DNS not working on OSX Mavericks

James Ward James_Ward at Yahoo.COM
Wed Sep 3 12:15:21 PDT 2014 

David Woodhouse <dwmw2 <at> infradead.org> writes:

> 
> On Thu, 2014-07-03 at 16:52 +0100, Burton, Ross wrote:
> > On 3 July 2014 11:42, David Woodhouse <dwmw2 <at> infradead.org> wrote:
> > > Hm, odd. Did you ever come up with a coherent solution to this?
> > > Arguably, it's OK to do something which "breaks split DNS" in the case
> > > when you weren't using split DNS, so we could make that line
> > > conditional. But isn't DNS still going to be broken in the 'split' case,
> > > and never give you answers for hosts on the VPN?
> > 
> > My coherent solution is currently to use my other Linux or Windows
> > machines, depending on what bit of the VPN I need to access, and will
> > be installing the commercial VPN tools along with numerous other
> > "approved" applications soon...
> > 
> > I considered filing a bug but as I wasn't actually using vpnc, I can
> > see it being ignored.
> 
> There's an openconnect port too, and the use cases are identical so I'm
> fairly sure it'll bite vpnc users too.
> 


Hi,

I have a rather complex set of VPN needs and google queries led me
here.  I routinely need to connect to 3 or more VPNs simultaneously.
Additionally, I need DNS queries to be answered from servers on the
appropriate VPN.  In Linux, I solved this by installing bind9 with
a custom config, removing resolvconf, pointing resolv.conf to
localhost and making it immutable.

Is there a better way?

I downloaded the above linked version of vpnc-script and according
to scutil, it looks like it's doing the right thing?  I see DNS
servers for the various VPNs, but fail to resolve.  For example:

Wards-MacBook-Pro:tmp jeward$ ps -ef|grep vpn
    0   107     1   0 10:28AM ??         2:36.88
    /opt/cisco/anyconnect/bin/vpnagentd -execv_instance 0 18108
    1   0 11:56AM ??         0:00.05 vpnc core

DNS configuration

resolver #1
  search domain[0] : ibm.com search domain[1] : lotus.com search
  domain[2] : s81c.com search domain[3] : ibmmodules.com search
  domain[4] : coremetrics.com nameserver[0] : 10.0.1.1 if_index :
  4 (en0) flags    : Request A records reach    : Reachable,Directly
  Reachable Address

resolver #2
  domain   : coremetrics.com nameserver[0] : 10.4.200.11 nameserver[1]
  : 10.4.200.10 flags    : Request A records reach    : Reachable
  order    : 100800

Wards-MacBook-Pro:tmp jeward$ host infmgt1.prod.coremetrics.com
Host infmgt1.prod.coremetrics.com not found: 3(NXDOMAIN)

If I specify the appropriate DNS server, it resolves:

Wards-MacBook-Pro:tmp jeward$ host infmgt1.prod.coremetrics.com
Host infmgt1.prod.coremetrics.com not found: 3(NXDOMAIN)
Wards-MacBook-Pro:tmp jeward$ nslookup infmgt1.mgt 10.4.200.11
Server:         10.4.200.11 Address:        10.4.200.11#53

Name:   infmgt1.mgt.coremetrics.com Address: 10.4.200.10

It seems I'm very close...  Any help?

Thanks in advance,

James

More information about the openconnect-devel mailing list