Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: NDchemE
NDchemE Author
User level: Level 1
30 points

Why doesn't VPN DNS override adapter DNS?

There are DNS servers that help me get around my work network. But when I'm away from the office I only want to use these DNS servers if I'm connected to VPN, else I want to pick up the default DNS.


There's an option to configure DNS addresses for VPN connections. However, these never get used as far as I can tell. As long as the DNS server I want to use is missing from my adapter's (e.g. wifi or ethernet) DNS settings, I will not ever see the machines whose addresses are resolved by my work network's DNS.


I've seen this reported other places but no solution. Is it possible that this could be fixed in a future update? As for now, I have to switch "locations" (i.e. Apple menu --> Location) instead of having one setting that works everywhere. That, or use IP addresses instead of computer names.


Alternatively, I'd like the DNS servers that I add manually to be *in addition* to the servers that are picked up automatically. Right now, if I add my work DNS, then I also have to add a public DNS just to get to the internet when outside of work. I'd like to add my work DNS to my ISP or home network's DNS.

MacBook Pro with Retina display, OS X Mountain Lion (10.8.3)

Posted on Jun 2, 2013 8:04 PM

Reply
5 replies
User profile for user: Tim Kimpton
Tim Kimpton
User level: Level 1
30 points

Jun 2, 2013 11:36 PM in response to NDchemE

The problem is when switching between networks the last Dns server are cached.


For example say my works dns is 10.10.10.1 and 10.10.10.2. If u go home and connect to my wifi they should no longer be there and visible in the Network preference pane but they are.


The only way is to have different locations set or to do it from the command line


networksetup -setdnsservers "Built-in Ethernet" "Empty"


https://discussions.apple.com/thread/377247?start=0&tstart=0

Reply
User profile for user: etresoft
etresoft
User level: Level 8
46,312 points

Jun 3, 2013 3:50 AM in response to NDchemE

What you are describing is pretty basic VPN operation. It is a pretty basic networking operation. When you connect to a new network and that network does not automatically setup the proper DNS servers, then it is misconfigured. I can't comment on Windows PCs I haven't seen. I have used VPNs for years and have never had to hack around on DNS servers. I have had to hack around on search domains because the VPN settings override everything, as they are supposed to do.

Reply
User profile for user: tkacvins
tkacvins
User level: Level 1
0 points

Feb 11, 2016 11:25 AM in response to etresoft

I agree the VPN concentrator should do a DNS push with the right name servers, etc... That said, I thought manually specifying the DNS services in the advanced configuration for the Mac OS X native Cisco IPSec VPN connection would circumvent our concentrator not pushing the right DNS entries. Am I not understanding what these DNS entries should do? Or is there potentially a problem with a misconfigured DNS push overriding what I manually specified? Any clarication as to wht the adanced settings are supposed to do would be greatly appreciated.


Another data point is Cisco's client (which I would rather not use) honors the DNS push. IS this a bug in Apple's software, or is it the case Apple's software is correct and has flushed out a misconfiguration in the Cisco concentrator?


Mac OS X 10.11.3

MacBook Pro (Retina, 15-inch, Mid 2014)

Reply

Why doesn't VPN DNS override adapter DNS?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up