Forum Discussion

Fatal_Ignorance's avatar
Fatal_Ignorance
Copper Contributor
Feb 23, 2021

Disable built in DNS Completely

Hi,    I was wondering if there were any plans to provide us the ability to completely disable the built in DNS with Edge. I understand that you can disable the DNS however this does not really res...
  • HotCakeX's avatar
    HotCakeX
    Feb 23, 2021

    in Edge settings, set DNS to "Use current service provider"
    can be configed via group policy:

    https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#dnsoverhttpsmode

    set that to "Off"
    The "off" mode will disable DNS-over-HTTPS.

    also disable this:
    https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#use-built-in-dns-client

    more info:
    "This policy controls which software stack is used to communicate with the DNS server: the operating system DNS client, or Microsoft Edge's built-in DNS client. This policy does not affect which DNS servers are used: if, for example, the operating system is configured to use an enterprise DNS server, that same server would be used by the built-in DNS client. It also does not control if DNS-over-HTTPS is used; Microsoft Edge always uses the built-in resolver for DNS-over-HTTPS requests. Please see the DnsOverHttpsMode policy for information on controlling DNS-over-HTTPS."

    "If you enable this policy, the built-in DNS client is used, if it's available.

    If you disable this policy, the built-in DNS client is only used when DNS-over-HTTPS is in use.

    If you don't configure this policy, the built-in DNS client is enabled by default."

     

    by the way, this part is a bit confusing: "However when users go home the external DNS server points that same URL to the external site page instead. "

     

    you only have a homepage URL which is a website hosted internally, then what is the external site page?

JoeGoerlich's avatar
JoeGoerlich
Copper Contributor
You run a so-called split-brain DNS setup. In this case you have to make sure the TTL of both internal and external A records is short enough to avoid the issues you mentioned. Also be aware that changes to TTL need some time to be replicated and the original TTL must be exceeded on all clients (or cache has to be flushed).
You may rethink of you need to solve your issue with a split-Brain DNS or if NAT reflection would also be an option.

Cheers
Joe
Fatal_Ignorance's avatar
Fatal_Ignorance
Copper Contributor
Feb 25, 2021
Thanks for that info, I had not thought about that but in our case that would not be an issue as we implemented that change long ago and have simply been dealing with the issues. This isn't really super high on our priority list but I figured I would ask the community.

Share

Resources