This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 33%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have a domain, let's say xxx.net. Since I don't have a public ip, I only added an AAAA record to the domain, pointing to my server's ipv6 address. In addition, I have added serveral CNAME records to implement subdomains, such as subdomain.xxx.net, pointing to xxx.net.
My local network supports ipv6. So, when the system only connects to the local network, it can correctly resolve xxx.net to its ipv6 address, and also correctly resolve subdomain.xxx.net to xxx.net 's ipv6 address.
But when I connect the system to a VPN that only supports ipv4, DNS resolution goes wrong. The system can still resolve xxx.net to its ipv6 address correctly, but it can't resolve subdomain.xxx.net anymore.
I've tried nslookup, and it can resolve subdomain.xxx.net correctly, while neither ping nor browser does.
If I add an A record to xxx.net, then both ping and browser will successfully resolve subdomain.xxx.net and get its ipv4 address. If I use an AAAA record to implement the subdomain, instead of a CNAME record, then both ping and browser will successfully resolve it and get its ipv6 address.
It seems that when the subdomain is a CNAME record, Windows will not switch to the next DNS even if no A record is eventually found; but nslookup does. What should I do to solve this situation? How can I get Windows to automatically switch to the local network's DNS when it fails to resolve a name through VPN's DNS?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello
Thank you for your question and reaching out.
I believe that the VPN tunnel somehow supersedes the local area interface when routing DNS requests to the VPN DNS servers (if you have access to these servers, you can check the requests to them to confirm this behaviour, or someone else can do it for you).
Unfortunately, "Split-DNS" cannot be done with Windows VPN. However, after you have established a connection to the remote site, you can remove the DNS Server from the VPN connection.
--If the reply is helpful, please Upvote and Accept as answer--
Thank you for the reply.
My PC is directly connected to my campus' local network. My school offers a VPN server for students to reach the public network. At the same time, my school offers one (and only one) DNS server for both the local and public network. Thus, no matter I connected to the VPN or not I'll use the same DNS server. That's why I guess this is a problem about ipv4 and ipv6: the only difference between using local network and using the VPN is that the latter only supports ipv4.
I'll try to remove the DNS of the VPN connection latter. Thanks for your suggestion.