VPN Search Domain being added to resolver #1

Got a problem with Viscosity or need help? Ask here!

ramarnath

Posts: 2
Joined: Wed Jun 26, 2019 1:35 am

Post by ramarnath » Wed Jun 26, 2019 1:55 am
This is a strange one, and it seems to be impacting golang based programs (compiled with CGO). So when I checked the dns settings I see that the vpn private domain has been added to the main resolver, which does not contain the VPN dns.

How does one set it up so my.vpn search domain is only using the VPN dns? My call to consul fails:
Code: Select all
consul monitor -log-level=debug
Error starting monitor: Get http://consul.service.my.vpn:8500/v1/agent/monitor?loglevel=debug: dial tcp: lookup consul.service.my.vpn on 10.xx.10:53: no such host
scutil --dns :
Code: Select all
DNS configuration

resolver #1
  search domain[0] : my.vpn
  search domain[1] : my.home
  nameserver[0] : 10.xx.10
  nameserver[1] : 10.xx.2
  if_index : 23 (en8)
  flags    : Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
  domain   : my.vpn
  nameserver[0] : 172.xx.5
  nameserver[1] : 172.xx.6
  nameserver[2] : 172.xx.5
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 101200

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : my.home
  nameserver[0] : 10.xx.10
  nameserver[1] : 10.xx.2
  if_index : 23 (en8)
  flags    : Scoped, Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
  search domain[0] : my.vpn
  nameserver[0] : 10.xx.10
  nameserver[1] : 10.xx.2
  if_index : 9 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #3
  search domain[0] : my.vpn
  nameserver[0] : 172.xx.5
  nameserver[1] : 172.xx.6
  nameserver[2] : 172.xx.5
  if_index : 20 (utun10)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

James

User avatar
Posts: 1925
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Jun 27, 2019 12:45 pm
Hi ramarnath,

There is something odd with your setup, basically the "DNS configuration (for scoped queries)" is the section to pay attention too: it would seem to imply that "my.vpn" is set as a search domain on the "en0" adapter on your computer. This is usually the Wi-Fi interface on Macs without an Ethernet port, or the Ethernet interface with Macs that have an inbuilt ethernet port. Go to the Apple Menu->System Preferences->Select the Interface->Advanced->DNS and remove the Search Domain from the list.

If you haven't added this domain yourself, you may have used a different OpenVPN client in the past. It's not uncommon for many of the "less advanced" OpenVPN clients out there to alter the network settings on the real network interfaces of your computer in an effort to set DNS etc. Viscosity does not do this.

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

ramarnath

Posts: 2
Joined: Wed Jun 26, 2019 1:35 am

Post by ramarnath » Tue Jul 02, 2019 2:49 am
There are two adapters connected, one is the ethernet port on the thunderbolt display, and the wifi.

One of the first things I checked, was if this was set in the system config, but it is not set for settings. I dont have any other OpenVPN clients running other than Viscosity.

The smoking gun seems to be that these dns settings disappear when I disconnect from Viscosity.
3 posts Page 1 of 1