Disable Windows DNS registration

internal/winipcfg/luid.go

@@ -385,3 +385,25 @@ func (luid LUID) SetDNS(family AddressFamily, servers []netip.Addr, domains []st
 func (luid LUID) FlushDNS(family AddressFamily) error {
 	return luid.SetDNS(family, nil, nil)
 }
+
+func (luid LUID) DisableDNSRegistration() error {
+	guid, err := luid.GUID()
+	if err != nil {
+		return err
+	}
+
+	dnsInterfaceSettings := &DnsInterfaceSettings{
+		Version:             DnsInterfaceSettingsVersion1,
+		Flags:               DnsInterfaceSettingsFlagRegistrationEnabled,
+		RegistrationEnabled: 0,
+	}
+
+	// For >= Windows 10 1809
+	err = SetInterfaceDnsSettings(*guid, dnsInterfaceSettings)
+	if err == nil || !errors.Is(err, windows.ERROR_PROC_NOT_FOUND) {
+		return err
+	}
+
+	// For < Windows 10 1809
+	return luid.fallbackDisableDNSRegistration()
+}

internal/winipcfg/netsh.go

@@ -51,10 +51,11 @@ func runNetsh(cmds []string) error {
 }
 
 const (
-	netshCmdTemplateFlush4 = "interface ipv4 set dnsservers name=%d source=static address=none validate=no register=both"
-	netshCmdTemplateFlush6 = "interface ipv6 set dnsservers name=%d source=static address=none validate=no register=both"
-	netshCmdTemplateAdd4   = "interface ipv4 add dnsservers name=%d address=%s validate=no"
-	netshCmdTemplateAdd6   = "interface ipv6 add dnsservers name=%d address=%s validate=no"
+	netshCmdTemplateFlush4              = "interface ipv4 set dnsservers name=%d source=static address=none validate=no"
+	netshCmdTemplateFlush6              = "interface ipv6 set dnsservers name=%d source=static address=none validate=no"
+	netshCmdTemplateAdd4                = "interface ipv4 add dnsservers name=%d address=%s validate=no"
+	netshCmdTemplateAdd6                = "interface ipv6 add dnsservers name=%d address=%s validate=no"
+	netshCmdTemplateDisableRegistration = "interface ipv6 set dnsservers name=%d register=none"
 )
 
 func (luid LUID) fallbackSetDNSForFamily(family AddressFamily, dnses []netip.Addr) error {
@@ -106,3 +107,13 @@ func (luid LUID) fallbackSetDNSDomain(domain string) error {
 	key.Close()
 	return err
 }
+
+func (luid LUID) fallbackDisableDNSRegistration() error {
+	// the DNS registration setting is shared for both IPv4 and IPv6
+	ipif, err := luid.IPInterface(windows.AF_INET)
+	if err != nil {
+		return err
+	}
+	cmd := fmt.Sprintf(netshCmdTemplateDisableRegistration, ipif.InterfaceIndex)
+	return runNetsh([]string{cmd})
+}

tun_windows.go

@@ -88,6 +88,9 @@ func (t *NativeTun) configure() error {
 			return E.Cause(err, "set ipv6 dns")
 		}
 	}
+	if len(t.options.Inet4Address) > 0 || len(t.options.Inet6Address) > 0 {
+		_ = luid.DisableDNSRegistration()
+	}
 	if t.options.AutoRoute {
 		if len(t.options.Inet4Address) > 0 {
 			if len(t.options.Inet4RouteAddress) > 0 {