Mac does not get DNS server address from DHCP

Gertjan · Aug 27, 2022, 8:15 AM

@hoegge said in Mac does not get DNS server address from DHCP:

I have never used locations, so they are set to automatic.

Are "Locations" like Profiles ?
Upfront : I'm not using a Mac, never used one, but I'm an iPhone users since day 1.
They told me that it was based on system X and that was the Mac OS back then.

The DHCP client on my I devices take an IP, network, Gateway and DNS just fine.
On any network : pfSense, or any other ISP router. If that wouldn't work out of the box, a couple of billion would yell out over the Internet right now.

I guess you've overridden ones your local DNS on your Mac, using some manual = static setting, and that got sticky. Now your Mac is outsmarting you, like :
If you connect to your local network, your Mac identifies the local network by the gateway's (pfSense) MAC address, and does what you told it to do, somewhere in the past => Assign a DNS, and reject what pfSense / DHCP was saying.
Delete your settings, profile ( ? ), reconnect, and default DHCP will kick in, using default behaviour, and the issue is gone.

hoegge · Aug 27, 2022, 8:39 AM

@gertjan Hi - no I have not overridden any settings. Unless, another DHCP server could do that to make DNS stick,but I doubt that is part of the protocol. Of course it could also be a MacOS bug. Dunno.
Some people have had the same experience:
https://apple.stackexchange.com/questions/377429/why-does-my-dns-server-not-update-when-i-switch-networks

flat4 · Oct 5, 2022, 3:18 PM

Been out for a while, in the article that you tagged it does mention that these folks are waking there macs from sleep. Are you doing the same or are you shutting down and powering on.

Have you tried the disable wifi and re-enable it to see if that grabs a the correct dns.

hoegge · Oct 5, 2022, 3:18 PM

@flat4 said in Mac does not get DNS server address from DHCP:

Have you tried the disable wifi and re-enable it to see if that grabs a the correct dns.

This happens both on wifi and LAN - it does get the IP address and GW address, but not DNS. And it is only on my pfsense it happens, never when I go to other places.

Gertjan · Oct 5, 2022, 3:32 PM

@hoegge said in Mac does not get DNS server address from DHCP:

This happens both on wifi and LAN

Is this an 'Apple' device ?
Throw away the 'profile'.
Reconnect.
Now you'll see the IP, gateway, DNS etc.

Or, just to convince yourself : snif the DHCP lease packets coming from pfSense. The DNS IP (one or more) was in there, it was just the device not taking/accepting it.

hoegge · Oct 5, 2022, 3:52 PM

@gertjan
Thanks - what do you mean with "profile"? Network adapter?

When I get home to my pfSense box, the DNS is stuck at what it was at the office:
login-to-view

then I can clear it by clicking the minus button and it reverts to the one delivered by pfSense:
login-to-view

At the office the DNS settings is not "set with solid" but greyed out and set by DHCP like the last image - just at their DNS: 192.168.0.1

Renewing DHCP does not change that. So somehow the DNS gets stuck, when I get back home to my own network.

flat4 · Oct 5, 2022, 4:31 PM

Go back to the first screen when you open network. It will say Automatic.
You can do the pull down and create a new profile, call it whatever you like.

I have a screenshot posted already.

After you create that profile setup the wifi and make sure that you can surf. reboot and test, it should stay on the profile you created but if it does not change it and see if it automatically connects.

What we are saying is that the automatically profile has corrupted when you are at home but it knows what to connect to at work. It Possible that its also not working for work but they (work) may assign static ip based on your mac address (sticky mac or dhcp reservation)

Gertjan · Oct 6, 2022, 7:16 AM

@hoegge said in Mac does not get DNS server address from DHCP:

Thanks - what do you mean with "profile"?

I only have i¨hones and iPads, no Apple PC's.
But, when connected to an Wifi SSID, I can select "Delete this connection".
This means, when I reconnect, I have to enter the wifi password again, if there is one, etc.
This is what I mean with "profile".

hoegge · Oct 6, 2022, 7:43 AM

@gertjan Ok. But then it is not related. It is not WiFi related, it is on ethernet wired connection.

Gertjan · Oct 6, 2022, 8:13 AM

@hoegge

These are my DHCP server settings on my PORTAL interface :

login-to-view

Note : no DNS IP is set, so pfSense uses the default, its LAN IP = 192.168.2.1, as unbound should listen on this interface.

A packet capture of the DHCP negotiation :

login-to-view

Result :

10:08:14.020638 d2:35:34:2e:b0:39 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 255, id 17090, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from d2:35:34:2e:b0:39, length 300, xid 0xfad3a52, Flags [none] (0x0000)
	  Client-Ethernet-Address d2:35:34:xx:xx:39
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Request
	    Parameter-Request Option 55, length 9: 
	      Subnet-Mask, Classless-Static-Route, Default-Gateway, Domain-Name-Server
	      Domain-Name, Option 108, URL, Option 119
	      Option 252
	    MSZ Option 57, length 2: 1500
	    Client-ID Option 61, length 7: ether d2:35:34:2e:b0:39
	    Requested-IP Option 50, length 4: 192.168.2.5
	    Lease-Time Option 51, length 4: 7776000
10:08:14.021181 90:ec:77:29:39:2d > d2:35:34:2e:b0:39, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    192.168.2.1.67 > 192.168.2.5.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0xfad3a52, Flags [none] (0x0000)
	  Your-IP 192.168.2.5
	  Client-Ethernet-Address d2:35:34:xx:b0:39
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: ACK
	    Server-ID Option 54, length 4: 192.168.2.1
	    Lease-Time Option 51, length 4: 86398
	    Subnet-Mask Option 1, length 4: 255.255.255.0
	    Default-Gateway Option 3, length 4: 192.168.2.1
	    Domain-Name-Server Option 6, length 4: 192.168.2.1
	    Domain-Name Option 15, length 20: "a.b.c.d.net"

As you can see, my iPhone asks for a DNS :

	    Parameter-Request Option 55, length 9: 
	      Subnet-Mask, Classless-Static-Route, Default-Gateway, Domain-Name-Server

and it gets a DNS :

	    Domain-Name-Server Option 6, length 4: 192.168.2.1

Your turn ;)

hoegge · Nov 3, 2022, 6:06 PM

@gertjan Thanks a lot for the detailed feedback. I will try that, as soon as I can. I have now experienced the same problem on a total other network, so this points at MacOs network as the problem. Will test and get back.

Thanks again