Help please with macOS DNS setup

Discussion in 'privacy problems' started by mirimir, Apr 20, 2018.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    So I have this High Sierra VM, and I'm running a VPN client in it. I've specified the VPN's DNS servers in the Advanced section of the Network config. But Safari and curl are both stuck on 8.8.8.8 as DNS server. And I have no clue where the macOS is getting that from. It could be cached somewhere, from before I setup the VPN client.

    Any ideas?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Damn. Never mind. I remembered to check /etc/resolv.conf. And doh, it has 8.8.8.8. But auto generated, so I gotta track that back.

    Edit: Oh, it's not that. That's not actually used by anything. It's this:

    $ scutil --dns

    And for sure, 8.8.8.8 is specified for the VPN. Actually, ipsec0.

    So maybe I screwed up the Apple Configurator profile. Damn.
     
    Last edited: Apr 20, 2018
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I figured out how to change DNS servers using scutil. But changes don't persist after reboot.

    So yes, please help!
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,870
    Location:
    UK
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Hey, thanks :)

    But it's not the DNS cache that's the problem.

    To see DNS servers, you run "scutil -dns". In my case, that shows what nameservers are configured for en0 (ethernet) and ipsec0 (IKEv2 tunnel). For ipsec0, it's 8.8.8.8 :(

    To add nameservers, you need to know the "primary service ID". After searching some, I found that you can run "sudo scutil", and then "list ".*DNS" to show all of the subkeys with DNS entries. So I got the subkey for ipsec0 (B224FA1D-...-4E81). And then I did "d.add ServerAddresses 1.2.3.4 5.6.7.8" and "set State:/Network/Service/B224FA1D-...-4E81/DNS". And then "quit", to exit scutil. Now "scutil -dns" shows 1.2.3.4 and 5.6.7.8 for ipsec0.

    However, after reboot, "scutil -dns" shows 8.8.8.8 for ipsec0.

    I also tried using "networksetup -setdnsservers" but you need to know service names, and I have no clue how to get those.

    So I'm stuck.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Damn. I can be such a bloody idiot :(

    I had specified 8.8.8.8 in the IPSec server config, and forgot that I'd done that.

    So I specified what I want, the that's what clients get :)

    I still don't know how to persistently edit DNS server settings in macOS. But I guess that I don't care.

    Damn.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.