Wish to pass unqualified hostname to specified DNS resolver

Got a problem with Viscosity or need help? Ask here!

madhatter

Posts: 1
Joined: Wed Aug 03, 2016 12:50 am

Post by madhatter » Wed Aug 03, 2016 1:27 am
Our OpenVPN server specifies an internal DNS server to clients, but not a search domain. This is because we use naked hostnames for internal purposes (don't ask...). On a MacOS El Capitan client, it seems that viscosity is appending a default domain to unqualified hostnames for resolution. For example, typing
Code: Select all
http://fabricator
in a client browser window produces the following request over the VPN, and a perfectly reasonable negative response:
Code: Select all
15:17:42.273653 IP 192.168.124.22.56515 > 192.168.124.1.53: 60195+ A? fabricator.utun0.viscosity. (45)
15:17:42.285082 IP 192.168.124.1.53 > 192.168.124.22.56515: 60195 NXDomain 0/1/0 (120)
Is there any way to get viscosity not to append a search domain in the absence of a server-supplied one, but simply to transmit unqualified hostnames for resolution?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Aug 15, 2016 11:37 am
Hi madhatter,

I'm afraid you're not going to be able to make such as setup work over the VPN connection. macOS isn't going to do a lookup for a single label TLD/hostname using the VPN servers at all unless a domain is configured for the connection, and then it'll append the domain to the lookup for single label TLD/hostnames. If a domain isn't specified Viscosity will set a default one (utun0.viscosity in this instance) so the VPN DNS settings won't be ignored by the OS.

My recommendation would be to push out a domain your DNS server will be able to handle, and then remap lookups for that subdomain/zone to your top level domain/zone on the DNS server. Alternatively if you don't wish to change the DNS server setup, you could run a DNS forwarder on the VPN server that rebinds the domain for any requests.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1