Force DNS server ip while connected to VPN

dnshigh sierravpn

I'm using Fortclient VPN to connect to a customer network and the client enforces the use of their DNS (since the customer is in Turkey I get false DNS responses on wikipedia and other websites while connected)
Before high sierra I was able to reset the DNS server used using scutil:

> d.init
> d.add ServerAddresses * 8.8.8.8 8.8.4.4
> set State:/Network/Service/forticlientsslvpn/DNS

that usually was enough, starting on high sierra even after setting the DNS value using set it still shows the old values:

> d.show
<dictionary> {
  ServerAddresses : <array> {
    0 : 8.8.8.8
    1 : 8.8.4.4
  }
}
> show State:/Network/Service/forticlientsslvpn/DNS
<dictionary> {
  ServerAddresses : <array> {
    0 : 192.168.20.10
    1 : 192.168.20.11
  }
}
> set State:/Network/Service/forticlientsslvpn/DNS
> show State:/Network/Service/forticlientsslvpn/DNS
<dictionary> {
  ServerAddresses : <array> {
    0 : 192.168.20.10
    1 : 192.168.20.11
  }
}

Is there another way to do it in High Sierra?

Best Answer

I've found a solution, open source client openfortivpn let you skip dns settings while connecting to the VPN. Using its --no-dns --pppd-no-peerdns options fixes it

OS X 10.10.0 – 10.10.3, Yosemite

Apparently, mDNSResponder doesn't exist in Yosemite (OS X 10.10). You can restart descoveryd instead to fix these issues.

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist

OS X 10.10.4+, Yosemite

In OSX 10.10.4 the mDNSResponder has been reintroduced. So use the first one will work again.

MacOS – Mac Mavericks 10.9 DNS problem with specific addresses

In the assumption that you have no software installed that would explicitly block those sites here is how to block and unblock web sites.

A Mac’s hosts file is a simple text file that dictates what the system should do when specific domains or IP addresses are accessed.

You can trigger a “page cannot be displayed” error or even redirect them to other domains/IPs of your choice.

For the sake of this tutorial, all blocked websites will be pointed to 127.0.0.1, which is the localhost or system itself.
To get started, Copy and paste the following code in Terminal:
sudo /bin/cp /etc/hosts /etc/hosts-original
Terminal will ask for your password.
Now we can start editing the hosts file. Copy and paste this code in Terminal (all one line):
sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts
The hosts file will open in TextEdit.

Notice the following lines and do not delete them under any circumstances:

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1 localhost

fe80::1%lo0 localhost

You should not have any further data here.

Create a new line directly under the last one shown above. Type the following, replacing the sample domain with the domain or IP address you want to block:
    127.0.0.1 sample.com www.sample.com
Continue adding lines following the format in step 6 for each website you want to block. When you’re done, quit TextEdit and save the hosts file when prompted. Back in Terminal, run the following command to flush the computer’s DNS and put the new hosts file into effect. You can restartyour Mac instead, if you prefer.
    dscacheutil -flushcache
That’s all there is to it! Websites added to the hosts file will no longer be accessible from any user account on that Mac.

In your case look for the blocked IP's

re-enable access to blocked websites, just repeat this process and remove the lines you added in the hosts file. Just remember not to delete the original 4 lines shown in step 5.

Best Answer

Related Solutions

MacOS – DNS not resolving on Mac OS X

OS X 10.10.0 – 10.10.3, Yosemite

OS X 10.10.4+, Yosemite

MacOS – Mac Mavericks 10.9 DNS problem with specific addresses

Related Question