VPN / DNS Issues With macOS Ventura

I haven't had issues since removing Jamf, but my issue was always very intermittent

Another colleague who reports their issue is more persistent may be taking the same steps as me shortly so that would be a more reliable test

FYI, this is not just Jamf related, but any MDM software

...And since Private Relay only works with Safari, I can also confirm that DNS resolution succeeds using Chrome through VPN (fails with Safari w/ Private Relay on & VPN).

Got the same problem with company open vpn service. After a while DNS just stops working and you need to restart the vpn client. Before the os ventura update everything was just running fine. There is a thread in open vpn forum also https://groups.google.com/g/tunnelblick-discuss/c/CpusBhU7Ob8

For me resolving via dig still works but nslookup not.

I love how Apple broke it but the entire world has to fix it.

And while providing no public redundant DNS servers can fix internal located Ventura computers - it cannot fix the VPN connected Ventura computers. The end user's Ventura Mac will always have public DNS servers available to them through their internet connection. And Ventura likes to use those public DNS servers before the VPN connected DNS servers.

What issue? Everything is working as expected/designed. <sarcasm off/>

Seriously, don't expect them to resolve this at all. We've resorted to fixing DNS to a nameserver behind the VPN and force the VPN connection on login.

I updated one of our Mac Books to 13.1 and so far, I have not been experiencing the same issues. Initially it seems as though the issue has been fixed.

Along with what abitgroggy said you might try using the Open DNS servers:

208.67.222.222

208.67.220.220

In that case you just confirmed the "workaround". The issue we're all facing is exactly that, as soon as you have a non-private DNS in your config, you hit that bug (if I'm allowed to call it that).

So, good for you, you don't really seem to need that, but for others who have a reason to configure their network like that, we're pretty much lost.

FWIW after a few days of problem free use, DNS issues have reappeared after updating to 13.2 (from 13.1) and now we have no public DNS server listed in our DHCP options, so the only DNS should be private

I am able to `nslookup` or `dig` a hostname, but when I try to curl I get a host cannot be found error

I have raised this with the support team of our VPN provider to see if they can suggest anything else, I will try to update this thread if I get anything useful back

I can add that this DNS problem is not only related to VPN. Happens also on Wi-Fi and Ethernet when the (more than one?) DNS is provided via DHCP.

For example when using Safari I can load a web page that requiers our (my company’s) custom DNS and it works the first time, but if I reload the page it can't reach the page (as if ignoring the custom DNS) and a second reload makes it load again – so it works every other time(!).

The behavior is different in Chrome and Firefox. It's all pretty confusing.

In Monterey it all works as expected I think.

I spoke to Apple Enterprise Support on March 14 and gave them as much information regarding this issue as I possibly could. Logs, screen captures, demonstrations of the issue. I shared them support forum posts, reddit posts, MacRumors posts, VPN company support forum posts (including from major security vendors like FortiNet).

And yet, some how 2 weeks later they still "were not aware of an issue."

This tells me that Apple did nothing with everything I gave them because they don't care.

ge-apple wrote:

I spoke to Apple Enterprise Support on March 14 and gave them as much information regarding this issue as I possibly could. Logs, screen captures, demonstrations of the issue. I shared them support forum posts, reddit posts, MacRumors posts, VPN company support forum posts (including from major security vendors like FortiNet).

And yet, some how 2 weeks later they still "were not aware of an issue."

This tells me that Apple did nothing with everything I gave them because they don't care.

Perhaps there is another explanation. I'm sure that Apple doesn't care about support forum posts, reddit posts, MacRumors posts, or VPN company support forum posts. Mention any of that and your report goes straight to the bit-bucket, as it should.

If you had specific information about your own experiences, such as logs, screen captures, and demonstrations, then they will pay attention to that. But I strongly suggest you limit the information you provide to your own experiences. If it sounds like you did your own "internet research", that's another one-way trip to the bit-bucket. People with jobs have no time for the internet.

Finally, and most importantly, this thread is 5 pages long. It was started in October of last year. Early posts consisted of people complaining that their VPNs were functioning correctly. Since then, it's become a dumping ground for any random complaints about DNS, mostly in an enterprise context, which can be really complicated. Any statements that anyone could make about "this issue" are self-evidently invalid. There are multiple issues. Some are totally invalid. Some are obviously related to configuration problems. To expect Apple to do anything, in two weeks no less, is completely outside the bounds of reality.

There is a good chance that whatever problems you are experiencing are, in fact, configuration problems. If you start your own thread discussion your own specific problem, then people will help you resolve it. This thread is the bit-bucket, the sewer of the Apple Support communities. You can contribute as much content as you want. Just don't expect anyone to drink from it. The only meaningful responses you will get are replies like this, suggesting that you leave the sewer if you want to get help.

Early posts consisted of people complaining that their VPNs were functioning correctly. Since then, it's become a dumping ground for any random complaints about DNS, mostly in an enterprise context, which can be really complicated.

An important thing to remember is that this is a change in behavior from Monterey to Ventura with no other external changes.

The same via DHCP deployed DNS settings behaves differently in Ventura compared to Monterey whether VPN is involved or not.

Guys, I don't know why VPN is involved here - I'm having the problem with just DNS on a new Mac Mini that came with Ventura installed (so I can't downgrade).

DNS resolution doesn't work but I can ping addresses (including DNS servers such as 1.1.1.1 or 8.8.8.8) and as others noted, dig is able to resolve domain names.

For a while, I was able to solve this by killing the mDNSResponder and helper but after the most recent Ventura update, even that only worked sometimes.

No problems with any other Mac, Windows or Linux box on my LAN

Hi guys,

I still have similar issues with Sonoma 14.4.1. on Macbooks 18,2.

However, I only added 3 internal DNS servers and 3 internal search domains in the wired and Wi-Fi network configurations. We aren't using any external DNS servers, so the workarounds in this thread aren't solutions for us. And like others mentioned, all worked fine in previous macOS version (Monterey, Big Sur, Mojave, High Sierra...).

Another annoying fact about Ventura/Sonoma, you can't enable Apple Remote Desktop with scripts using MDM. You can only enable it directly on the computer.

Que Apple sera, sera.