You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Hi,
after upgrading my macbook to OSX 13.0 it stopped resolving addresses from vpn-ed network. "dig" is showing properly the A record but a simple ping informs that cannot resolve: an unknown host.
From logs ppp.log I can see that:
460 Wed Oct 26 20:00:27 2022 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
I'm pretty sure ms-dns1 and ms-dns3 should be my DNS addresses.
Plz, help.
Thanks
Dariusz
MacBook Pro 14″, macOS 13.0
I found this to be the case also. I configure the vpn to hand out our internal DNS as primary, then 1.1.1.1 as secondary. If I remove the secondary then DNS lookups work correctly. Even on my home wifi where I have an internal DNS server for my home network, if I put a secondary of 1.1.1.1 then the dns lookup will ignore my primary DNS and use 1.1.1.1 for lookup.
Using host and dig returns the correct IP address when the secondary DNS is present. But comments I found indicate that host and dig do not resolve the same as Mac applications, so ping and others only resolve correctly if the secondary is removed. This appears to be a bug with Ventura DNS resolution, or it is by design and I have not found the setting that would allow for the primary to be used when a secondary (or more) is present. Still searching for the answer... but a work around is to present only the internal DNS servers to your VPN clients.
I found this to be the case also. I configure the vpn to hand out our internal DNS as primary, then 1.1.1.1 as secondary. If I remove the secondary then DNS lookups work correctly. Even on my home wifi where I have an internal DNS server for my home network, if I put a secondary of 1.1.1.1 then the dns lookup will ignore my primary DNS and use 1.1.1.1 for lookup.
Using host and dig returns the correct IP address when the secondary DNS is present. But comments I found indicate that host and dig do not resolve the same as Mac applications, so ping and others only resolve correctly if the secondary is removed. This appears to be a bug with Ventura DNS resolution, or it is by design and I have not found the setting that would allow for the primary to be used when a secondary (or more) is present. Still searching for the answer... but a work around is to present only the internal DNS servers to your VPN clients.
Here's some food for thought: unless you're using a true VPN tunnel, such as between you and your employer, school or bank's servers, they are useless from a privacy standpoint. Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites.
Using a VPN to access websites in other countries that are otherwise prohibited is a use for a VPN but don't expect the same privacy.
Here's some food for thought: unless you're using a true VPN tunnel, such as between you and your employer, school or bank's servers, they are useful from a privacy standpoint. Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites.
1.1.1.2 doesn't use DoH by default, you need to use https://security.cloudflare-dns.com/dns-query.
So I think you are right. I think Ventura is prioritizing secure DNS over unsecured servers: if you have a secondary DNS that *isn't* secured, then it will go to your primary, if the second *is* secured, and the primary isn't, then it uses that.
For most people, this is probably a good thing, but I wish it were better documented.
Found this thread after 5 days of frustration. My internal Windows DNS servers kept getting passed over for my secondary 8.8.8.8 settings for Office for MacOS. Removed 8.8.8.8 from the DHCP scope for now, but I know that's fixing the symptom, not the root cause.
Does anyone know if Apple is going to make this a changeable setting?
You might try using the Open DNS servers:
I have tested with other DNS resolvers and they work as secondary. Even 1.1.1.2. Something to do with DNS over HTTPS (DoH)?
I'm still waiting as well. I've got some internal DNS servers in the company and I need to use /etc/hosts anyway. That was a big bollox to make an upgrade.
VPN DNS issue
