Sample Header Ad - 728x90

Split DNS no longer working when installing mobileconfig VPN profile

0 votes
1 answer
352 views
network vpn dns
My company uses Split DNS to resolve internal domains. We configure this Split DNS by installing a mobileconfig with a VPN profile. See also https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf for more information. The profile contains the following section: 
SupplementalMatchDomains

  cb.local
  privatelink.azurewebsites.net
Usually this would configure/install the following resolvers, output from scutil --dns where resolver #1 is the one provided by the local network: 
DNS configuration

resolver #1
  search domain : cb.local
  search domain : privatelink.azurewebsites.net
  nameserver : 172.16.0.1
  if_index : 14 (en0)
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  domain   : cb.local
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 23 (ipsec0)
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 103000
...

resolver #4
  domain   : privatelink.azurewebsites.net
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 23 (ipsec0)
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 103001
...

DNS configuration (for scoped queries)

resolver #1
  nameserver : 172.16.0.1
  if_index : 14 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  search domain : cb.local
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 23 (ipsec0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)
However this is no longer the case: 
DNS configuration

resolver #1
  nameserver : 172.16.0.1
  if_index : 6 (en0)
  flags    : Request A records
  reach    : 0x00000002 (Reachable)
...

DNS configuration (for scoped queries)

resolver #1
  nameserver : 172.16.0.1
  if_index : 6 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  search domain : cb.local
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 18 (ipsec0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)
I have tried reinstalling the mobileconfig Profile and restarting the machine to no avail: 
> ping ad01.cb.local
ping: cannot resolve ad01.cb.local: Unknown host
How can I get Split DNS to work again? I really want to configure it through a profile (.mobileconfig) (and not through various /etc/resolver/domain files or a local dnsmasq instance). macOS Ventura 13.0.1.
Asked by bouke (1267 rep)
Nov 14, 2022, 04:14 PM
Last activity: May 5, 2025, 02:04 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Ask Different (Apple)

More questions tagged "network"
More questions tagged "vpn"
More questions tagged "dns"
Footer Ad - 728x90