VPN app dns resolution not working in split dns-split tunneling when 8.8.8.8 is configured as a vpn dns server

App & System Services Networking
Neenj OP
Created 1d
Replies 2
Boosts 0
Views 60
Participants 2

I have the following scenario in my VPN app.

When app is configured with split tunneling, the vpn dns nameservers are defined in /etc/resolver/example.com (example.com is the domain to be resolved through tunnel) and secondary vpn dns server is configured as 8.8.8.8 (google public dns server) and primary as 3.92.179.203.

With the following configuration the dns request are not routed through the tunnel, when I try to ping example.com it does not use 3.92.179.203. Explicit routes are added in the routing table to route the traffic to 3.92.179.203 via VPN interface.

It used to work on older macOS versions 12.6 from 14.4 it seems broken system behaves differently when 8.8.8.8 is defined as a vpn nameserver. DNS requests does not go through tunnel it is resolved outside tunnel.

If I use 9.9.9.9 or 1.1.1.1 or anyother nameserver other than 8.8.8.8 then it all works correctly.

Replies  2
Boosts  0
Views  60
Participants  2
DTS Engineer OP
Apple
4h

the vpn dns nameservers are defined in /etc/resolver/example.com

Huh?

Is your VPN app based on a Network Extension provider? Or some sort of legacy technique?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Neenj OP
4h

It does not use Network Extension provider it uses utun interface socket bsd implementation.

And one more update the issue happens only on arm devices. Not on x86. If we set 8.8.8.8 as vpn nameserver on arm devices then traffic is routed outside the tunnel for split dns domain.

0
VPN app dns resolution not working in split dns-split tunneling when 8.8.8.8 is configured as a vpn dns server
First post date Last post date
 
 
Q