Tags:




How do I disable DHCP from doing DNS updates in Windows?
January 20, 2009 10:26 AM   RSS feed for this thread Subscribe

My VPN in leaking DNS requests. I am clearing out DNS entries on non-VPN interfaces using netsh, but Windows keeps using DHCP to automatically refill the DNS information. Microsoft lists a way to do it in Windows 2k/2k3, but that registry location doesn't exist on any other Windows OS. I need to do this for XP and Vista also. How can I automatically disable DHCP from doing DNS updates using programming (not telling users to do control panel navigation)?
posted by torpark to computers & internet (8 comments total)
Could you be more specific about what's going on? It's not clear from your question. Do you want to simply not supply DNS Servers with DHCP leases? If you're running DHCP off a Windows server you can find this under the particular Scope in question under the Scope Options as 006 DNS Servers.

Delete that entry from the Scope Options and a DNS server will not be specified. This doesn't sound like a good idea, though.
posted by odinsdream at 11:13 AM on January 20


You uncheck the box that says "obtain DNS server addresses automatically" in the TCP/IP options of the interface you are working with. If your VPN Client is doing it, you are at the mercy of it and the VPN admin, who may be able to run off the split horizon options for your client.
posted by bensherman at 12:01 PM on January 20


OK, both responses are off kilter. I have a VPN program, I want the VPN program to update the DNS. I do NOT want my home computer to update the DNS from my local home router. I do not want my ISPs dns information getting updated to my normal interface from my DHCP service. I am not running a DHCP server, the router acts as the DHCP server, and that it outside the scope of editing.

If you need a further explanation, I am rewriting an OpenVPN wrapper that is run on remote clients' machines. They will not be navigating through dialogs, nor running a DHCP server (except their home router). We just want to ignore DNS updates from DHCP services on specific adapters.
posted by torpark at 12:09 PM on January 20


Sounds like after the client connects, you want everything going thru the newly created tunnel interface, nothing through the "real" interface. I think what you want is to disable split tunneling. This is a pretty common need in VPNs. Try searching the OpenVPN forums or docs for this term.
posted by poppo at 1:08 PM on January 20


Change the adapter priority ("metric" I believe) of the vpn virtual adapter to be higher than the local adapter.
posted by gjc at 6:27 PM on January 20


By higher, I mean a lower number.
posted by gjc at 6:27 PM on January 20


Ah, okay then. You should be able to adjust the OpenVPN config file to specify that you want all traffic to go over the VPN. There isn't a way to just get DNS traffic to route differently, though. It will slow down their "non-work" activities quite a bit while the tunnel is open, and you are going to be breaking any kind of local DNS that people may be using in their own homes.
posted by odinsdream at 6:45 PM on January 20


In the OpenVPN config file this is the directive you want to enable:

push "redirect-gateway"

This is explained in their Examples page.
posted by odinsdream at 10:52 AM on January 21


« Older Do you know of any awesome dig...   |   How does a very logical person... Newer »

You are not logged in, either login or create an account to post comments