deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/vpn-name-resolution.md
jdeckerMS bbe791e5e3 loc fixes
2016-11-15 11:34:30 -08:00

3.8 KiB
Raw Blame History

title, description, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author, localizationpriority
title description ms.prod ms.mktglfcycl ms.sitesec ms.pagetype author localizationpriority
VPN name resolution (Windows 10) tbd w10 deploy library security, networking jdeckerMS high

VPN name resolution

Applies to

  • Windows 10
  • Windows 10 Mobile

When the VPN client connects to the VPN server, the VPN client receives the client IP address. The client may also receive the IP address of the Domain Name System (DNS) server and the IP address of the Windows Internet Name Service (WINS) server.

The name resolution setting in the VPN profile configures how name resolution should work on the system when VPN is connected. The networking stack first looks at the Name Resolution Policy table (NRPT) for any matches and tries a resolution in the case of a match. If no match is found, the DNS suffix on the most preferred interface based on the interface metric is appended to the name (in the case of a short name) and a DNS query is sent out on the preferred interface. If the query times out, the DNS suffix search list is used in order and DNS queries are sent on all interfaces.

Name Resolution Policy table (NRPT)

The NRPT is a table of namespaces that determines the DNS clients behavior when issuing name resolution queries and processing responses. It is the first place that the stack will look after the DNSCache.

There are 3 types of name matches that can set up for NRPT:

  • Fully qualified domain name (FQDN) that can be used for direct matching to a name

  • Suffix match results in either a comparison of suffixes (for FQDN resolution) or the appending of the suffix (in case of a short name)

  • Any resolution should attempt to first resolve with the proxy server/DNS server with this entry

NRPT is set using the VPNv2/ProfileName/DomainNameInformationList node of the VPNv2 CSP. This node also configures Web proxy server or domain name servers.

Learn more about NRPT

DNS suffix

This setting is used to configure the primary DNS suffix for the VPN interface and the suffix search list after the VPN connection is established.

Primary DNS suffix is set using the VPNv2/ProfileName/DnsSuffix node.

Learn more about primaryDNS suffix

Persistent

You can also configure persistent name resolution rules. Name resolution for specified items will only performed over VPN.

Persistent name resolution is set using the VPNv2/ProfileName/DomainNameInformationList//dniRowId/Persistent node.

Configure name resolution

See VPN profile options and VPNv2 CSP for XML configuration.

The following image shows name resolution options in a VPN Profile configuration policy using Microsoft Intune.

Add DNS rule

The fields in Add or edit DNS rule in the Intune profile correspond to the XML settings shown in the following table.

Field XML
Name VPNv2/ProfileName/DomainNameInformationList/dniRowId/DomainName
Servers (comma separated) VPNv2/ProfileName/DomainNameInformationList/dniRowId/DnsServers
Proxy server VPNv2/ProfileName/DomainNameInformationList/dniRowId/WebServers

Related topics