New DNS Features don't appear to work

No, i gave up asking

I just ended up creating a small windows service that reads the config of any currently connected networks and if dns is enabled applies the DNS settings directly to the adapter

I’ll be happy to post the source code if required

@chris.salter I would very much appreciate that, I was going to knock something up in Powershell and have it run on the task scheduler but if you have something already written i’d appreciate the code.

I know I can make the feature work on a fresh OOB Windows 10 Pro VM that isn’t domain joined, i’ll build out an OOB AD environment next week to see if this is an issue that relates to GPO, or if this is an issue that relates to a fundamental flaw in understanding of how DNS policies can be used in an AD environment.

@zt-grant @chris.salter

Quick update, I built a sandbox AD and workstation setup.

A fresh OOB directory with default GPO and a fresh domain joined Windows 10 20H2 workstation are working as intended, this seems to be an issue elsewhere.

I’ll try to narrow it down, is there any debug level output for the windows zerotier client?

Thanks

1 Like

Nothing I can think of that would be helpful. Per ZeroTier’s view, it sets everything correctly. It’s something in windows GPOs that appears to be preventing the setting from activating, as you have shown in your test with a sandboxed AD setup.

I agree, it’s definitely not an issue with ZeroTier, I have it narrowed down to a single GPO with about 100 settings defined, i’m stepping through each setting to see which one breaks the functionality so it can be better documented.

@zt-grant @chris.salter

I’m not 100% sure, but I ran out of testing time today, I think it’s the following GPO: Computer Configuration>Administrative Templates>Network>Network Connectivity Status Indicator>Specify global DNS

It’s not enough to set it to Not Configured, in my testing I had to manually edit the Registry.pol with LGPO and remove the leftover block:

Computer
SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig


CREATEKEY

I’ll finish up testing tomorrow and update here once i’m sure.

@zt-grant @chris.salter

I confirmed the above policy causes the issue, if you unset the policy in GPO you also need to run a registry cleanup and remove the key:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient

Thanks

2 Likes