This article will discuss an interaction between the roaming client and the npcap software. If you are not using npcap, this article will not apply.
When using npcap, the symptom of this interaction a total DNS failure for A and AAAA record types while the roaming client is active. TXT records may still succeed, allowing the roaming client to enter an encrypted mode.
What is npcap?
Npcap is a third party software for packet capturing. During installation, npcap may install a npcap network interface onto the computer in order to facilitate captures. To confirm if npcap is installed in a way that may interfere with us, validate if there is a npcap network interface. If so, read on!
Impacts and resolution
In some cases, the presence of the npcap driver may cause DNS sent to the roaming client to not reach its final destination. The impact will be A and AAAA records will time out and fail, resulting in a failure to load webpages. The browser error is most commonly a DNS failure NXDOMAIN. The roaming client may remain in "Protected and Encrypted" mode despite the full DNS failure due to Umbrella checks being made against TXT records, and npcap only is known to impact A and AAAA records. To validate if npcap is the root cause:
- Open up the network and sharing center
- Click to view network interfaces
- Right click and disable the npcap interface
- Confirm if the issue immediately resolves
If the issue vanishes immediately upon disabling the npcap network interface, this confirms that the npcap NIC and driver are the root cause of the DNS resolution issue and may need to be uninstalled in order to run the roaming client correctly. This interoperability interaction occurs at the npcap level before DNS arrives to 127.0.0.1:53 where the roaming client is bound.