Cisco AnyConnect Client DNS issues

Since I started using the Cisco AnyConnect VPN Client, I had DNS issues. I could not fully figure out why this happens on my system, but all signs lead to an issue with scoped DNS queries on macOS. Whenever the VPN is established, macOS uses the wrong order to resolve DNS entries. This leads to DNS query timeouts, but under certain circumstances to complete DNS failures, as the system insists on using the unreachable DNS server.

The problem exists for a long time now, at least since macOS Mountain Lion. For a long time I had to live with this annoyance, as the issue persisted with every new version of the AnyConnect client. But now I found a workaround, maybe even a long-term solution. It is possible to tell the macOS resolver to use certain DNS servers for certain domains. Setting this up is rather easy:

[email protected]:~:$ sudo mkdir /etc/resolver
[email protected]:~:$ echo 'nameserver 10.8.0.1' > /etc/resolver/domain.com
[email protected]:~:$ sudo killall -9 mDNSResponder && dscacheutil -flushcache

After restarting the mDNSResponder daemon and flushing the DNS cache, I was all set. I hope this will become a long-term solution for this issue, that plagued me for so long.

macOS: Video files in Quarantine

I am not sure when it exactly started. But some time after I upgraded to High Sierra, VLC started to display a “Verifying the file” prompt with a progress bar whenever I opened a MKV or MP4 file. It did it every time and for every file, which was very annoying — to say the least!

After some research I found that all the files had the special permission com.apple.quarantine set, which was only visible via xattr.

[email protected]:/Volumes/Media:$ xattr /path/to/file.mkv
com.apple.quarantine
[email protected]:/Volumes/Media:$

After removing the special quarantine attribute with, the prompt was gone and did not re-appear so far.

[email protected]:/Volumes/Media:$ sudo xattr -r -d com.apple.quarantine /path/to/file.mkv

I can only speculate that the increased security measures in High Sierra automatically flagged certain files. Why it only affected MKV and MP4 files on my system, I do not know. I think the false-positives were caused by a faulty heuristic, or something similar. But your guess is as good as mine.

iMac on the Fritz

After six and a half years of heavy use, my main computer, a mid-2011 27″ iMac, is on the Fritz.

It is currently unclear if it is the graphics card itself, some related hardware, or just a worn cable. Maybe I am gonna be surprised and it is something completely different. What annoys me most is that it could be related to an call-back from 2014. I did not notice the re-call at the time and it apparently expired in 2014 (that is the reason why it is only available in the WayBack Machine).

I already emailed a local authorised service provider. Once I hear back from them, I will bring it in to get an analysis and a quote. Based on that, I will see what my options are.

Update (Feb 2018)

Thanks to a good friend I was able to disassemble the iMac and extract the graphics card. We put it in the oven and baked it for 20 minutes at 200 degrees Celsius. We cleaned the iMac, replaced the thermal paste and reassembled the iMac again.

And what do you know, it worked again! It works for the last couple of months and I guess as long as I dont use it daily again it will work fine. I make sure that it does not get over 45 C for longer periods of time and hope that in doing that, I can extend it’s life even further.

iPhone 8 Plus

When Apple first announced this year’s new phones, I immediately wanted to go for the iPhone X. I was instantly sold on the idea of having an almost bezel-free OLED display, combined with the latest technology and one of the best chipsets on the market. And wireless charging? Please sign me up!

This morning though, I ordered an iPhone 8 Plus with 64 GB of memory.

After the initial excitement of the event was gone, and the usual euphoric hype on all media and social channels had faded, I started having doubts about my first assessment. People were talking about the weird placement of the notch, about the security of Face ID and the gorgeous, but very new OLED display.

In addition, I found that not only the prices for iPhones in Europe had sky-rocketed, but also the price for Apple Care+ had been steeply increased — even more so in Europe and Germany.
All these factors, combined with this excellent tech comparison changed my mind. The iPhone 8 fulfils all my needs and is a huge improvement over my battered, but sturdy, iPhone 5s.

It is the conservative choice. Let the early adopters battle with the UX changes, the new hardware, and the new authentication system. Instead of getting the “Point Zero Release”, I will wait for the next one. The one where all kinks have been worked out.