VPN / DNS Issues With macOS Ventura

Don't get me wrong, I love the Apple hardware, but we just had three M1s dying on us within 9 months, all three had to get the logicboard replaced. In another thread here I was told this was "normal" as the M1s are relatively new and if Apple fixes them under warranty, it's all you can expect and we should be happy.

So...

Oh, sorry about that. All the – I think in total about eight – 13" M1 we have in use at work has been fine so far. been in used for two years soon. Have a few M1 Max machines too and all also fine as of yet. Which M1 machine do you have? I guess there are always a certain amount that experience trouble, but that it is common with motherboard issues on them was new info to me.

Any news? I'm thinking if there are ”no issues” after removing Jamf it's likely soved since this is a problem that is not intermittent.

But then again I wonder why it worked fine in Monterey with Jamf.

In my case, when I contacted support they told me they don't provide any support whatsoever when VPN is involved and just sent me away. It doesn't matter that VPN is not an issue. "VPN in use?" == "we don't care".

star-affinity's open ticket is giving me some hope :-)

With all due respect, @nvssm, your issue is different from what is being discussed here. In our case, DNS resolution works both with and without VPN, except that at some point, Apple starts using the DNS servers provided by the outside connection (WiFi, ethernet, etc.) instead of the ones provide by the VPN which breaks resolution of names for internal hosts.

NickTK wrote:

The same problem, macOS 13.5, no one checked by chance, maybe they fixed it in Sonoma?

If they have, no one here would be able to comment on it. Discussing beta software is prohibited by the Apple Support Communities Use Agreement - Apple Community

Some dns servers encrypt their conversations, like 1.1.1.1. Some non-encrypted dns servers do not so it is all readable to whomever. Maybe when one selects do not track or limit IP tracking macos will prefer encrypted dns conversations and override using a local non-encrypted dns server because of the limit IP tracking request.

I have the solution - but you won't like it.

Background

I have an Apple macOS laptop alongside Microsoft Windows laptop.

Both macOS and Windows connect to the tunnel and work.

Windows will attempt using the VPN's DNS first, then if that fails, falls back to the next resovler (which is usually just internet).

macOS recognizes the VPN's DNS resolver - it just won't use it.

I've seen countless posts from so many forums of people second guessing themselves and their skills, when really it's the Apple macOS that is the problem. They simple don't offer the solutions that Microsoft do - they are simply non-existent. Sure - they give you the option of putting in your own DNS server to use - they just won't use it. This must be by design, because it's hard to imagine the bug is this serious and so pervasive. This is why people go crazy wondering 'why isn't it working?'

YOU are not going crazy, because the behavior you expect and want, is perfectly available and working on a Microsoft Windows laptop. THAT is the solution! I'm running both side-by-side - macOS is THE problem.

ps.

I repaired and programmed Apple computers from 1988 to the early '90's and it's very surprising to me how little the computers have changed over the years compared to Microsoft. Honestly, I just use them for their light-weight and battery life, I'm seriously considering installing windows on my mac. Hmmm...

Just a quick update; my Mac has an Intel CPU so I used BootCamp to install Windows 10 on it - and honestly wish I had done so earlier. I feel like I have a brand new modern laptop, with awesome battery life! I was so impressed I converted my wife’s too (at her request), and one of my best mates is upset because he doesn’t have the Intel CPU in his MacBook Air. Best of luck everyone.

And if 1.1.1.1 is the secondary in the /etc/resolver file, the behavior is again failure...

Wondering if anyone testing 13.1 has noted this being fixed or not?

I've upgraded to 13.1 today as well, still an issue for me.

Why would anyone want to use a VPN with a public DNS? Doesn't that kind of defeat the purpose?

Moreover, you want to use company DNS only while connected to VPN but still have a fallback for when it's not reachable.

This must be just your specific use case.

In my case, both basic tools (like e.g. ssh/ping) and Chrome browser don't resolve properly despite nslookup returning the correct values.