network"), which encrypted most traffic, I noticed that my DNS queries were still being passed to the local (untrusted) DNS server rather than the one at home. Not only is this insecure, it also makes it difficult to use the hostnames of my home network devices.

Fortunately, the fix is pretty easy once you know it. Based on Microsoft KB311218, I discovered that the problem is a faulty binding order, which causes the dialup/VPN network adapter to be secondary to the local network adapter(s) with respect to DNS priority. These steps fixed my problem:

  1. Open Regedit.
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
  3. In the right pane, double-click Bind
  4. In the value text box, select the "\Device\NdisWanIp" item, press CTRL+X, click the top of the list of devices, and then press CTRL+V.
  5. Click OK, and then quit Registry Editor.
  6. Restart your VPN connection.

The article only mentions 2000 and XP. According to the comments below, Windows 7 has similar issues.

Please wait ...

There was an error fetching the requested dialog.