Problem Description
When using iCloud Private Relay (Limit IP address tracking) on macOS Sonoma, I'm experiencing a DNS resolving issue when simultaneously connected via OpenVPN. The system activates iCloud Private Relay instead of using the DNS servers provided by the VPN connection, resulting in incorrect IP address resolution.
Specific issues:
- When connected to my company VPN, the system ignores DNS servers set by the VPN connection
- When attempting to ping internal servers in the corporate network, I receive public IP addresses instead of internal corporate IP addresses
- These public IP addresses are not accessible from outside as some services are disabled for external access
- Tools like nslookup and dig correctly resolve internal addresses, but ping and regular applications use incorrect (public) IP addresses
- Access to local servers in the corporate network/subnet is problematic
Expected Behavior
I need the system to:
- Use DNS servers provided by the VPN connection for accessing internal corporate resources when connected via VPN
- Simultaneously maintain iCloud Private Relay protection for regular internet browsing while connected to VPN
Technical Details
Based on available information, the problem is likely caused by "iCloud Private Relay" inserting an additional DNS resolver that isn't visible through the scutil tool. Regular applications use macOS internal API for DNS resolving, while tools like dig and nslookup work differently.
According to Apple documentation, it should be possible to use custom DNS settings with iCloud Private Relay, but it doesn't seem to work properly with OpenVPN.
Temporary Solutions I've Tried
Some sources suggest:
- Disabling iCloud Private Relay (I don't want to lose privacy protection)
- Creating an /etc/resolver directory with configuration for specific domains
- Manually adding static routes for specific IP addresses
None of these solutions provide the ideal combination of VPN DNS functionality and privacy protection.
Request for Solution
Please implement a solution that allows:
- Prioritizing DNS servers provided by VPN connection for internal domains
- Maintaining iCloud Private Relay protection for other communications
- Ensuring consistent behavior of all applications during DNS resolving
Thank you for your help.
It looks like your goal here is to report a bug. If so, the path forward is Feedback Assistant. See Bug Reporting: How and Why? for further advice on that front.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"