DNS not working over VPN
-
I'm seeing the same thing on my Mac. I've got an IPSEC vpn that is providing a DNS server list but the DNS server is being added as secondary to the hosts configured DNS server. Any updates?
-
@ciphergeek Unfortunately I've had no further luck. I wonder if this isn't a Mac OS bug in the way it handles DNS lookups for VPN connections. I haven't had time to run this down any further. If you find something please post here as well.
Cheers!
-
Same thing is happening to me. Any clues or workarounds how to deal with that? Currently I am handing out IPs...
-
I had to roll out this script to users. I haven't tested against Big Sur yet though to see if this is fixed. I guess we should submit to apple at some point.
tell application "Terminal"
try
do shell script "mkdir /etc/resolver" with administrator privileges
do shell script "touch /etc/resolver/secure" with administrator privileges
do shell script "echo nameserver 10.10.10.15 >> /etc/resolver/secure" with administrator privileges
say "Should be working now!!"
on error
say "uh oh, we have a problem"
end try
end tell -
@ciphergeek Thanks for your answer! I manually added the file and in fact it instantly starts showing up:
$ scutil --dns[...] resolver #8 domain : secure nameserver[0] : 192.168.88.1 flags : Request A records, Request AAAA records reach : 0x00000003 (Reachable,Transient Connection)However, the name is still not resolvable without specifically requesting the nameserver:
Let me know if you see anything odd here. Otherwise I'll keep trying to figure this out...
-
Hi. In my case, .secure is an internal domain name I created. Are you trying to get general DNS working or an internal DNS zone?
-
Right, just the internal name resolution is problematic! I mv'ed the "secure"-file to our own internal domain name. Same results.
General DNS is provided by the "host"-connection, which is fine I guess?
$ nslookup google.com Server: 172.20.10.1 Address: 172.20.10.1#53 Non-authoritative answer: Name: google.com Address: 216.58.206.14 $ nslookup google.com 192.168.88.1 Server: 192.168.88.1 Address: 192.168.88.1#53 Non-authoritative answer: Name: google.com Address: 142.250.185.142 -
What's running "scuitl --dns" show
-
$ scutil --dns DNS configuration resolver #1 nameserver[0] : fe80::c82:13eb:d00f:5f5d%en0 nameserver[1] : 172.20.10.1 if_index : 6 (en0) flags : Request A records, Request AAAA records reach : 0x00020002 (Reachable,Directly Reachable Address) resolver #2 domain : local options : mdns timeout : 5 flags : Request A records, Request AAAA records reach : 0x00000000 (Not Reachable) order : 300000 resolver #3 domain : 254.169.in-addr.arpa options : mdns timeout : 5 flags : Request A records, Request AAAA records reach : 0x00000000 (Not Reachable) order : 300200 resolver #4 domain : 8.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records, Request AAAA records reach : 0x00000000 (Not Reachable) order : 300400 resolver #5 domain : 9.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records, Request AAAA records reach : 0x00000000 (Not Reachable) order : 300600 resolver #6 domain : a.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records, Request AAAA records reach : 0x00000000 (Not Reachable) order : 300800 resolver #7 domain : b.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records, Request AAAA records reach : 0x00000000 (Not Reachable) order : 301000 resolver #8 domain : mydomain nameserver[0] : 192.168.88.1 flags : Request A records, Request AAAA records reach : 0x00000002 (Reachable) DNS configuration (for scoped queries) resolver #1 nameserver[0] : fe80::c82:13eb:d00f:5f5d%en0 nameserver[1] : 172.20.10.1 if_index : 6 (en0) flags : Scoped, Request A records, Request AAAA records reach : 0x00020002 (Reachable,Directly Reachable Address) -
Sorry man. That's weird. No idea why that isn't working that looks right if your internal dns is 172.20.10.1
-
Actually I am testing the VPN through an iPhone hotspot and that's the DNS/Gateway of the iPhone connection.