Security

This community is currently in a read-only state due to a maintenance window. For more info click here
Reply
Highlighted
Frequent Contributor I

Windows 10 2004 breaks VIA DNS on split tunnel

Well, the title pretty much sums it up.

 

When using VIA 4.0 on Windows 10 May 2020 edition (2004), the DNS server entry from VIA is no longer pushed to the top. So, if you are in a split tunnel environment, your DNS lookups will continue to go to your workstation's configured DNS.  In our case, this makes all internal only addresses unresolvable.

 

Yes, this is a Windows problem. Yes, I'm opening a TAC case to report it. Just dropping it here in case anyone else might benefit.

 


Accepted Solutions
Highlighted
Frequent Contributor I

Re: Windows 10 2004 breaks VIA DNS on split tunnel

I finally got a chance to try replicating this and it turns out the problem was not specific to the Windows version, but rather the way I was testing.

 

I'll save you the gory details, but in a nutshell the Windows resolver libraries (used by browsers, ping, etc) do get the new DNS server added properly. 

 

However, nslookup, dig, etc have their own resolver code, and do not use the Windows libraries. So it appears that the new DNS server is injected into list used by the Windows libraries, but is not seen by other resolvers.

 

 

View solution in original post


All Replies
Highlighted
Guru Elite

Re: Windows 10 2004 breaks VIA DNS on split tunnel

I don't see the same issue.  Please report what they find.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: Windows 10 2004 breaks VIA DNS on split tunnel

I finally got a chance to try replicating this and it turns out the problem was not specific to the Windows version, but rather the way I was testing.

 

I'll save you the gory details, but in a nutshell the Windows resolver libraries (used by browsers, ping, etc) do get the new DNS server added properly. 

 

However, nslookup, dig, etc have their own resolver code, and do not use the Windows libraries. So it appears that the new DNS server is injected into list used by the Windows libraries, but is not seen by other resolvers.

 

 

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: