DNS fails to resolve ipv6-only domain's CNAME record when Windows is connected to an ipv4-only VPN

超予 薛 0 Reputation points

I have a domain, let's say xxx.net. Since I don't have a public ip, I only added an AAAA record to the domain, pointing to my server's ipv6 address. In addition, I have added serveral CNAME records to implement subdomains, such as subdomain.xxx.net, pointing to xxx.net.

My local network supports ipv6. So, when the system only connects to the local network, it can correctly resolve xxx.net to its ipv6 address, and also correctly resolve subdomain.xxx.net to xxx.net 's ipv6 address.

But when I connect the system to a VPN that only supports ipv4, DNS resolution goes wrong. The system can still resolve xxx.net to its ipv6 address correctly, but it can't resolve subdomain.xxx.net anymore.

I've tried nslookup, and it can resolve subdomain.xxx.net correctly, while neither ping nor browser does.

If I add an A record to xxx.net, then both ping and browser will successfully resolve subdomain.xxx.net and get its ipv4 address. If I use an AAAA record to implement the subdomain, instead of a CNAME record, then both ping and browser will successfully resolve it and get its ipv6 address.

It seems that when the subdomain is a CNAME record, Windows will not switch to the next DNS even if no A record is eventually found; but nslookup does. What should I do to solve this situation? How can I get Windows to automatically switch to the local network's DNS when it fails to resolve a name through VPN's DNS?

Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
530 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,316 Reputation points


    Thank you for your question and reaching out.

    I believe that the VPN tunnel somehow supersedes the local area interface when routing DNS requests to the VPN DNS servers (if you have access to these servers, you can check the requests to them to confirm this behaviour, or someone else can do it for you).

    Unfortunately, "Split-DNS" cannot be done with Windows VPN. However, after you have established a connection to the remote site, you can remove the DNS Server from the VPN connection.

    --If the reply is helpful, please Upvote and Accept as answer--