My company provided me with a Dull laptop for work, but for the last 1.6 years, I’ve been using my personal 2019 MacBook Pro (MacOS v14.6.1). I’ve set it up with all of the requisite apps that I need, including NetSkope and Global Protect VPN. I’ve always been able to connect to everything internal to the company via either NetSkope or VPN, and never had a problem. However, starting last week, there are now two internal websites/services that I can’t connect to, each stating “Server not found.” The same remains true when I run an nslookup, traceroute, or ping the sites. I can connect to everything else. I’ve flushed my DNS cache, rebooted, shutdown, but still no joy. Reaching out to the site owners, they report that there have been no changes, and other personal Mac users that I’ve spoken to are able to connect to the sites that I’m unable to. Because I’m using a personal device, the IT networking team won’t support me. Using my Dull laptop I am able to connect to those sites when connected via VPN or NetSkope.
Find out the (internal) IP addresses of the servers and try to access them via IP address instead of by name, to rule out routing issues.
Examine what NetSkope and Global Protect VPN are doing to manipulate DNS.
Note that many Terminal commands use /etc/resolv.conf for name resolution but that isn’t what macOS uses for name resolution, so they can give misleading results. Examine the macOS DNS setup with the scutil --dns command instead.
Looking at the output from scutil --dns it shows the correct DNS servers. I obtained and added the IP addresses and hosts names to /etc/hosts, and that resolved the issues for the known sites that I was having issues with.
I’m not sure if it may be relevant, but I have a similar problem on my Windows PC.
On my home LAN, I run my own DNS server (to serve the names for devices on the LAN) and a DHCP server that provides this DNS address to clients that connect.
On my Windows PC, it runs DHCP for both IPv4 and IPv6. It gets my DNS server for IPv4, but it gets my ISP’s DNS server for IPv6, because I’m not running an IPv6 DNS server. Windows gives priority to IPv6, so my DNS server gets ignored, making it impossible to access my LAN’s systems by name. Unless I disable IPv6 on Windows - which I’d prefer to not have to do.
I don’t know if macOS has this issue. I generally use manually-configured network configurations when at home, so my Macs only have my local DNS server configured. (I create a separate location that is DHCP-based for when I’m away from home).
Take a look and see if you have DNS servers for both IPv4 and IPv6. If your corporate DNS is IPv4 only, then the v6 sever may be from your ISP and therefore not know about local hostnames. If you’re seeing that, see if you can disable IPv6 (at least as a test) or create a separate location for the corporate LAN that has manual configurations for DNS.
And as an aside to anyone who may know how to do it, do you know how to configure a DHCP server to serve IPv6 data?
I’m using a Raspberry Pi with the ISC DHCP server. The tricky bit here is that I don’t have static IPv6 addresses - they’re dynamically generated from the /64 address block given to me by my ISP. Somehow, the DHCP server (which is also running the DNS server) needs to advertise its own dynamic address to the rest of my LAN. But I have no clue how to configure such behavior.