How to not use VPN's DNS on OS X?
September 11, 2007 6:52 AM   Subscribe

Edit /etc/resolv.conf
posted by majick at 7:23 AM on September 11, 2007

This is for Win2K, but it might work...

- In the VPN properties, click into the networking tab.
- Click Internet Protocol and click the Properties button.
- Click the Advanced Button
- Untick "Use default Gateway on remote network"

If that doesn't work then in this dialog (DNS tab), you can also set up the DNS servers for the particular connection.
posted by seanyboy at 7:24 AM on September 11, 2007

OSX. (My bad - Sorry.)
posted by seanyboy at 7:24 AM on September 11, 2007

What version of OS X are you using? In 10.4 and later, you can manually specify DNS servers. Open System Preferences and click the Network item. Select your VPN connection from the "Show" menu, then enter your preferred DNS servers in the "DNS Servers" section. These should override anything that the VPN specifies.
posted by pmbuko at 7:26 AM on September 11, 2007

Interesting question. Usually, sending DNS through the VPN is regarded as a feature, not a bug ... but in your situation I can see how it would be undesirable.

How do you have your DNS server set up in the Networking preference pane? Although I've never really checked to see how OS X decides what traffic to put through the VPN when you have the "send all traffic" option off, my guess would be that it does it by subnet. (If not by domain, which would be the logical choice, except that it's obviously not doing that since that wouldn't include DNS queries.)

Perhaps if you explicitly define a DNS server in your Network preferences, and make sure that it's one that's outside the subnet used by the VPN, OS X will use it? That would be my first try, anyway.
posted by Kadin2048 at 7:26 AM on September 11, 2007

Also, I haven't tried it, but the solution discussed here looks promising.
posted by pmbuko at 7:30 AM on September 11, 2007 [1 favorite has favorites]

(OS X doesn't use /etc/resolv.conf, at least recent versions. Neither is this a packet routing problem.)

Here's one way to do it: Install "dnsmasq" locally (google "Fink") and set your nameserver to use the local address (127.0.0.1). Then, set dnsmasq rules to divert certain kinds of queries to certain other nameservers.

http://www.thekelleys.org.uk/dnsmasq/doc.html
http://finkproject.org/
posted by cmiller at 7:36 AM on September 11, 2007

By "set your nameserver to use the local address" I meant "set your computer network settings to point to the local address only". Do that in SysPref -> Network.

Sorry.
posted by cmiller at 7:37 AM on September 11, 2007

"OS X doesn't use /etc/resolv.conf, at least recent versions."

This is correct and I am in error. I just so happen to have BIND installed -- nearly everyone else won't.
posted by majick at 7:51 AM on September 11, 2007

I'm not sure you want to do what you say you want. Understand that if you achieve what you seek -- keeping your DNS servers local to your machine -- then if your workplace has a behind-the-firewall DNS server that serves up names of internal hosts, you won't be able to use that at all. This is pretty common -- and it'll mean that you won't be able to resolve the names of many hosts you probably use regularly when you're connected to your VPN.
posted by delfuego at 8:01 PM on September 11, 2007

« Older How can I get my toddler to dr...   |   Is it my cheap monitor, or my ... Newer »

This thread is closed to new comments.