[Dnsmasq-discuss] VPN DNS prioritization

David Schnur dnschnur at gmail.com
Sat Jul 11 17:01:22 BST 2009

On Sat, Jul 11, 2009 at 2:24 AM, Tom Metro
<tmetro+dnsmasq at gmail.com<tmetro%2Bdnsmasq at gmail.com>
> wrote:

> No lease information reported? (Is this Windows XP or Vista?)

I removed the lease information, MAC, and adapter brand/model to shorten the
output.  The machine's running XP.

Is 192.168.1.?? an attempt to obscure an internal, non-routable address?

Yes, sorry, I was just masking internal IPs; they are the correct ones.

Why isn't DHCP enabled for that connection?

I was surprised by that, too, since I am getting assigned an address; I
don't have anything set manually for that connection.

1.  No 'DNS Suffix Search List' entry
>> 2.  The 'Connection-specific DNS Suffix' is empty
Normally the suffix has little impact on DNS and only applies when looking
> up unqualified names, but so far this is the best lead. Perhaps when it sees
> any suffix specified, it moves that DNS server up in priority.
> You could try statically specifying a suffix for the VPN - to put both
> connections on a level playing field, or you could try tweaking the Dnsmasq
> settings so that it doesn't supply a suffix to the client. Try unsetting the
> domain= option.

I tried unsetting the domain option, and (in a second test) adding a domain
suffix to the VPN connection, but neither had an effect.  The only thing I
noticed is that, with the router, the 'DNS Suffix Search List' entry is not
present.  With Dnsmasq, it's always present, although empty if the
dnsmasq.conf domain option is not set.

Have you tried specifying the DNS servers statically? List the VPN server
> first, then your LAN server. If the VPN server is unreachable, it ought to
> proceed to your LAN server, though that might result in a delay.

That's actually a really simple solution, and it works as expected.  I'll
have to see how noticeable the delay is.  At this point I'm just curious as
to why it changed.  I spent some more time googling this, and apparently
querying VPN DNS first is the expected behavior on XP (Vista has slightly
different rules).  I found a couple of posts from people who wanted the
opposite, but none of the responders knew how to make that happen.

In any case, this seems like mainly a Windows issue; I'll spend some more
time playing around with it.  Thanks for your help!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20090711/ff143a18/attachment.htm 

More information about the Dnsmasq-discuss mailing list