NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

SparkyNuts's avatar
SparkyNuts
Aspirant
Nov 25, 2023

Using Microsoft Defender VPN Still Allows Me to Set DNS Server at the Router?

We have a base router and one satellite in our home.  One year ago I went into Orbi's settings and changed the DNS servers to be 1.1.1.3 and 1.0.0.3 from Cloudflare because our young kids had just st...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Nov 25, 2023

This is a really interesting question.  When a VPN connection is opened on a user device,there appear to be two possible behaviors:

  • Every data packet is sent through the tunnel, no matter what the target IP address, or
  • Data packets not addressed to the local IP subnet (LAN) are sent through the tunnel, and packets intended for the LAN are sent through the regular network adapter to the LAN.

When Windows Defender VPN is enabled, how will it function?

 

How about a couple of experiments:

  1. Open the Orbi web interface http://orbilogin.net using Safari.  The Orbi DNS mechanism intercepts this DNS request and returns the IP address of the Orbi router.  Normal DNS services, such as CloudFlare have no means of identifying "where is orbilogin.net?" and will return an error.
  2. If CloudFlare is being used to block some URLs as a form of Parental Control, attempt to open one of those URLs.  If it opens, then the DNS request did not go through the Orbi DNS mechanism

Would love to hear what happens.

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Nov 25, 2023

    Thanks for finding that link. So, Microsoft Defender for Endpoint is not a VPN in the traditional sense:

     

    Conveniently left out of the article is how URLs are resolved into IP addresses.  After Defender has determined that the proposed connection is not a threat, apparently the connection proceeds normally.  Perhaps a DNS request is made as usual, in which case it would go to whatever DNS server is defined in the device wireless configuration.  Orbi DHCP specifies the Orbi router as the DNS server.  On computers, it is not difficult to configure actual DNS servers in the wireless settings instead of using the server specified by DHCP.  (Not clear to me whether iPhones have the same capability.)

     

    I'd love to see happens on this iPhone using Microsoft Defender for Endpoint.  Not certain how to explain if a specific URL is blocked. (a) did Defender block it? or, (b) did CloudFlare block it?