For some unknown reason, on both Mac OSX Sierra and Mac OSX High Sierra, when connected to my work VPN using a “Cisco IPSEC VPN” connection, the DNS resolver is not working as expected. And by that I mean that even if I have manually configured a specific DNS server for that connection, it seems that the OS will always use the default DNS servers of my Wi-Fi connection.
I did try to change the connection order as someone was suggesting on a forum but with no luck. I have deleted the VPN connection and re-created it. I have linked /etc/resolv.conf to /var/run/resolv.conf, also deleted /etc/resolv.conf completely but still no luck. The only way everything was working right was to manually add the DNS server(s) at the beginning of /etc/resolv.conf file.
In the end, after reading different opinions and posts I have managed to find a workaround (not sure if it’s the best solution but at least it works):
1) create a folder named resolver in /etc
mkdir /etc/resolver
2) go to that location
cd /etc/resolver
3) create specific entries for your behind VPN domains (in my case there is a local only .tld that we use for our company (like .abcd let’s say)
So I did create a file like /etc/resolver/abcd with the following contents:
nameserver private-dns-ip-1 nameserver private-dns-ip-2 domain abcd
Save that file, connect to the VPN and try pinging any of your hosts. It works like a charm. No more manually eding of /etc/hosts file for different hosts and servers.