SparkLabs Forum.

Community Help.


v1.7.3 unable to use pushed DNS servers

Hello,

I'm re-using a topic name from a recent post by someone else. The resolution for that question was not applicable to my problem.

I'm using OpenVPN 2.3.10 on Ubuntu 16.04 to create a VPN to AWS VPC. I have BIND running on the gateway as a forwarder since private Route53 zones cannot be queried by external IPs, even if they are VPN private IPs. The link forms fine, the VPC hosts are reachable, and the "Split DNS" works ok on Windows Viscosity client (on connect `dig @localhost` for a record that exists both in a private and public zone in Route53 changes to show the internal address).

But on Mac (Sierra 10.12.5) that switch doesn't happen. I can get it to work only if I set DNS Settings > Mode to "Full DNS", but then obviously my local LAN DNS isn't resolving while I'm connected. If I set the Mode to "Split DNS" or "Automatic" (and define the private zone in the "domains" field), the local DNS resolvers received from the local DHCP remain in effect, and so the VPC private zones don't resolve. I can do `dig @x.x.x.x` to the gateway IP, and that works.

In "split" or "automatic" mode the resolv.conf reflects the default local DNS resolvers (from the local DHCP), and in "Full DNS" the resolv.conf has the gateway's IP.

Here's `scutil --dns` output in "full dns" mode:

DNS configuration (for scoped queries)

resolver #1
search domain[0] : mydomain.net
nameserver[0] : 10.50.0.2
if_index : 10 (utun1)
flags : Scoped, Request A records
reach : Reachable

resolver #2
search domain[0] : tx.rr.com
nameserver[0] : 209.18.47.62
nameserver[1] : 209.18.47.61
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable

And here's the same in "automatic" or "split" mode:

DNS configuration (for scoped queries)

resolver #1
search domain[0] : tx.rr.com
nameserver[0] : 209.18.47.62
nameserver[1] : 209.18.47.61
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable

resolver #2
search domain[0] : mydomain.net
nameserver[0] : 10.50.0.2
if_index : 10 (utun1)
flags : Scoped, Request A records
reach : Reachable


The question being.. how do I get the split mode to work on the Mac? :-)
Hi Ville,

You mention a number of legacy Unix tools and resolv.conf, which aren't used by macOS's DNS system. Please see the following:
http://www.sparklabs.com/support/kb/art ... unix-users

Cheers,
James
Hi James,

That I did not know about Mac! I was aware that nslookup would not give the right picture, but I didn't know dig would be in the same boat. Indeed, with dscacheutil I get the right resolution when split mode is effective.

On Windows side, if the dig binary for Windows has been installed, it gives the accurate detail about how the operating system sees the resolution.

Thanks for your help!
3 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy