User profile for user: sieversjr
sieversjr Author
User level: Level 1
11 points

macOS Monterey 12.3 - VPN split tunnel DNS domain suffix not resolving properly

Using the latest Cisco AnyConnect VPN to connect to site providing split tunnel with dns domain suffix mapping and appears that local DNS resolution is not sending traffic through the vpn tunnel properly as local DNS resolution from Terminal Ping or from Browser URL keeps failing however, commands such as DIG or NSLOOKUP return the proper data.


Problem has been verified happening on both M1 Max and Intel machines running same version of 12.3 and you can confirm the updated DNS Server and domain suffix are appearing alongside the pre-existing settings prior to VPN. VPN is setup to permit local access.


Also verified that in versions prior to 12.3, the problem with the same M1 Max and Intel equipment and version of the Cisco AnyConnect VPN do not have the issue. A workaround has been implemented by adding local entries within the /etc/hosts file on both systems which overcomes the issue for Terminal Ping or Browser URL.


Feedback assistant has been utilized to report, take log captures, etc. but no resolution to this issue has yet appeared at this time.

MacBook Pro

Posted on Mar 22, 2022 11:08 PM

Reply

Similar questions

7 replies
User profile for user: OldToad
OldToad
User level: Level 2
445 points

Mar 25, 2022 11:45 AM in response to AlexaOttawa

Have you contacted your employer's IT team or Cisco? They should be more familiar with the issue than the few users here who might use Cisco.


May I make a suggestion for future reference:


Get an external SSD (I use a bare SSD from OWC and a SATA to USB adaptor)



clone your system to it with Carbon Copy Cloner and update/upgrade it and run it first before updating/grading your internal SSD. This way you can check to make sure all of your important apps and services are compatible with the update/grade before committing on your internal drive.

Reply
User profile for user: sieversjr
sieversjr Author
User level: Level 1
11 points

Mar 23, 2022 1:56 PM in response to BobTheFisherman

VPN client and server configurations have not changed - only the update to macOS 12.3 was applied and then this problem started to occur. It's a new issue and not sure if it is macOS 12.3 or some kind of incompatibility that was introduced with the existing VPN client.


Thanks for the feedback was just looking to see if anyone else has experienced a similar issue or found a method to overcome. Best I could do was to override specific items using /etc/hosts


Reply
User profile for user: OldToad
OldToad
User level: Level 2
445 points

Mar 25, 2022 10:28 AM in response to sieversjr

I don't know what you're using the VPN for but here's some food for thought: unless you're using a true VPN tunnel, such as between you and your employer, school or bank's servers, they are useless from a privacy standpoint.  Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

macOS Monterey 12.3 - VPN split tunnel DNS domain suffix not resolving properly

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up