In this article:
Applicable to:
- Twingate Component: Windows Client
- Environment: Systems with multiple network interfaces, e.g. frontend and backend interfaces, where each interface has unique DNS servers that are only accessible through that specific interface.
Overview
The Windows Twingate Client relies on the DNS servers assigned to the system's default gateway interface for resolving non-Twingate traffic. As a result, multiple DNS configurations—where frontend traffic resolves through one interface's DNS servers and backend traffic resolves through another—are not supported.
Behavior and Limitations
- Twingate functions as a transparent proxy for DNS resolution but only for a single interface.
- Any DNS queries for non-Twingate resources are forwarded to the DNS servers assigned to the system’s default gateway interface.
- If each interface is assigned separate DNS servers (e.g., frontend interface for frontend DNS, backend interface for backend DNS), only the DNS servers of the default gateway interface will be used for non-Twingate traffic.
Impact of This Limitation
-
Systems configured for multiple DNS—where different interfaces resolve different sets of DNS records—may experience failed DNS resolutions when attempting to reach backend hostnames/FQDNs.
-
If backend DNS records can only be resolved via a secondary interface's DNS servers, Twingate will not forward DNS requests to those servers, potentially causing name resolution failures.
Workarounds and Recommendations
-
If possible, configure internal DNS servers to forward queries appropriately between frontend and backend DNS zones. This allows a single DNS server (reachable from the default gateway interface) to handle both frontend and backend name resolution.
- If backend resources have static IP addresses, you can manually add them to the Windows hosts file (
C:\Windows\System32\drivers\etc\hosts). This ensures that backend resources can still be reached even if their DNS servers are inaccessible via the default gateway interface.