VPN / DNS Issues With macOS Ventura

weakcamelsm wrote:

And one more piece of information: I've just tried contacting Apple support. As soon as they heard the problem is only visible when connected to the VPN, they said it's not something they can help me with; to quote them: "if you disconnect from the VPN and everything works fine, there's nothing we can do for you".

Then you can ask them why it works fine in macOS Monterey but not in macOS Ventura (as of the current version)?

I just tried yesterday with Monterey 12.6.3 and it was fine, but in Venture 13.2 it's not – the main DNS that gets propagated when connected to the VPN isn't used despite it being listed (when the VPN is connected) as a DNS server to use in:

System Settings -> VPN -> Your Connection -> info-button (i with a circle) -> DNS -> DNS Servers

If I manually add the DNS I want to use (+ button) it works fine. This this isn't needed in macOS Monterey where it works as expected.

> Then you can ask them why it works fine in macOS Monterey but not in macOS Ventura (as of the current version)?

Oh, I did of course. And mentioned that Linux and Windows have no issues whatsoever either. They were adamant that if it's anything to do with VPN - they just don't care in the slightest, it's not their problem.

You probably missed the most important point:

Apple does not make any mistakes. Full stop.

If it doesn't work, you're not using it correctly.

<sarcasm off> ;)

That's the reason we've dumped our M1 Max Macs and are now working with Linux on HP hardware.

We've spent too many hours finding workarounds for not-bugs in MacOS or hardware failures lately, it's getting too expensive.

Intersting. Hardware seems fine I think. Not many software issues for me either. But I do agree with you that some ”high level” people here seem to think it’s never a problem on Apple’s side, which in this case it seems pretty clear to be.

I will investigate more and report it to Apple via other channels. Maybe macOS 13.3 has something in store when it comes to this…

Don't get me wrong, I love the Apple hardware, but we just had three M1s dying on us within 9 months, all three had to get the logicboard replaced. In another thread here I was told this was "normal" as the M1s are relatively new and if Apple fixes them under warranty, it's all you can expect and we should be happy.

So...

FWIW after a few days of problem free use, DNS issues have reappeared after updating to 13.2 (from 13.1) and now we have no public DNS server listed in our DHCP options, so the only DNS should be private

I am able to `nslookup` or `dig` a hostname, but when I try to curl I get a host cannot be found error

I have raised this with the support team of our VPN provider to see if they can suggest anything else, I will try to update this thread if I get anything useful back

Oh, sorry about that. All the – I think in total about eight – 13" M1 we have in use at work has been fine so far. been in used for two years soon. Have a few M1 Max machines too and all also fine as of yet. Which M1 machine do you have? I guess there are always a certain amount that experience trouble, but that it is common with motherboard issues on them was new info to me.

Same issue here, MacOS 13.2.1, Fortinet VPN Client 7.2, the resolv.conf file just minutes after VPN connection is overwritten by previous version, cutting of DNS access. It is affecting all people in my company. If goes for months, Apple is reluctant to provide any fix.

Our VPN provider has suggested the issue might be related to our MDM software (in our case Jamf) and I have removed it from my laptop to try to see if I can reproduce the issue still (no issues yet, but it's early days)

I can add that this DNS problem is not only related to VPN. Happens also on Wi-Fi and Ethernet when the (more than one?) DNS is provided via DHCP.

For example when using Safari I can load a web page that requiers our (my company’s) custom DNS and it works the first time, but if I reload the page it can't reach the page (as if ignoring the custom DNS) and a second reload makes it load again – so it works every other time(!).

The behavior is different in Chrome and Firefox. It's all pretty confusing.

In Monterey it all works as expected I think.

Any news? I'm thinking if there are ”no issues” after removing Jamf it's likely soved since this is a problem that is not intermittent.

But then again I wonder why it worked fine in Monterey with Jamf.

I haven't had issues since removing Jamf, but my issue was always very intermittent

Another colleague who reports their issue is more persistent may be taking the same steps as me shortly so that would be a more reliable test

FYI, this is not just Jamf related, but any MDM software

Got the same problem with company open vpn service. After a while DNS just stops working and you need to restart the vpn client. Before the os ventura update everything was just running fine. There is a thread in open vpn forum also https://groups.google.com/g/tunnelblick-discuss/c/CpusBhU7Ob8

For me resolving via dig still works but nslookup not.

We are having a similar issue.

It seems like macOS Ventura (13.3) isn't respecting DNS order. It was choosing our Open DNS server.

This was placed last in the DNS list however it seems that macOS Ventura is choosing that over the others listed.

We identified there was an issue with our Open DNS server but it being listed last why was Ventura using it 1st?

We removed that entry for now until we solve the problem with Open DNS.

In my case, when I contacted support they told me they don't provide any support whatsoever when VPN is involved and just sent me away. It doesn't matter that VPN is not an issue. "VPN in use?" == "we don't care".

star-affinity's open ticket is giving me some hope :-)