Introduction
I was having an issue with DNS whilst uding my VPN and the only way I was able to solve it was by forcing my machine to use specific nameservers for a domain. In this example I was able to use nslookup
and host
to resolve the private IP of one of my MSSQL instances in Azure as it does a DNS lookup using the configured DNS servers the VPN sets. Unfortunately ping and other tools like sqlcmd, curl etc they were using a different resolver, meaning it was resolving to the public IP address and failing as public access was disable and only traffic going to the private endpoint was allowed.
Troubleshooting
From my knowledge there are four main ways a mac will do DNS resolution
- Hosts File: Your computer first checks its /etc/hosts file. This is a local file where you can manually define static mappings between hostnames and IP addresses.
- DNS Cache: Both ping and nslookup often check a local DNS cache. This speeds up repeat lookups by keeping recently resolved names in memory.
- System Resolver: This is the core part where paths slightly diverge:
- nslookup: It defaults to directly interacting with the DNS servers defined in your system’s network configuration.
- ping: Pings uses a more generic system resolver that prioritizes efficiency. This resolver generally consults your configured DNS servers but might also take into account entries from /etc/hosts and even locally cached results, depending on OS implementation. 4.External DNS Servers: If information’s missing locally, both tools eventually query external DNS servers. Recursive resolving happens as needed depending on the DNS servers involved.
I tried various things, flushing cache, playing with the DNS config on my mac. But then I came across a tool called scutil
and started to dig into the issue with that.
The fix
Create a new directory inside the /etc
folder called resolver
mdir /etc/resolver
Add a file with the domain you want to force to your custom DNS server, mine was windows.net
so that is what the file was called.
Inside the file I added the following:
nameserver 10.10.1.4
nameserver 1.1.1.1
I added 1.1.1.1
just so there was something to fall back on. 10.10.1.4
was my custom DNS server.
I then took the precaution of flush my DNS cache:
sudo killall -HUP mDNSResponder;sudo killall mDNSResponderHelper;sudo dscacheutil -flushcache
After these steps I was able to connect to my VPN and use sqlcmd, ping, curl etc to connect to my SQL instance over the private network.
Conclusion
This seems to have sorted out my issue, there may be a way to fixing it properly, but just in case this helps someone I thought I would share :)