Computers register local IP addresses when connected over VPN

Shaunm001 256 Reputation points
2021-05-19T15:21:52.83+00:00

We have clients connecting to the corporate network remotely using VPN. However, we have noticed that after connecting to VPN, sometimes the client machines will register all of their IP addresses in our AD DNS (not desirable), other times they will register only their VPN assigned IP address (desired behavior).

For example, if remote machine has local IP 192.168.1.1, and VPN IP 172.16.1.1, it will sometimes register both IPs in DNS. As a result we're unable to connect to these remote machines because the local IP is not reachable from our corporate LAN.

Often times, the machine will only register it's VPN IP when connecting remote, and this is the desirable behavior - their single entry in DNS is updated to reflect their remote/VPN IP address and we are able to connect to the machine from our corporate LAN. Similarly, when they return to the office and connect to the corporate LAN, their single DNS entry is updated again with the new internal LAN IP.

Is there some way we can control this behavior more precisely? For example, prevent machines from adding DNS entries from specific subnets that we don't use internally or with VPN?

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,244 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Candy Luo 12,646 Reputation points Microsoft Vendor
    2021-05-20T02:31:55.45+00:00

    Hi ,

    For example, if remote machine has local IP 192.168.1.1, and VPN IP 172.16.1.1, it will sometimes register both IPs in DNS. As a result we're unable to connect to these remote machines because the local IP is not reachable from our corporate LAN.

    As a workaround, the quickly way is that uncheck register this connection's address in DNS on your local adapter.

    98030-1.jpg

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Candy Luo 12,646 Reputation points Microsoft Vendor
    2021-05-21T05:59:03.497+00:00

    Hi ,

    What's the OS version of your windows 10 client? 1909 or 20H2?

    You might try to add the following registry key:

    Setting: DisableNRPTForAdapterRegistration​
    Path: HKLM\System\CurrentControlSet\Services\Dnscache\Parameters​
    Type: DWORD​
    Value: 1

    A value of 1 (default) means only the host A record for the VPN interface will register over an active VPN connection. A value of 0 means host A records will also be registered for other local interfaces.​

    A reboot is required to realize changes to this registry setting.​

    Note: This above steps contain information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs.

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.