Skip to content
v1.7.3 unable to use pushed DNS servers
Got a problem with Viscosity or need help? Ask here!
Hello,
I'm re-using a topic name from a recent post by someone else. The resolution for that question was not applicable to my problem.
I'm using OpenVPN 2.3.10 on Ubuntu 16.04 to create a VPN to AWS VPC. I have BIND running on the gateway as a forwarder since private Route53 zones cannot be queried by external IPs, even if they are VPN private IPs. The link forms fine, the VPC hosts are reachable, and the "Split DNS" works ok on Windows Viscosity client (on connect `dig @localhost` for a record that exists both in a private and public zone in Route53 changes to show the internal address).
But on Mac (Sierra 10.12.5) that switch doesn't happen. I can get it to work only if I set DNS Settings > Mode to "Full DNS", but then obviously my local LAN DNS isn't resolving while I'm connected. If I set the Mode to "Split DNS" or "Automatic" (and define the private zone in the "domains" field), the local DNS resolvers received from the local DHCP remain in effect, and so the VPC private zones don't resolve. I can do `dig @x.x.x.x` to the gateway IP, and that works.
In "split" or "automatic" mode the resolv.conf reflects the default local DNS resolvers (from the local DHCP), and in "Full DNS" the resolv.conf has the gateway's IP.
Here's `scutil --dns` output in "full dns" mode:
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mydomain.net
nameserver[0] : 10.50.0.2
if_index : 10 (utun1)
flags : Scoped, Request A records
reach : Reachable
resolver #2
search domain[0] : tx.rr.com
nameserver[0] : 209.18.47.62
nameserver[1] : 209.18.47.61
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable
And here's the same in "automatic" or "split" mode:
DNS configuration (for scoped queries)
resolver #1
search domain[0] : tx.rr.com
nameserver[0] : 209.18.47.62
nameserver[1] : 209.18.47.61
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable
resolver #2
search domain[0] : mydomain.net
nameserver[0] : 10.50.0.2
if_index : 10 (utun1)
flags : Scoped, Request A records
reach : Reachable
The question being.. how do I get the split mode to work on the Mac? :-)
I'm re-using a topic name from a recent post by someone else. The resolution for that question was not applicable to my problem.
I'm using OpenVPN 2.3.10 on Ubuntu 16.04 to create a VPN to AWS VPC. I have BIND running on the gateway as a forwarder since private Route53 zones cannot be queried by external IPs, even if they are VPN private IPs. The link forms fine, the VPC hosts are reachable, and the "Split DNS" works ok on Windows Viscosity client (on connect `dig @localhost` for a record that exists both in a private and public zone in Route53 changes to show the internal address).
But on Mac (Sierra 10.12.5) that switch doesn't happen. I can get it to work only if I set DNS Settings > Mode to "Full DNS", but then obviously my local LAN DNS isn't resolving while I'm connected. If I set the Mode to "Split DNS" or "Automatic" (and define the private zone in the "domains" field), the local DNS resolvers received from the local DHCP remain in effect, and so the VPC private zones don't resolve. I can do `dig @x.x.x.x` to the gateway IP, and that works.
In "split" or "automatic" mode the resolv.conf reflects the default local DNS resolvers (from the local DHCP), and in "Full DNS" the resolv.conf has the gateway's IP.
Here's `scutil --dns` output in "full dns" mode:
DNS configuration (for scoped queries)
resolver #1
search domain[0] : mydomain.net
nameserver[0] : 10.50.0.2
if_index : 10 (utun1)
flags : Scoped, Request A records
reach : Reachable
resolver #2
search domain[0] : tx.rr.com
nameserver[0] : 209.18.47.62
nameserver[1] : 209.18.47.61
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable
And here's the same in "automatic" or "split" mode:
DNS configuration (for scoped queries)
resolver #1
search domain[0] : tx.rr.com
nameserver[0] : 209.18.47.62
nameserver[1] : 209.18.47.61
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable
resolver #2
search domain[0] : mydomain.net
nameserver[0] : 10.50.0.2
if_index : 10 (utun1)
flags : Scoped, Request A records
reach : Reachable
The question being.. how do I get the split mode to work on the Mac? :-)
Hi Ville,
You mention a number of legacy Unix tools and resolv.conf, which aren't used by macOS's DNS system. Please see the following:
http://www.sparklabs.com/support/kb/art ... unix-users
Cheers,
James
You mention a number of legacy Unix tools and resolv.conf, which aren't used by macOS's DNS system. Please see the following:
http://www.sparklabs.com/support/kb/art ... unix-users
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Hi James,
That I did not know about Mac! I was aware that nslookup would not give the right picture, but I didn't know dig would be in the same boat. Indeed, with dscacheutil I get the right resolution when split mode is effective.
On Windows side, if the dig binary for Windows has been installed, it gives the accurate detail about how the operating system sees the resolution.
Thanks for your help!
That I did not know about Mac! I was aware that nslookup would not give the right picture, but I didn't know dig would be in the same boat. Indeed, with dscacheutil I get the right resolution when split mode is effective.
On Windows side, if the dig binary for Windows has been installed, it gives the accurate detail about how the operating system sees the resolution.
Thanks for your help!
3 posts
Page 1 of 1