Selectively routing traffic via ethernet or wifi, with proper DNS (Mac OS X 10.6)

When I'm at work, I access various intranet pages as well as the wider Internet through ethernet. However, the company LAN blocks some ports (e.g. Google Calendar). I can get to those through WiFi. So, I gave the Airport priority, and then using route add, I set up selective routing: all intranet traffic goes through the ethernet and everything else via WiFi: sudo route add 10.0.0.0/8 <intranet gateway>.

However, there are a number of intranet sites that have their own DNS; i.e., hr.company.com only resolves on the intranet. The only way that I can get the DNS to work properly is to add the internal DNS server to the Airport DNS listing, however I fear that when I go elsewhere and forget, this will break things.

What's the right way to get the DNS to resolve using this setup?

Dan

Posted 2010-07-22T17:52:50.383

Reputation: 227

Is it also possible to send all ssh traffic over wifi? – BTR Naidu – 2016-06-10T14:56:31.987

Answers

Your situation is a fairly common one in large organisations. In this situation, you should use a Proxy Configuration File (set this in System Preferences > Network > Advanced... > Proxies > Automatic Proxy Configuration).

You'll have to create your own PAC file and host it somewhere but it's fairly simple Javascript and Wikipedia has a few examples: http://en.wikipedia.org/wiki/Proxy_auto-config

Another thing you may have to add is a setting in System Preferences > Network > Advanced... > DNS. You can add a DNS server here to manually add the domain in here.

You can also set these configurations per-location by adding Locations in the System Preferences > Network > Locator combobox.

Mike McQuaid

Posted 2010-07-22T17:52:50.383

Reputation: 3 639

1Looks like Locations is the right thing - I have to manually add a DNS server regardless. – Dan – 2010-07-28T22:52:08.670

i finally found a solution to my and dan's problem: dns servers can be cleanly managed on a per-domain basis using the built in resolve functionality. just provide file(s) /etc/resolver/domain.com to specify valid nameservers for that domain using the terminal.

http://blog.scottlowe.org/2013/08/14/using-your-home-dns-servers-with-corporate-vpns/

hauns

Posted 2010-07-22T17:52:50.383

Reputation: 19

Wow it really did the trick. However tools that use their own DNS resolution like dig don't use this file, but this is usually not a problem. – Brice – 2017-05-29T10:58:23.837

-1

since i am not allowed to comment i have to add another answer.

mike's pac file solution has one catch though: in my understanding pac files need to be hosted on a server as they are accessed via an url. unless you have access to a server or turn your own computer into a server, this is generally not easy to do.

hauns

Posted 2010-07-22T17:52:50.383

Reputation: 19

If you cannot comment then you should refrain from submitting a comment entirely until you have earned the privilege of doing so. – Ramhound – 2017-10-19T14:29:23.787

i believe to have made a viable followup comment on the subject. shutting up is your suggested solution? up/down votes should be reserved judging technical merit not for personal hostilities. – hauns – 2017-10-19T16:01:41.147

I issued a downvote because you submitted a comment as an answer to a question. I have absolutely no hostilities towards you, my vote has nothing to do with anything, except the fact I don't find comments submitted as an answer to a question to be helpful. My first comment was an attempt, perhaps failed attempt, to explain that you should refrain from submitting comments as an answer to a question. Answers should only be used to answer the question, which you have already done, in your existing answer. – Ramhound – 2017-10-19T16:04:25.383

I should add that anything that isn't an answer submitted as an answer is likely to be deleted by the community. You don't want the community to delete answers that you submit. If i have offended you in any way, then I apologize, but commentary shouldn't be submitted as an answer. – Ramhound – 2017-10-19T16:07:04.647