Configuring DNS Priority for Multi-NIC Windows Systems: Advanced Routing and DNS Fallback Setup


2 views

When working with multiple network interfaces on Windows (e.g., Ethernet + WiFi), the system doesn't natively support DNS server fallback across adapters. By default, Windows uses the DNS servers associated with the highest priority network interface, determined by the interface metric.

First, let's check your current DNS configuration:

# PowerShell command to list interface DNS settings
Get-DnsClientServerAddress -AddressFamily IPv4 | Select-Object InterfaceAlias, ServerAddresses

Windows prioritizes NICs based on interface metrics. Lower values have higher priority:

# Set LAN interface to higher priority (lower metric)
Set-NetIPInterface -InterfaceAlias "Ethernet" -InterfaceMetric 10
# Set WiFi to lower priority
Set-NetIPInterface -InterfaceAlias "Wi-Fi" -InterfaceMetric 20

Modify the registry to control DNS binding order:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,41,00,42,\
00,43,00,44,00,45,00,46,00,2d,00,31,00,32,00,33,00,34,00,2d,00,35,00,36,00,\
37,00,38,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,\
00,57,00,58,00,59,00,5a,00,2d,00,39,00,38,00,37,00,2d,00,36,00,35,00,34,00,\
7d,00,00,00,00,00

Note: Replace GUIDs with your actual interface GUIDs from:

Get-NetAdapter | Select-Object Name, InterfaceDescription, InterfaceGuid

Create DNS resolution policies for granular control:

# Create policy for specific domains
Add-DnsClientNrptRule -Namespace "corp.example.com" -NameServers "10.0.0.1"
# Set default DNS server list
Set-DnsClientServerAddress -InterfaceAlias "Wi-Fi" -ServerAddresses ("8.8.8.8","8.8.4.4") -PassThru

Test your configuration with these commands:

# Clear DNS cache
Clear-DnsClientCache
# Test resolution with verbose output
Resolve-DnsName example.com -Verbose -DnsOnly
# Check which server responded
nslookup example.com

For complex scenarios, consider running a local DNS proxy like dnsmasq:

# Example dnsmasq.conf configuration
server=/internal.example.com/10.0.0.1
server=/8.8.8.8
server=/8.8.4.4

When working with multiple network interfaces in Windows, DNS resolution follows an interface-specific approach rather than a global priority list. Each NIC maintains its own DNS server configuration, and Windows uses a complex algorithm to determine which DNS server to query based on:

  • Interface metric (automatic or manual)
  • DNS server response time
  • Active connections
  • Network location awareness

Windows assigns a priority to each network interface based on its metric value (lower = higher priority). You can view this with PowerShell:

Get-NetIPInterface | Select-Object ifIndex,InterfaceAlias,AddressFamily,ConnectionState,InterfaceMetric | Format-Table

To manually set interface metrics:

Set-NetIPInterface -InterfaceIndex 15 -InterfaceMetric 10

While Windows doesn't natively support global DNS server fallback, we can implement a workaround using these techniques:

Method 1: Using NRPT (Name Resolution Policy Table)

Create DNS resolution policies that specify which servers to use for specific domains:

Add-DnsClientNrptRule -Namespace "contoso.com" -NameServers "10.0.0.1"
Add-DnsClientNrptRule -Namespace "." -NameServers "192.168.1.1","8.8.8.8" -DnsSecEnable $true

Method 2: DNS Client Registry Tweaks

Modify these registry values to influence DNS behavior:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"ServerPriorityTimeLimit"=dword:00000000
"NegativeCacheTime"=dword:00000000
"NetFailureCacheTime"=dword:00000000
"NegativeSOACacheTime"=dword:00000000

Here's a PowerShell script that configures DNS fallback for two interfaces:

$LANInterface = Get-NetAdapter -Name "Ethernet"
$WifiInterface = Get-NetAdapter -Name "Wi-Fi"

# Set interface metrics (lower = higher priority)
Set-NetIPInterface -InterfaceIndex $LANInterface.ifIndex -InterfaceMetric 10
Set-NetIPInterface -InterfaceIndex $WifiInterface.ifIndex -InterfaceMetric 20

# Configure DNS servers
Set-DnsClientServerAddress -InterfaceIndex $LANInterface.ifIndex -ServerAddresses ("10.0.0.1","10.0.0.2")
Set-DnsClientServerAddress -InterfaceIndex $WifiInterface.ifIndex -ServerAddresses ("8.8.8.8","8.8.4.4")

# Flush and register DNS
Clear-DnsClientCache
Register-DnsClient

Use these commands to verify DNS resolution paths:

nslookup example.com
Resolve-DnsName example.com -Type A -DnsOnly
Get-DnsClientCache

For complete control, consider setting up a local DNS proxy service like dnsmasq:

# Example dnsmasq configuration
listen-address=127.0.0.1
server=/internal.lan/10.0.0.1
server=/google.com/8.8.8.8
server=/#/192.168.1.1

Then configure all interfaces to use 127.0.0.1 as their DNS server.