Split DNS doesn't work as expected
Posted: Thu Feb 18, 2021 7:30 pm
I'm trying to use a Split DNS feature to resolve hosts in the home network to which I connect through OpenVPN. For VPN connection I made the next settings:
When I try to use "dscacheutil" to resolve host in my home network it resolves it to an external IP address instead of internal:
- Mode: Split DNS
- Servers: 192.168.0.2 (It's a DNS server in my home network and it's accessible)
- Domains: my.domain (Actual name is in "me" root namespace)
- Ignore DNS settings sent by VPN server is checked (just in case, I don't see any difference applying this setting)
Code: Select all
Notice the first item. It was added after connection and it's applied for my domain but It uses the nameserver in my current network (192.168.1.1). This item was not there before the VPN connection. There are other items that are for my domain and use the correct nameserver (192.168.0.2) but looks like they are not used. I've tried to use the same configuration in another network with the same result - the first item for my internal domain uses the current network nameserver instead of the nameserver in my home network. And this item appear only after I made the VPN connection.❯ scutil --dns
DNS configuration
resolver #1
search domain[0] : my.domain
nameserver[0] : 192.168.1.1
if_index : 6 (en0)
flags : Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : my.domain
nameserver[0] : 192.168.0.2
flags : Supplemental, Request A records
reach : 0x00000002 (Reachable)
order : 103400
resolver #4
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #5
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #6
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #7
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #8
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 192.168.1.1
if_index : 6 (en0)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
search domain[0] : my.domain
nameserver[0] : 192.168.0.2
if_index : 28 (utun10)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
When I try to use "dscacheutil" to resolve host in my home network it resolves it to an external IP address instead of internal:
Code: Select all
❯ dscacheutil -q host -a name host.my.domain
name: <ddns_host_for_my_network>
alias: host.my.domain
ip_address: <external_ip_address>