Public DNS times out when connected to Cisco IPSec VPN on macOS

I have been using and on macOS for months. I connect to various Cisco IPSec VPN servers inside of AWS for work purposes and this all worked previously with no issue. Just recently (last week or so) when I connect to a Cisco IPSec VPN server inside of AWS I lose DNS capability locally completely using CloudFlare:

Local network works just fine

MacBook-Pro ➜  ~ dig +short

When I connect to a IPSec VPN server though:

MacBook-Pro ➜  ~ dig +short
;; connection timed out; no servers could be reached

I can ping when connected to the AWS VPN which again, points to DNS failing to resolve:

MacBook-Pro ➜  ~ ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=38 time=51.987 ms
64 bytes from icmp_seq=1 ttl=38 time=77.721 ms
64 bytes from icmp_seq=2 ttl=38 time=55.962 ms
--- ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 51.987/61.890/77.721/11.311 ms

Did something recently change with CloudFlare public DNS? As mentioned, this used to work and nothing changed on my end.

Nothing has changed at Cloudflare.

Thanks for the reply @sdayman.

Here is the output when not connect to the Cisco IPSec VPN, and it works:

However, I’d like to run it again, when connected to the Cisco IPSec VPN, but I cannot because of the DNS resolution issue. Should I just hardcode into my /etc/hosts as and retry?

And additional output of requested commands when connected to IPSec VPN, sorry meant to put into output into the original reply. You’ll see explicitly providing @ works. The more I dive into this, I think it may be a bug in macOS that was introduced with latest update 10.15.5. All my IPSec VPN connections have this issue, before this worked.

MacBook-Pro ➜  ~ dig @

; <<>> DiG 9.10.6 <<>> @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26652
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1452
;			IN	A


;; Query time: 84 msec
;; WHEN: Sun Jul 05 14:57:16 CDT 2020
;; MSG SIZE  rcvd: 67

MacBook-Pro ➜  ~ dig +short CHAOS TXT id.server @

MacBook-Pro ➜  ~ dig 89 txt +short
dig: couldn't get address for '': not found

Hi, sounds like your VPN might be overwriting your DNS settings, so maybe take a look into that.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.