Split DNS and internal domain resolver
Posted: Fri Nov 15, 2019 2:00 am
Hi!
I'm struggling over the DNS resolution and Viscosity.
I've configured my Openvpn server as
Viscosity log:
I'm struggling over the DNS resolution and Viscosity.
I've configured my Openvpn server as
Code: Select all
Where 10.1.0.2 is my internal DNS server that solves internal.prd. Viscosity is configured as Automatic mode for DNS and scutil --dns sayspush "dhcp-option DNS 10.1.0.2"
push "dhcp-option DOMAIN internal.prd"
Code: Select all
So the thing is that any host on internal.prd tries to resolve against my ISP DNS servers,
% scutil --dns
DNS configuration
resolver #1
search domain[0] : internal.prd
search domain[1] : fibertel.com.ar <-- my ISP
nameserver[0] : 200.42.4.199 <-- my ISP's DNS server
nameserver[1] : 200.49.130.40 <-- my ISP's DNS server
if_index : 6 (en0)
flags : Request A records
reach : 0x00000002 (Reachable)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : internal.prd
nameserver[0] : 10.10.0.2 <-- my internal DNS server
flags : Supplemental, Request A records
reach : 0x00000002 (Reachable)
order : 101800
Code: Select all
and dig uses the ISP DNS server as server. Running on "Full DNS" works as expected, but I'm trying to keep Split for now.% host api.k8s.internal.prd
Host api.k8s.internal.prd not found: 3(NXDOMAIN)
Viscosity log:
Code: Select all
Thanks!2019-11-14 11:59:15: Viscosity Mac 1.8.1 (1511)
2019-11-14 11:59:15: Viscosity OpenVPN Engine Started
2019-11-14 11:59:15: Running on macOS 10.15.1
2019-11-14 11:59:15: ---------
2019-11-14 11:59:15: State changed to Connecting
2019-11-14 11:59:15: Checking reachability status of connection...
2019-11-14 11:59:15: Connection is reachable. Starting connection attempt.
2019-11-14 11:59:15: OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 11 2019
2019-11-14 11:59:15: library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
2019-11-14 11:59:15: Resolving address: xxxxxxx
2019-11-14 11:59:15: Valid endpoint found: xxxxxxxx:1194:udp
2019-11-14 11:59:15: TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxx:1194
2019-11-14 11:59:15: UDP link local: (not bound)
2019-11-14 11:59:15: UDP link remote: [AF_INET]xxxxxxxx:1194
2019-11-14 11:59:15: State changed to Authenticating
2019-11-14 11:59:15: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-11-14 11:59:22: [vpnprod] Peer Connection Initiated with [AF_INET]xxxxxxxx:1194
2019-11-14 11:59:22: Opened utun device utun10
2019-11-14 11:59:22: /sbin/ifconfig utun10 delete
2019-11-14 11:59:22: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2019-11-14 11:59:22: /sbin/ifconfig utun10 10.8.0.54 10.8.0.53 mtu 1500 netmask 255.255.255.255 up
2019-11-14 11:59:22: Initialization Sequence Completed
2019-11-14 11:59:22: DNS mode set to Split
2019-11-14 11:59:22: State changed to Connected