Per-process DNS in windows

Question

I would like to redirect DNS requests for specific processes on Windows so that they hit a different set of DNS servers than the default ones configued for my system.

I've looked into doing this, but come across some blockers. First, where do DNS request arise from on windows? do they come from the process itself or is there a proxy process that does DNS requests on behalf of all processes? I used 'message analyzer' and it looked like DNS requests were coming from a process called svchost.exe, and not the process itself. Is this correct?

I've looked into WFP (windows filtering platform) and haven't come across any obvious APIs for achieving this - does WFP offer sometthing, or i'm looking in the wrong place? If DNS requests arise from the process itself i could add a filter that redirects port 53 UDP traffic for that process, but it seems like (unless i am mistaken) DNS comes from the svchost.exe process, so this approach cannot work.

If DNS does instead arise from svchost.exe then tehre emust be an RPC/API that a process uses to communicate with that service, is it possible to hook that RPC/API ? I need to find the originating process of the DNS request so that i can customize the DNS servers it actually hits.

Answer 1

JUST Disable DNSCache(DNS Client) service.

I have disabled DNSCache service by changing the registry value [HKLM\SYSTEM\CurrentControlSet\Services\Dnscache:Start] as 4(SERVICE_DISABLED), and rebooting my computer.

Before disabling DNSCache, svchost.exe query a DNS name

After disalbed DNSCache, IE directly query a DNS name

It is a very simple way, but I'm not sure it's a right way you wanted.