Avoid automatic copy of host's DNS servers to NAT Network DHCP server option 6?

[CoconutPilot]

I am trying to prevent VB from automatically copying the host's DNS servers to the VB DHCP server when using NATNetwork. The reason is one of the host's DNS servers is bogus, and since the list of servers is sorted by IP it always comes first rendering VMs useless without manual config.

This is a snippet of my network config. There is a TAP adapter that is part of Akamai EAA which provides secure access to my company's internal websites. The annoying thing is it exports a DNS server 100.64.0.1 which isn't a real DNS server.

Code: Select all

>ipconfig /all (irrelevant fields stripped from output)

Windows IP Configuration

   Host Name . . . . . . . . . . . . : bar
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Peer-Peer
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : foo . com

Unknown adapter EAATAP:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : EAATAP secure Windows Adapter V9
   IPv4 Address. . . . . . . . . . . : 100.64.0.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 100.64.0.1

Ethernet adapter LAN:

   Connection-specific DNS Suffix  . : foo.com
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (7) I219-LM
   IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : June 20, 2021 8:52:07 PM
   Lease Expires . . . . . . . . . . : June 24, 2021 8:52:08 AM
   Default Gateway . . . . . . . . . : 192.168.0.254
   DHCP Server . . . . . . . . . . . : 192.168.0.254
   DNS Servers . . . . . . . . . . . : 192.168.0.254
                                       1.1.1.1

This is my VirtualBox DHCP server config. With this config things are working well:

Code: Select all

>"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" list dhcpservers
NetworkName:    MyNATNet
Dhcpd IP:       192.0.0.3
LowerIPAddress: 192.0.0.100
UpperIPAddress: 192.0.0.250
NetworkMask:    255.255.255.0
Enabled:        Yes
Global Configuration:
    minLeaseTime:     default
    defaultLeaseTime: default
    maxLeaseTime:     default
    Forced options:   None
    Suppressed opts.: None
        1/legacy: 255.255.255.0
        3/legacy: 192.0.0.1
        6/legacy: 192.168.0.254 1.1.1.1

Once I start a VM the DHCP server config adds the EAATAP DNS server (see "6/legacy" below):

Code: Select all

>"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" list dhcpservers
NetworkName:    MyNATNet
Dhcpd IP:       192.0.0.3
LowerIPAddress: 192.0.0.100
UpperIPAddress: 192.0.0.250
NetworkMask:    255.255.255.0
Enabled:        Yes
Global Configuration:
    minLeaseTime:     default
    defaultLeaseTime: default
    maxLeaseTime:     default
    Forced options:   None
    Suppressed opts.: None
        1/legacy: 255.255.255.0
        3/legacy: 192.0.0.1
        6/legacy: 100.64.0.1 192.168.0.254 1.1.1.1

In VBoxSVC.log I see:

Code: Select all

...
60:15:39.213620          Started NAT network 'MyNATNet'
60:15:39.213988          Saving settings file "E:\xxx.vbox" with version "1.17-windows"
60:15:43.136451          HostDnsMonitorProxy::GetNameServers:
60:15:43.136474            name server 1: 100.64.0.1
60:15:43.136486            name server 2: 192.168.0.254
60:15:43.136495            name server 3: 1.1.1.1

If I manually set the DNS servers (option 6) via:

Code: Select all

VBoxManage.exe dhcpserver modify --network=MyNATNet --set-opt=6 "1.1.1.1 8.8.8.8"

that setting is lost the next time VBoxNetDHCP.exe is started. Any ideas?

[BillG]

I doubt that you will find a way to do that. I suspect it has a lot to do with Akamai and very little to do with VirtualBox.

You could test that by running the vms in an internal virtual network and setting up your own NAT router (using a vm appliance such as pfSense) instead of using Nat-network. My guess is that Akamai would still force its DNS option on to the router. As far as Akamai is concerned, the vms are inside your private network and need to be protected, just like your PCs.

[fth0]

You can probably shift your problem to the host by 9.8.6. Using the Host's Resolver as a DNS Proxy in NAT Mode. Please report back what you discover.

[CoconutPilot]

I doubt that you will find a way to do that. I suspect it has a lot to do with Akamai and very little to do with VirtualBox.

I can reproduce it without Akamai installed. Create a VM and NATNetwork. In the DHCP server for the NATNetwork change the DNS servers (option 6). Start the VM, automatically the DNS servers are changed to what the host has.

This behavior makes sense, if you have a laptop and move it to another location the DNS servers of the previous location may no longer be valid. I was hoping there was a way to avoid this automatic updating.

[CoconutPilot]

You can probably shift your problem to the host by 9.8.6. Using the Host's Resolver as a DNS Proxy in NAT Mode. Please report back what you discover.

Thanks, this looked very promising but didn't work. It turns out it is only supported in "NAT" mode and I am using "NATNetwork" or NATservice mode.