Skip to content
DNS resolution order on Mac/Viscosity
Got a problem with Viscosity or need help? Ask here!
I am having a OpenVPN/Viscosity configuration issue with DNS I am not able to resolve. Maybe there is a simple solution. Here is the problem. I connect to my local network and the router, running Dnsmasq, forwards the DNS requests to OpenDNS servers. Pretty standard setup. In my case, however, the router Dnsmasq also resolves local domain hostnames. So when I access
When I connect to an OpenVPN server (which I control) using Viscosity (tun/udp). The server is configured to force all traffic through the OpenVPN server and pushes out these options:
I realize I can not "Apply DNS settings simultaneously" in which case the local DNS would not be consulted, but then my .local DNS resolution fails. In a similar spirit, I can set the DNS servers on my Mac network panel to the OpenDNS DNS servers and this would route all requests to the tunnel and bypass the local router, but in that case I also do not have .local name resolution. I want all DNS requests that are not .local to go to the VPN tunnel. How do I do this? I think if I could switch the order of the DNS servers (that is, make resolver #2 first on the list of consulted DNS servers) then (maybe?) this would solve the problem. I am not sure, because I do not know how to force the order of the DNS servers so I cannot test this.
Any solutions to this issue? I am hoping there is something simple I missed.
- Henrik
Code: Select all
this resolves to hosts inside my .local network. Non .local hosts get forwarded to the OpenDNS servers.ping mach1.local
ping mach2.local
When I connect to an OpenVPN server (which I control) using Viscosity (tun/udp). The server is configured to force all traffic through the OpenVPN server and pushes out these options:
Code: Select all
When Viscosity(1.4.4b5) connects the options are received and it works in the sense that traffic gets routed through the VPN server. On the Viscosity client I:
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
Code: Select all
I have to check "Enable DNS support" even though I push this option out on the server. Still, it works and DNS resolves as follows:
Apply DNS settings simultaneously
Enable DNS support (nothing in the DNS servers and DOMAINS text boxes)
Send all traffic over VPN is *not* checked
Code: Select all
Here then is my problem. Everything works except I have a DNS leak I do not know how to fix. All my DNS queries are routed to the local router which then forwards the DNS queries to the OpenDNS server outside the VPN tunnel I created. DNS queries are not routed through the tunnel. DNS configuration (for scoped queries)
resolver #1
search domain[0] : local
nameserver[0] : 192.168.9.1
if_index : 4 (en0)
flags : Scoped
reach : Reachable,Directly Reachable Address
resolver #2
search domain[0] : tun0.viscosity
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
if_index : 6 (tun0)
flags : Scoped
reach : Reachable,Transient Connection
I realize I can not "Apply DNS settings simultaneously" in which case the local DNS would not be consulted, but then my .local DNS resolution fails. In a similar spirit, I can set the DNS servers on my Mac network panel to the OpenDNS DNS servers and this would route all requests to the tunnel and bypass the local router, but in that case I also do not have .local name resolution. I want all DNS requests that are not .local to go to the VPN tunnel. How do I do this? I think if I could switch the order of the DNS servers (that is, make resolver #2 first on the list of consulted DNS servers) then (maybe?) this would solve the problem. I am not sure, because I do not know how to force the order of the DNS servers so I cannot test this.
Any solutions to this issue? I am hoping there is something simple I missed.
- Henrik
Hi Henrik,
The simultaneous option works using search domains: i.e. you can enter domains to be associated with the VPN connection. Whenever one of these (or a subdomain) are attempted to be accessed the VPN's DNS server/s will be used.
It sounds like you're trying to do the opposite: you want everything to go through the VPN connection, except for local domains. You could try turning off Viscosity's simultaneous DNS option and add .local as a search domain to Mac OS X's network settings for your local network, but I think Mac OS X will still likely ignore this (or Viscosity will overwrite it). You'll most likely need to make use of Mac OS X's
/etc/resolver/ directory to send requests for .local domains to your local DNS server. The following webpages have some information for how to do this:
http://hints.macworld.com/article.php?s ... 2902195410
http://apple.stackexchange.com/question ... resolution
Cheers,
James
The simultaneous option works using search domains: i.e. you can enter domains to be associated with the VPN connection. Whenever one of these (or a subdomain) are attempted to be accessed the VPN's DNS server/s will be used.
It sounds like you're trying to do the opposite: you want everything to go through the VPN connection, except for local domains. You could try turning off Viscosity's simultaneous DNS option and add .local as a search domain to Mac OS X's network settings for your local network, but I think Mac OS X will still likely ignore this (or Viscosity will overwrite it). You'll most likely need to make use of Mac OS X's
/etc/resolver/ directory to send requests for .local domains to your local DNS server. The following webpages have some information for how to do this:
http://hints.macworld.com/article.php?s ... 2902195410
http://apple.stackexchange.com/question ... resolution
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
3 posts
Page 1 of 1