Since I started using the Cisco AnyConnect VPN Client, I had DNS issues. I could not fully figure out why this happens on my system, but all signs lead to an issue with scoped DNS queries on macOS. Whenever the VPN is established, macOS uses the wrong order to resolve DNS entries. This leads to DNS query timeouts, but under certain circumstances to complete DNS failures, as the system insists on using the unreachable DNS server.
The problem exists for a long time now, at least since macOS Mountain Lion. For a long time I had to live with this annoyance, as the issue persisted with every new version of the AnyConnect client. But now I found a workaround, maybe even a long-term solution. It is possible to tell the macOS resolver to use certain DNS servers for certain domains. Setting this up is rather easy:
[email protected]:~:$ sudo mkdir /etc/resolver [email protected]:~:$ echo 'nameserver 10.8.0.1' > /etc/resolver/domain.com [email protected]:~:$ sudo killall -9 mDNSResponder && dscacheutil -flushcache
After restarting the mDNSResponder daemon and flushing the DNS cache, I was all set. I hope this will become a long-term solution for this issue, that plagued me for so long.