Linux SysAdmin & DevOps

MacOS Sierra - dns resolver workaround IPSEC vpn connections

MacOS Sierra and MacOS High Sierra has some DNS issues when connected to my work VPN using a “Cisco IPSEC VPN“ connection, the DNS resolver is not working as expected.

And by that I mean that even if I have manually configured a specific DNS server for that connection, it seems that the OS will always use the default DNS servers of my Wi-Fi connection.

I did try to change the connection order as someone was suggesting on a forum but with no luck. I have deleted the VPN connection and re-created it. I have linked /etc/resolv.conf to /var/run/resolv.conf, also deleted /etc/resolv.conf completely but still no luck. The only way everything was working right was to manually add the DNS server(s) at the beginning of /etc/resolv.conf file.

In the end, after reading different opinions and posts I have managed to find a workaround (not sure if it’s the best solution but at least it works):

1) create a folder named resolver in /etc

mkdir /etc/resolver

2) go to that location

cd /etc/resolver

3) create specific entries for your behind VPN domains (in my case there is a local only .tld that we use for our company (like .abcd let’s say)

So I did create a file like /etc/resolver/abcd with the following contents:

nameserver private-dns-ip-1 nameserver private-dns-ip-2 domain abcd

Save that file, connect to the VPN and try pinging any of your hosts. It works like a charm. No more manually eding of /etc/hosts file for different hosts and servers.