SOLVED

Disable built in DNS Completely

%3CLINGO-SUB%20id%3D%22lingo-sub-2160813%22%20slang%3D%22en-US%22%3EDisable%20built%20in%20DNS%20Completely%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2160813%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20wondering%20if%20there%20were%20any%20plans%20to%20provide%20us%20the%20ability%20to%20completely%20disable%20the%20built%20in%20DNS%20with%20Edge.%20I%20understand%20that%20you%20can%20disable%20the%20DNS%20however%20this%20does%20not%20really%20resolve%20all%20the%20issues.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20work%20at%20an%20organization%20that%20has%20it's%20intranet%20page%20as%20the%20default%20home%20page%20on%20all%20devices%2C%20on%20the%20internal%20DNS%20server%20we%20have%20it%20pointing%20to%20the%20intranet%20server%20obviously.%20However%20when%20users%20go%20home%20the%20external%20DNS%20server%20points%20that%20same%20URL%20to%20the%20external%20site%20page%20instead.%20We%20have%20the%20TTL%20on%20that%20record%20set%20to%2030%20seconds%20however%20when%20users%20come%20back%20in%20the%20site%20still%20points%20them%20to%20the%20external%20site.%20Running%20a%20ipconfig%20%2F%20flushdns%20does%20nothing.%20I%20found%20out%20that%20if%20you%20clear%20the%20browser%20cache%20it%20then%20resolves%20properly%20again.%20I%20am%20not%20entirely%20sure%20what%20is%20causing%20this%20but%20I'd%20really%20appreciate%20a%20fix%20for%20this%20or%20a%20way%20to%20manage%20this%20functionality.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2166555%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20built%20in%20DNS%20Completely%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2166555%22%20slang%3D%22en-US%22%3EThanks%20for%20the%20reply%20and%20sorry%20for%20the%20late%20response!%20I%20am%20going%20to%20try%20your%20suggestions%20and%20get%20back%20to%20you.%3CBR%20%2F%3E%3CBR%20%2F%3Eto%20clarify%20what%20I%20meant%20by%20%22However%20when%20users%20go%20home%20the%20external%20DNS%20server%20points%20that%20same%20URL%20to%20the%20external%20site%20page%20instead.%20%22%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20default%20home%20page%20for%20all%20our%20computers%20is%20Intranet.DOMAINNAME.com%20when%20users%20are%20on%20site%20the%20internal%20DNS%20points%20that%20url%20to%20the%20internally%20hosted%20intranet%20page%20that%20is%20ONLY%20accessible%20internally.%3CBR%20%2F%3E%3CBR%20%2F%3ENow%2C%20when%20users%20go%20home%20we%20have%20the%20external%20DNS%20server%20pointing%20Intranet.DOMAINNAME.com%20to%20the%20external%20site%20instead.%20Otherwise%20when%20they%20go%20home%20all%20our%20users%20would%20open%20their%20web%20browsers%20to%20an%20unresolvable%20page.%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20have%20the%20TTL%20on%20the%20DNS%20records%20set%20to%2030%20seconds%20so%20ideally%20it%20would%20check%20which%20ip%20it%20should%20connect%20to%20every%20time%20they%20open%20the%20browser%20on%20site%20or%20at%20home.%20Is%20that%20more%20clear%20%3F%20sorry%20if%20I%20am%20not%20doing%20a%20great%20job%20at%20explaining%20myself.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2160879%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20built%20in%20DNS%20Completely%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2160879%22%20slang%3D%22en-US%22%3E%3CP%3Ein%20Edge%20settings%2C%20set%20DNS%20to%20%22Use%20current%20service%20provider%22%3CBR%20%2F%3Ecan%20be%20configed%20via%20group%20policy%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23dnsoverhttpsmode%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23dnsoverhttpsmode%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSTRONG%3Eset%20that%20to%20%22Off%22%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSPAN%3EThe%20%22off%22%20mode%20will%20disable%20DNS-over-HTTPS.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSTRONG%3Ealso%20disable%20this%3A%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23use-built-in-dns-client%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-policies%23use-built-in-dns-client%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Emore%20info%3A%3CBR%20%2F%3E%22This%20policy%20controls%20which%20software%20stack%20is%20used%20to%20communicate%20with%20the%20DNS%20server%3A%20the%20operating%20system%20DNS%20client%2C%20or%20Microsoft%20Edge's%20built-in%20DNS%20client.%20This%20policy%20does%20not%20affect%20which%20DNS%20servers%20are%20used%3A%20if%2C%20for%20example%2C%20the%20operating%20system%20is%20configured%20to%20use%20an%20enterprise%20DNS%20server%2C%20that%20same%20server%20would%20be%20used%20by%20the%20built-in%20DNS%20client.%20It%20also%20does%20not%20control%20if%20DNS-over-HTTPS%20is%20used%3B%20Microsoft%20Edge%20always%20uses%20the%20built-in%20resolver%20for%20DNS-over-HTTPS%20requests.%20Please%20see%20the%20DnsOverHttpsMode%20policy%20for%20information%20on%20controlling%20DNS-over-HTTPS.%22%3CBR%20%2F%3E%3CBR%20%2F%3E%22If%20you%20enable%20this%20policy%2C%20the%20built-in%20DNS%20client%20is%20used%2C%20if%20it's%20available.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSTRONG%3EIf%20you%20disable%20this%20policy%2C%20the%20built-in%20DNS%20client%20is%20only%20used%20when%20DNS-over-HTTPS%20is%20in%20use.%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20don't%20configure%20this%20policy%2C%20the%20built-in%20DNS%20client%20is%20enabled%20by%20default.%22%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eby%20the%20way%2C%20this%20part%20is%20a%20bit%20confusing%3A%20%22%3CSPAN%3EHowever%20when%20users%20go%20home%20the%20external%20DNS%20server%20points%20that%20same%20URL%20to%20the%20external%20site%20page%20instead.%26nbsp%3B%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eyou%20only%20have%20a%20homepage%20URL%20which%20is%20a%20website%20hosted%20internally%2C%20then%20what%20is%20the%20external%20site%20page%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi, 

 

I was wondering if there were any plans to provide us the ability to completely disable the built in DNS with Edge. I understand that you can disable the DNS however this does not really resolve all the issues. 

 

I work at an organization that has it's intranet page as the default home page on all devices, on the internal DNS server we have it pointing to the intranet server obviously. However when users go home the external DNS server points that same URL to the external site page instead. We have the TTL on that record set to 30 seconds however when users come back in the site still points them to the external site. Running a ipconfig / flushdns does nothing. I found out that if you clear the browser cache it then resolves properly again. I am not entirely sure what is causing this but I'd really appreciate a fix for this or a way to manage this functionality. 

10 Replies
best response confirmed by Fatal_Ignorance (Occasional Contributor)
Solution

in Edge settings, set DNS to "Use current service provider"
can be configed via group policy:

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#dnsoverhttpsmode

set that to "Off"
The "off" mode will disable DNS-over-HTTPS.

also disable this:
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#use-built-in-dns-client

more info:
"This policy controls which software stack is used to communicate with the DNS server: the operating system DNS client, or Microsoft Edge's built-in DNS client. This policy does not affect which DNS servers are used: if, for example, the operating system is configured to use an enterprise DNS server, that same server would be used by the built-in DNS client. It also does not control if DNS-over-HTTPS is used; Microsoft Edge always uses the built-in resolver for DNS-over-HTTPS requests. Please see the DnsOverHttpsMode policy for information on controlling DNS-over-HTTPS."

"If you enable this policy, the built-in DNS client is used, if it's available.

If you disable this policy, the built-in DNS client is only used when DNS-over-HTTPS is in use.

If you don't configure this policy, the built-in DNS client is enabled by default."

 

by the way, this part is a bit confusing: "However when users go home the external DNS server points that same URL to the external site page instead. "

 

you only have a homepage URL which is a website hosted internally, then what is the external site page?

Thanks for the reply and sorry for the late response! I am going to try your suggestions and get back to you.

to clarify what I meant by "However when users go home the external DNS server points that same URL to the external site page instead. "

The default home page for all our computers is Intranet.DOMAINNAME.com when users are on site the internal DNS points that url to the internally hosted intranet page that is ONLY accessible internally.

Now, when users go home we have the external DNS server pointing Intranet.DOMAINNAME.com to the external site instead. Otherwise when they go home all our users would open their web browsers to an unresolvable page.

We have the TTL on the DNS records set to 30 seconds so ideally it would check which ip it should connect to every time they open the browser on site or at home. Is that more clear ? sorry if I am not doing a great job at explaining myself.
Thank you,
by doing that you will neutralize Edge's DNS involvement.
You run a so-called split-brain DNS setup. In this case you have to make sure the TTL of both internal and external A records is short enough to avoid the issues you mentioned. Also be aware that changes to TTL need some time to be replicated and the original TTL must be exceeded on all clients (or cache has to be flushed).
You may rethink of you need to solve your issue with a split-Brain DNS or if NAT reflection would also be an option.

Cheers
Joe
I've tested the configuration and it does not seem to work still.

So to give you more clues as to what's going on, even after flushing the DNS cache the website still directs to the external web page while on site unless I clear Edge cache. One I clear Edge cache it will now begin to resolve correctly again. Do you know if there is something that caches webpages for faster loading in Edge chromium? If so I think that would be the culprit. I will also do my own research into the matter and respond back if I find the solution.
Thanks for that info, I had not thought about that but in our case that would not be an issue as we implemented that change long ago and have simply been dealing with the issues. This isn't really super high on our priority list but I figured I would ask the community.

@Fatal_Ignorance 

Spoiler

@Fatal_Ignorance wrote:
I've tested the configuration and it does not seem to work still.

So to give you more clues as to what's going on, even after flushing the DNS cache the website still directs to the external web page while on site unless I clear Edge cache. One I clear Edge cache it will now begin to resolve correctly again. Do you know if there is something that caches webpages for faster loading in Edge chromium? If so I think that would be the culprit. I will also do my own research into the matter and respond back if I find the solution.

Well yes there is "Preload pages for faster browsing and searching" option in settings

edge://settings/content/cookies

 

Another workaround for this, you can use this option here:

edge://settings/clearBrowsingDataOnClose

 

just check the box that clears browser cache every time Edge is closed.

 

and are you sure it's not the cookies and only cached data like images, files etc.? because if it was cookies you could add only that domain to clear on exit.

Thank you!

So I was able to resolve the issue on edge. I verified that it was not the cookies causing issues at all so I didn't change anything with that but your second suggestion lead me to the GPO:

"Clear cached images and files when Microsoft Edge closes"

enabling that fixed my issue on edge, now I just need to make sure the users know to close and reopen edge from home after they connect to the VPN to ensure they get to the proper site.

Now all I have to do is try to find resolutions for chrome / IE :p
You're welcome, glad I could help :)
I'm fairly positive that Chrome also has the same feature.
no, it does not have that same GPO nor that same page so I'll just have to come up with something else, but at the very least you've fixed my issue on Edge.

thanks!