From the way your question is worded, it seems your expectation is that when Windows needs to resolve a name, it will ask the primary DNS server. And if the primary DNS server doesn't know the answer, it will then ask the secondary.
I hope the above isn't what you were expecting, but if it is, then let me show you why that's a mistake.
DNS doesn't work that way. The only time a resolver will failover to the secondary DNS server is when the primary does not respond at all. An example will clarify:
Suppose you have a primary DNS server at 1.1.1.1 and a secondary at 2.2.2.2. Your client is configured with them in this order. 2.2.2.2 hosts a a private zone foocompany.local; 1.1.1.1 hosts no zones of its own, and does root lookups for internet hosts.
If your client tries to lookup someserver.foocompany.local, 1.1.1.1 will return NXDOMAIN (eg "I queried the root servers and they say that domain does not exist"). Your resolver will not then ask 2.2.2.2 what it knows, unless 1.1.1.1 fails to reply within the timeout period (usually 2 seconds). It'll just quit looking. Further, your client will cache the NXDOMAIN result, as per RFC2308. Even if you change NIC settings such that 2.2.2.2 is the primary server, you'll still get NXDOMAIN results until that local NXDOMAIN cache is expired. You can verify this by issuing ipconfig /displaydns at the command prompt.
IIRC, Windows' DNS resolver caches NXDOMAIN for a short time - 5 minutes. But still this can be annoying.
Anyhow. I realize this is a little bit tangential to your problem, but clarifying this point may bring about an epiphany for your planned design. EG: you may want the VPN's DNS server first to resolve after all. Although it is a tad slower, it knows more, since it can resolve both the domains private to the VPN and public internet domains; whereas the local LAN DNS resolver knows nothing of those domains private to the VPN.
Cheers!
Best Answer
You're not going to want to do this with direct manipulation of the registry. You're much better off using the
netsh
command to make these kinds of changes.Assuming the NIC is named "Local Area Connection", you can do
netsh interface ip "Local Area Connection" x.x.x.x y.y.y.y
where x.x.x.x is the IP address and y.y.y.y is the subnet mask.