openconnect on MacOS X Sierra DNS name resolution

[Matt Kowske]

Hi all,

Been scouring the net for hours now trying to figure out why
openconnect is not working correctly for me on MacOS Sierra 10.12.4.
What I’ve gathered is that MacOS uses a different method for DNS
resolution so this creates some issues. On my linux box it works
great… I connect to my work VPN and DNS resolution works for both
intranet and internet addresses.

On mac, I can only resolve DNS for internet addresses and intranet
addresses in a particular domain that is specified (mdco) .. anything
outside of that, like the company intranet page, which is not an mdco
address, will not resolve with standard utilities (works with stuff
that still uses resolv.conf though).

I was led to this post from 2014:

http://lists.infradead.org/pipermail/openconnect-devel/2014-April/001860.html

The solution there is to uncomment a line of code in the vpnc-script
file. It looks like this has already been done in the latest
vpnc-script. I played around with a few other things but could not get
a fix. After connecting my “scutil —-dns” output looks like the below.
I think this is the core of the problem. My first DNS resolver is my
local router 192.168.1.1 when it should be the company DNS which
starts with 10.234. I’ve put xxx’s in some places of the actual
address. I would appreciate any help, thanks.

DNS configuration

resolver #1
search domain[0] : mdco.company.org(http://mdco.company.org/)
nameserver[0] : 192.168.1.1
flags : Request A records
reach : Reachable, Directly Reachable Address

resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records
reach : Not Reachable
order : 300000

resolver #3
domain : mdco.company.org(http://mdco.company.org/)
nameserver[0] : 10.234.xx.xxx
nameserver[1] : 10.234.xx.xxx
flags : Supplemental, Request A records
reach : Reachable
order : 101800