MacOS DNS Search Domains

Pritunl
1

The Pritunl Client for MacOS is not setting the Search Domains.

Tested with 3 clients: Pritunl, Viscosity and Tunnelblick. All connected to the same Pritunl server without any modifications to the profile or client settings.

In the Pritunl settings I have tried:

  • Reset DNS
  • Reset Networking
  • Enable/Disable DNS refresh

In the Pritunl profile settings:

  • Force DNS configuration

The connection logs show the option being sent, which is evident with Viscosity and Tunnlblick properly setting it.

dhcp-option DOMAIN-SEARCH corp.pvt

My tests were ran on 14.6.1 Sonoma, but this is happening across 12, 13, 14 and 15.

Pritunl

scutil --dns
DNS configuration

resolver #1
  search domain[0] : home
  nameserver[0] : 192.168.111.184
  nameserver[1] : 192.168.111.51
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 101600

resolver #2
  nameserver[0] : 192.168.1.1
  nameserver[1] : 208.67.222.222
  if_index : 12 (en0)
  flags    : Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)
  order    : 200000

resolver #3
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #4
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #5
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #6
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #7
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #8
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : home
  nameserver[0] : 192.168.1.1
  nameserver[1] : 208.67.222.222
  if_index : 12 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

Viscosity

scutil --dns
DNS configuration

resolver #1
  search domain[0] : corp.pvt
  search domain[1] : home
  nameserver[0] : 192.168.1.1
  nameserver[1] : 208.67.222.222
  if_index : 12 (en0)
  flags    : Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #3
  domain   : corp.pvt
  nameserver[0] : 192.168.111.184
  nameserver[1] : 192.168.111.51
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 101601

resolver #4
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #5
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #6
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #7
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #8
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : home
  nameserver[0] : 192.168.1.1
  nameserver[1] : 208.67.222.222
  if_index : 12 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
  search domain[0] : corp.pvt
  nameserver[0] : 192.168.111.184
  nameserver[1] : 192.168.111.51
  if_index : 19 (utun10)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

Tunnelblick

scutil --dns
DNS configuration

resolver #1
  search domain[0] : corp.pvt
  search domain[1] : home
  nameserver[0] : 192.168.111.184
  nameserver[1] : 192.168.111.51
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : corp.pvt
  search domain[1] : home
  nameserver[0] : 192.168.111.184
  nameserver[1] : 192.168.111.51
  if_index : 12 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)```
2

This should be fixed in the latest releases. Verify Pritunl Client v1.3.4026.10 is installed. These newer releases will update the SearchDomains value for the primary scutil service. The client debugging documentation has information on debugging DNS issues.