Symptoms

DNS resolution does not work in a particular case of DNS Relay Proxy Service, when two adapters have the same DNS Server address on Microsoft Windows version 10.

Impact

DNS resolution completely stops working on client systems until the VPN is disconnected.

Conditions

This issue occurs when all of the following conditions are met: -- Your BIG-IP APM configuration uses a network access profile. -- The user device is running Windows 10 and is connected to two networks through two network interfaces. -- The Windows user has installed the BIG-IP Edge Client that includes the DNS Relay Proxy Service. -- Prior to establishing an access session, the lower index network interface of the Windows device is disconnected. -- The Windows user establishes an access session using BIG-IP Edge Client. -- The Windows device's lower index network interface is reconnected. -- The Windows user attempts a DNS resolution.

Workaround

To work around this issue, add the following registry key: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient with DWORD EnableMultiHomedRouteConflicts set to 0. This reverts the Windows DNS client behavior to pre-Windows 10 behavior, so the DNS relay proxy creates listeners on loopback for incoming requests, and the driver redirects DNS requests to the listener on the loopback. Important: Use extreme care when editing Windows registry keys. Incorrect modification of keys might cause unexpected behavior. For step-by-step instructions for adding this registry key, see K13222132: The DNS Relay Proxy Service may fail to resolve DNS requests :: https://support.f5.com/csp/article/K13222132.

Fix Information

None

Behavior Change