As more and more people become aware of the dangers of the internet and all the prying eyes around, VPN or Virtual Private Networks have grown in popularity as those users intend to encrypt and mask their browsing and surfing habits.
Corporations, both large and small, have had taken note and begun to offer VPN services bundled with previous products. But these can often lead to problems and annoyances as well. Recently, Brave stopped force-installing its VPN services on Windows PCs when you installed its browsers. The fix was rolled out nearly six months after the issue was highlighted.
And now there are reports of Google's VPN services messing up Windows' DNS (Domain Name Service) settings. Google introduced a VPN service as a part of its Google One cloud subscription services back in 2020. And a couple of years later in November of 2022, it was released to Windows and Mac as well.
The problem seems to be two-fold. First, Google One VPN is imposing its own DNS servers over the one you have on your Windows, and second, it also fails to revert back the changes it made to Windows' DNS settings even if you disable it. Mac seems unaffected by this and it seems to be Windows-exclusive bug.
The bug was noticed by GitHub user Mr-McMuffin who opened an issue describing the problem. The user wrote:
This VPN BREAKS DNS functionality in windows 11, it locks the system DNS to google DNS servers under the network settings.
- Settings -> Network & Internet -> Ethernet
Leave this open, and set on Automatic DHCP.- Connect to Google VPN, it will change your DNS setting to manual google DNS servers.
- Disconnect, and keep an eye on the settings window we left opened, it will stay stuck to the google DNS settings, not the automatic DHCP, breaking ANY dns functionality of your computer.
Even after a restart, closing the google VPN app, or disconnecting the DNS settings are stuck on a manual assignment.
This is unacceptable. In order to use the google one vpn, one needs to manually go into network settings and toggle back on the auto assignment.This is a serious issue, it happens on all windows 11 computers ive tested.
MAJOR ISSUE. Please address when an ETA to fix this will be done.
Why is this a huge issue? If you use TLS or Encrypted DNS the google 8.8.8.8 will break this configuration.
I use encrypted dns with ECH, with google none of this is available putting my security at risk when the vpn is off.
If you have custom dns for work, firewalls, or family safety/filtering - again the vpn will break it.
This was causing a huge headache for me but i discovered the google VPN has a huge bug with not reseting DNS back into the state it was before turning on.
Although the issue notes that the problem happens on Windows 11, others on the thread chimed in to add that it is the same on Windows 10 too.
A Google engineer Ryan Lothian responded to the thread earlier this year in January (the issue was opened back in November 2023) thanking the user for bringing the issue to Google's attention and also explained what was happening. Lothian wrote:
Hey folks, thank you for reporting this behaviour.
To protect users privacy, the Google One VPN deliberately sets DNS to use Google's DNS servers. This prevents a nefarious DNS server (that might be set by DHCP) compromising your privacy. Visit https://developers.google.com/speed/public-dns/privacy to learn about the limited logging performed by Google DNS.
We think this is a good default for most users. However, we do recognize that some users might want to have their own DNS, or have the DNS revert when VPN disconnects. We'll consider adding this to a future release of the app.
While Google itself feels that it is a "good default for most users" to use Googles' own DNS servers, the commenters on the GitHub thread have mostly expressed disapproval.
The silver lining is that the company has said it will consider adding an option for users to use their own DNS but that was back in January and there is yet to be any update on it.
For the meantime, a user beez34 was able to devise a way to work around this Google shenanigan using a PowerShell script:
.... until this is addressed, I've set a simple PowerShell script that runs this on startup:
Get-DnsClientServerAddress | Set-DnsClientServerAddress -ResetServerAddresses
Run it elevated as a delayed scheduled task so that when Windows starts and Google One VPN starts, it has a minute and then runs the command to reset your network IPv4 and IPv6 adapters to default. Because make no mistake, every single interface alias is altered by Google here.
You can follow the issue for yourself on this GitHub page.
