DNS not working on OSX Mavericks
Burton, Ross
ross.burton at intel.com
Wed Apr 23 02:36:50 PDT 2014
On 22 April 2014 17:50, Kevin Cernekee <cernekee at gmail.com> wrote:
> Could you double-check to see if you're running the latest vpnc-script
> from here:
>
> http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script
There's a minor change to the v6 routing, but nothing major. Updated
anyway, no change.
> There is some logic in the script to run scutil on OSX to set up DNS.
> The first thing I'd try is running "scutil --dns" to dump out the
> current configuration.
Ah, this is interesting. /etc/resolv.conf lists the two VPN name
servers, but scutil --dns has this:
$ scutil --dns
DNS configuration
resolver #1
search domain[0] : ger.corp.intel.com
nameserver[0] : 192.168.1.1
nameserver[1] : 0.0.0.0
if_index : 8 (en3)
flags : Request A records
(this is my local network's DNS configuration from before the VPN came
up, surely this should have been removed)
resolver #2
domain : ger.corp.intel.com
nameserver[0] : 10.248.2.1
nameserver[1] : 163.33.253.76
flags : Request A records
reach : Reachable
order : 100600
(this is the VPN DNS configuration)
I'd guess that this list is being searched in order, so OSX is always
using my local DNS?
If I uncomment this scutil argument in vpnc-script then the VPN name
servers are always used:
# next line overrides the default gateway and breaks split routing
#d.add Router $INTERNAL_IP4_ADDRESS
With this, resolver #1 and #2 are identical with both having the VPN
nameservers. Is this related to the split networking? The relevant
variables from the vpn are:
CISCO_SPLIT_EXC=1
CISCO_SPLIT_EXC_0_ADDR=0.0.0.0
CISCO_SPLIT_EXC_0_MASK=255.255.255.255
CISCO_SPLIT_EXC_0_MASKLEN=32
Ross
More information about the openconnect-devel
mailing list