DNS not working on OSX Mavericks

Geir Helland gh at helland-konsult.com
Thu Sep 4 05:06:13 PDT 2014 

3. sep. 2014 kl. 21:15 skrev James Ward <James_Ward at Yahoo.COM>:

> I have a rather complex set of VPN needs and google queries led me
> here.  I routinely need to connect to 3 or more VPNs simultaneously.
> Additionally, I need DNS queries to be answered from servers on the
> appropriate VPN.  In Linux, I solved this by installing bind9 with
> a custom config, removing resolvconf, pointing resolv.conf to
> localhost and making it immutable.
> 
> Is there a better way?

In OS X you can add multiple DNS client configurations in
«/etc/resolver/» to solve this.

From the «resolver(5)» man page:

     Mac OS X uses a DNS search strategy that supports multiple DNS
     client configurations.  Each DNS client has its own set of
     nameserver addresses and its own set of operational parameters.
     Each client can perform DNS queries and searches independent of
     other clients.  Each client has a symbolic name which is of the
     same for- mat as a domain name, e.g. "apple.com".  A special
     meta-client, known as the "Super" DNS client acts as a router for
     DNS queries.  The Super client chooses among all available
     clients by finding a best match between the domain name given in
     a query and the names of all known clients.

     Queries for qualified names are sent using a client configuration
     that best matches the domain name given in the query.  For
     example, if there is a client named "apple.com", a search for
     "www.apple.com" would use the resolver configuration specified
     for that client.  The matching algorithm chooses the client with
     the maximum number of matching domain components.  For example,
     if there are clients named "a.b.c", and "b.c", a search for
     "x.a.b.c" would use the "a.b.c" resolver configuration, while a
     search for "x.y.b.c" would use the "b.c" client.  If there are no
     matches, the configuration settings in the default client,
     generally corresponding to the /etc/resolv.conf file or to the
     "primary" DNS configuration on the system are used for the query.

I work with VPNs to numerous datacenters which all use different
internal *.local and *.intra domain names. For the resolving to work,
all i had to do was add one dns client config pr. domain:

     cat /etc/resolver/foo.local
     nameserver 10.10.x.y
     nameserver 10.10.x.z

     cat /etc/resolver/bar.intra
     nameserver 10.215.x.y
     nameserver 10.215.x.z

If you want to use this with split-horizon-dns for actual domains, you
will need to have the vpnc script juggle these DNS client
configuration files as VPNs go up/down, and possibly restart the DNS
meta client.

Regards,
-- 
Geir Helland

More information about the openconnect-devel mailing list