DNS search suffix not working anymore on Mac osx

1

DNS resolution just has stopped working when connecting to our corporate VPN via openvpn using tunnelblick.

When I connect to the vpn the following (examplified) DNS settings are set:

james@macbook:~$ cat /etc/resolv.conf
#
# Mac OS X Notice
#
# This file is not used by the host name and address resolution
# or the DNS query routing mechanisms used by most processes on
# this Mac OS X system.
#
# This file is automatically generated.
#
search intra.example.com
nameserver 10.181.0.222
nameserver 192.168.0.1

Resolving a hostname with its FQDN works:

james@macbook:~$ dig somehost.intra.example.com +noall +answer

; <<>> DiG 9.8.3-P1 <<>> somehost.intra.example.com +noall +answer
;; global options: +cmd
somehost.intra.example.com. 3600 IN A   10.182.1.37

But although the search suffix intra.example.com is set in the DNS settings, the host cannot be resolved with just the hostname:

james@macbook:~$ dig somehost +noall +answer

; <<>> DiG 9.8.3-P1 <<>> somehost +noall +answer
;; global options: +cmd

The DNS resolution worked until like 1h ago before i suspended my Macbook last. Any clues why hostnames cannot be resolved although the search suffix is set?

James

Posted 2013-12-20T20:38:42.377

Reputation: 685

1I've just tried this on my computer (TunnelBlick 3.4beta18, OSX Mavericks 10.9.1 13B42) and found a similar issue, but it's dig specific - it seems it's not using the global search domains. I can resolve 'somehost' in other software without problem. Does nslookup somehost give you the expected IP? – tenorkev – 2013-12-21T15:46:58.927

It's true that dig really does not add DNS suffixes, but I have this problem anyways also with nslookup (and of course any other app). It seems as if the DNS resolver of the mac gets crazy if the connection type changes (form wifi to ethernet, to vpn etc.). It suddenly does not honor the DNS search suffix anymore. The only solution I found is to disable wifi, unplug any ethernet cable and reconnect again. The it works again... – James – 2014-03-04T15:40:57.360

Answers

1

As dig is a tool for querying DNS-Servers it has to assume, that the given parameter is already an FQDN. nslookup checks whether you give it an FQDN or not and adds the appropriate suffix.

And one thing might be of interest: An Excerpt from the man-page of dig on OS-X:

Mac OS X NOTICE
   The dig command does not use the host name and address resolution or the DNS query routing mechanisms used by other
   processes running on Mac OS X.  The results of name or address queries printed by dig may differ from those found by
   other processes that use the Mac OS X native name and address resolution mechanisms.  The results of DNS queries may also
   differ from queries that use the Mac OS X DNS routing library.

Hope that helps

heiglandreas

Posted 2013-12-20T20:38:42.377

Reputation: 1 153

Asked: 2013-12-20T20:38:42.377

Viewed: 2 077 times

Active: 2013-12-21T20:45:09.813