Client VPN & DNS Server Preference

Here to help

Client VPN & DNS Server Preference

I believe I know the answer to this question but I'm hopeful there is an easier method to address this. I've got a new MX100 implementation with Client VPN configured. Users are able to authenticate and access the network just fine via Client VPN. The issue is that Windows Users are not using the internally defined DNS server as their preferred DNS server. In other words, when they attempt to resolve a corporate hostname, their local ethernet adapter's DNS server is being used rather than the VPN adapters DNS servers. Is the only way to address this by changing the network adapters metric so that the VPN adapter is preferred?


Note: this is NOT an issue with the DNS suffix. Also note that on MacOS this is a non-issue. On Mac's it automatically prefers the the VPN adapter's DNS servers. Thanks in advance!

Kind of a big deal

I can't say I have had that issue.


If  Windows 10 user connects and you run "nslookup", does it say it is using the VPN or Ethernet adaptors DNS server?

@ClaytonMeyer  have you tried changing the network adaptors priority? If you put VPN at the top all traffic should then pass through the VPN including DNS
Meraki Employee

Hey Clayton,


Connor here from Meraki Support. Try changing the adaptor metric in the settings pane also. You can get to it by navigating to: 


Control Panel > Network and Sharing Centre > Change Adapter Settings > *right click the WAN Miniport adapter for the VPN* > Properties > Networking > IPv4 > Properties > Advanced > *untick Automatic Metric* and set it to 1


Screenshot 2019-09-19 at 16.01.53.png


The screenshot is from Windows 7 (throwback) but it's the same method for Windows 10. This usually gets around Windows wanting to use the Ethernet/WLAN adapter's DNS settings, like you said for macOS ticking "Use VPN for all traffic" (not exact quote) also solves this. 


All the best!


Kind regards,



Connor Loughlin
Network Support Engineer

.:|:.:|:. Cisco Meraki


Thank you both! I suspect that will fix it. I was hoping for another method that didn’t require touching all of the workstations though. I’ll post a follow up after testing.

Anytime mate, let me know how you get on.

Thanks again all for the replies. I advised the MX100 admin of the NIC changes but haven't heard back yet. I'll have to wait & see what they say. Hoping for a Meraki/Anyconnect like client in the near future that will address some of these issues going forward.

Building a reputation

Any updates? I have the same issue.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.