Skip to content
Split DNS and internal domain resolver
Got a problem with Viscosity or need help? Ask here!
Hi!
I'm struggling over the DNS resolution and Viscosity.
I've configured my Openvpn server as
Viscosity log:
I'm struggling over the DNS resolution and Viscosity.
I've configured my Openvpn server as
Code: Select all
Where 10.1.0.2 is my internal DNS server that solves internal.prd. Viscosity is configured as Automatic mode for DNS and scutil --dns sayspush "dhcp-option DNS 10.1.0.2"
push "dhcp-option DOMAIN internal.prd"
Code: Select all
So the thing is that any host on internal.prd tries to resolve against my ISP DNS servers,
% scutil --dns
DNS configuration
resolver #1
search domain[0] : internal.prd
search domain[1] : fibertel.com.ar <-- my ISP
nameserver[0] : 200.42.4.199 <-- my ISP's DNS server
nameserver[1] : 200.49.130.40 <-- my ISP's DNS server
if_index : 6 (en0)
flags : Request A records
reach : 0x00000002 (Reachable)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : internal.prd
nameserver[0] : 10.10.0.2 <-- my internal DNS server
flags : Supplemental, Request A records
reach : 0x00000002 (Reachable)
order : 101800
Code: Select all
and dig uses the ISP DNS server as server. Running on "Full DNS" works as expected, but I'm trying to keep Split for now.% host api.k8s.internal.prd
Host api.k8s.internal.prd not found: 3(NXDOMAIN)
Viscosity log:
Code: Select all
Thanks!2019-11-14 11:59:15: Viscosity Mac 1.8.1 (1511)
2019-11-14 11:59:15: Viscosity OpenVPN Engine Started
2019-11-14 11:59:15: Running on macOS 10.15.1
2019-11-14 11:59:15: ---------
2019-11-14 11:59:15: State changed to Connecting
2019-11-14 11:59:15: Checking reachability status of connection...
2019-11-14 11:59:15: Connection is reachable. Starting connection attempt.
2019-11-14 11:59:15: OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 11 2019
2019-11-14 11:59:15: library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
2019-11-14 11:59:15: Resolving address: xxxxxxx
2019-11-14 11:59:15: Valid endpoint found: xxxxxxxx:1194:udp
2019-11-14 11:59:15: TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxx:1194
2019-11-14 11:59:15: UDP link local: (not bound)
2019-11-14 11:59:15: UDP link remote: [AF_INET]xxxxxxxx:1194
2019-11-14 11:59:15: State changed to Authenticating
2019-11-14 11:59:15: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-11-14 11:59:22: [vpnprod] Peer Connection Initiated with [AF_INET]xxxxxxxx:1194
2019-11-14 11:59:22: Opened utun device utun10
2019-11-14 11:59:22: /sbin/ifconfig utun10 delete
2019-11-14 11:59:22: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2019-11-14 11:59:22: /sbin/ifconfig utun10 10.8.0.54 10.8.0.53 mtu 1500 netmask 255.255.255.255 up
2019-11-14 11:59:22: Initialization Sequence Completed
2019-11-14 11:59:22: DNS mode set to Split
2019-11-14 11:59:22: State changed to Connected
Hi nico,
When testing Split DNS on macOS, please ensure you’re not using tools like nslookup, dig, and host, as these do not use macOS’s resolver system. Please see the following link for details:
https://www.sparklabs.com/support/kb/article/configuring-dns-and-wins-settings/#notes-for-linux-unix-users
With regards to the "scutil --dns" output, you need to scroll down to the "DNS configuration (for scoped queries)" section to see what domains are associated with what DNS servers.
Cheers,
James
When testing Split DNS on macOS, please ensure you’re not using tools like nslookup, dig, and host, as these do not use macOS’s resolver system. Please see the following link for details:
https://www.sparklabs.com/support/kb/article/configuring-dns-and-wins-settings/#notes-for-linux-unix-users
With regards to the "scutil --dns" output, you need to scroll down to the "DNS configuration (for scoped queries)" section to see what domains are associated with what DNS servers.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts
Page 1 of 1