I have a machine that has a LAN network connection, which is used for internet access. This machine also has to be connected to a VPN connection. When the VPN is connected, Windows seems to ask the DNS servers of the VPN connection first, then the DNS servers configured for the LAN connection. I need this to be the other way around for performance issues, since the VPN is slow.
So, how do I configure which of the connection's DNS servers should be the primary on a Windows box ? The remote VPN DNS provides some name resolution that are not public, so I still need it.
I have already unchecked the "Use the default gateway on the remote network" option in TCP/IP settings.
Edit:
I am experimenting on a Windows 7 box, but I really need to be able to do it on both Windows Server 2003 and Windows 7.
I think my route table are OK. 10.0.0.1 is my local gateway, while 192.168.0.82 is that of the VPN connection.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.3 20
10.0.0.0 255.255.255.0 On-link 10.0.0.3 276
10.0.0.3 255.255.255.255 On-link 10.0.0.3 276
10.0.0.255 255.255.255.255 On-link 10.0.0.3 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 192.168.0.82 192.168.0.89 21
192.168.0.89 255.255.255.255 On-link 192.168.0.89 276
217.157.12.231 255.255.255.255 10.0.0.1 10.0.0.3 21
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.3 276
255.255.255.255 255.255.255.255 On-link 192.168.0.89 276
===========================================================================
Persistent Routes:
None
When I go to Network Connections -> Advanced settings to change network binding order, I can only view the following connections: Local Area Connection and [Remote Access Connections], where Local Area Connection is listed first. The VPN connection I am using is not listed (while it does exist in the "Network connections" window).
Best Answer
From the way your question is worded, it seems your expectation is that when Windows needs to resolve a name, it will ask the primary DNS server. And if the primary DNS server doesn't know the answer, it will then ask the secondary.
I hope the above isn't what you were expecting, but if it is, then let me show you why that's a mistake.
DNS doesn't work that way. The only time a resolver will failover to the secondary DNS server is when the primary does not respond at all. An example will clarify:
Suppose you have a primary DNS server at 1.1.1.1 and a secondary at 2.2.2.2. Your client is configured with them in this order. 2.2.2.2 hosts a a private zone foocompany.local; 1.1.1.1 hosts no zones of its own, and does root lookups for internet hosts.
If your client tries to lookup someserver.foocompany.local, 1.1.1.1 will return NXDOMAIN (eg "I queried the root servers and they say that domain does not exist"). Your resolver will not then ask 2.2.2.2 what it knows, unless 1.1.1.1 fails to reply within the timeout period (usually 2 seconds). It'll just quit looking. Further, your client will cache the NXDOMAIN result, as per RFC2308. Even if you change NIC settings such that 2.2.2.2 is the primary server, you'll still get NXDOMAIN results until that local NXDOMAIN cache is expired. You can verify this by issuing ipconfig /displaydns at the command prompt.
IIRC, Windows' DNS resolver caches NXDOMAIN for a short time - 5 minutes. But still this can be annoying.
Anyhow. I realize this is a little bit tangential to your problem, but clarifying this point may bring about an epiphany for your planned design. EG: you may want the VPN's DNS server first to resolve after all. Although it is a tad slower, it knows more, since it can resolve both the domains private to the VPN and public internet domains; whereas the local LAN DNS resolver knows nothing of those domains private to the VPN.
Cheers!