OpenVPN DNS domain setting not working
Posted: Mon Dec 21, 2020 6:41 am
Hi there. I'm having some difficulty getting split DNS to work with domains. Could you please help me out?
I can successfully connect myself to my remote router, which runs an OpenVPN server that's available to the internet. It's also a DNS server for the domain etob. When connected, it's reachable at 192.168.1.1, subnet mask is 255.255.0.0. I can reach all of its devices, e.g.Foo, by their hard-coded IP addresses, but I can't reach them by their hostnames, e.g. Foo.etob
To try to remedy this, under "DNS Settings:", I set:
If I manually specific the target DNS server, then it works. However, I expected it to be picked up automatically given the .etob suffix.
For more info, here's the output scutil --dns, which changes depending on whether or not I'm connected (which makes me think that it should work, and I don't understand why it doesn't)
Here is its output before connection:
I can successfully connect myself to my remote router, which runs an OpenVPN server that's available to the internet. It's also a DNS server for the domain etob. When connected, it's reachable at 192.168.1.1, subnet mask is 255.255.0.0. I can reach all of its devices, e.g.Foo, by their hard-coded IP addresses, but I can't reach them by their hostnames, e.g. Foo.etob
To try to remedy this, under "DNS Settings:", I set:
- Mode: Split DNS (Use VPN DNS for VPN Domains only)
- Servers: 192.168.1.1 (the remote router)
- Domains: etob
- Ignore DNS settings sent by VPN server:
Code: Select all
FYI my local LAN router has IP 10.0.0.1, subnet mask is 255.255.0.0, domain local. So query is tying to be resolved against my regular router, and obviously fails.$ nslookup Foo.etob
Server: 10.0.0.1
Address: 10.0.0.1#53
** server can't find Foo.etob: NXDOMAIN
If I manually specific the target DNS server, then it works. However, I expected it to be picked up automatically given the .etob suffix.
Code: Select all
Indeed, 192.168.1.31 is the correct IP address for Foo.etob. Why isn't the DNS domain being picked up correctly?nslookup Foo.etob 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: Foo.etob
Address: 192.168.1.31
For more info, here's the output scutil --dns, which changes depending on whether or not I'm connected (which makes me think that it should work, and I don't understand why it doesn't)
Here is its output before connection:
Code: Select all
And after:DNS configuration
resolver #1
search domain[0] : local
nameserver[0] : 10.0.0.1
if_index : 4 (en0)
flags : Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : local
nameserver[0] : 10.0.0.1
if_index : 4 (en0)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
search domain[0] : local
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
if_index : 5 (en1)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
Code: Select all
DNS configuration
resolver #1
search domain[0] : etob
search domain[1] : local
nameserver[0] : 10.0.0.1
if_index : 4 (en0)
flags : Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
domain : etob
nameserver[0] : 192.168.1.1
if_index : 14 (vtap0)
flags : Supplemental, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
order : 101600
resolver #3
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #4
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #5
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #6
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #7
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #8
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : local
nameserver[0] : 10.0.0.1
if_index : 4 (en0)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
search domain[0] : local
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
if_index : 5 (en1)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
resolver #3
search domain[0] : etob
nameserver[0] : 192.168.1.1
if_index : 14 (vtap0)
flags : Scoped, Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)