Introduction

I was having an issue with DNS whilst uding my VPN and the only way I was able to solve it was by forcing my machine to use specific nameservers for a domain. In this example I was able to use nslookup and host to resolve the private IP of one of my MSSQL instances in Azure as it does a DNS lookup using the configured DNS servers the VPN sets. Unfortunately ping and other tools like sqlcmd, curl etc they were using a different resolver, meaning it was resolving to the public IP address and failing as public access was disable and only traffic going to the private endpoint was allowed.

Troubleshooting

From my knowledge there are four main ways a mac will do DNS resolution

  1. Hosts File: Your computer first checks its /etc/hosts file. This is a local file where you can manually define static mappings between hostnames and IP addresses.
  2. DNS Cache: Both ping and nslookup often check a local DNS cache. This speeds up repeat lookups by keeping recently resolved names in memory.
  3. System Resolver: This is the core part where paths slightly diverge:
    • nslookup: It defaults to directly interacting with the DNS servers defined in your system’s network configuration.
    • ping: Pings uses a more generic system resolver that prioritizes efficiency. This resolver generally consults your configured DNS servers but might also take into account entries from /etc/hosts and even locally cached results, depending on OS implementation. 4.External DNS Servers: If information’s missing locally, both tools eventually query external DNS servers. Recursive resolving happens as needed depending on the DNS servers involved.

I tried various things, flushing cache, playing with the DNS config on my mac. But then I came across a tool called scutil and started to dig into the issue with that.

The fix

Create a new directory inside the /etc folder called resolver

mdir /etc/resolver

Add a file with the domain you want to force to your custom DNS server, mine was windows.net so that is what the file was called.

Inside the file I added the following:

nameserver 10.10.1.4
nameserver 1.1.1.1

I added 1.1.1.1 just so there was something to fall back on. 10.10.1.4 was my custom DNS server.

I then took the precaution of flush my DNS cache:

sudo killall -HUP mDNSResponder;sudo killall mDNSResponderHelper;sudo dscacheutil -flushcache

After these steps I was able to connect to my VPN and use sqlcmd, ping, curl etc to connect to my SQL instance over the private network.

Conclusion

This seems to have sorted out my issue, there may be a way to fixing it properly, but just in case this helps someone I thought I would share :)

Issue with DNS resolvers and VPN on a mac
Older post

Using depends_on in Terraform

Using depends_on in Terraform