Thursday, April 9, 2009

Viscosity, OpenVPN and DNS Priority

I wanted to change my DNS settings when connecting to an OpenVPN server using Viscosity. Using the resolv.conf and other methods didn't seem to have any effect, so I put together a solution that seems to work.

First, put these scutil commands into a file (we'll call it /usr/local/bin/changeDns.pref):
get State:/Network/Service/0/DNS
d.add ServerAddresses * 192.168.1.1 10.0.0.1
set State:/Network/Service/0/DNS
Notice that the ServerAddresses line has my DNS servers in order of priority. Change this to match your desired DNS resolution configuration. This settings will be automatically undone once the connection has been severed.

(Edit: The /Network/Service/0/DNS line is from my configuration, but it apparently varies between computers. You may need to run the scutil command list State:/Network/Service/[^/]+/DNS to find the name of your DNS service. Citation here.)

Now, we need to edit the /Applications/Viscosity.app/Contents/Resources/dnsupalt.py file (the script which is run when Viscosity connects). Put this after the nameservers and search_domains line:
#!/usr/bin/env python
# Viscosity DNS Support Script
# http://www.viscosityvpn.com
import os, re, sys

nameservers = []
search_domains = []

os.system("scutil < /usr/local/bin/changeDns.pref")
This tells scutil to run the file upon connection. Running scutil --dns after connecting shows that the DNS servers have been updated:
resolver #1
nameserver[0] : 192.168.1.1
nameserver[1] : 10.0.0.1
order : 200000
Disconnect and the system goes back to the DNS server offered by DHCP:
resolver #1
nameserver[0] : 10.0.0.1
order : 200000

1 comment:

LKRaider said...

Interesting, but is there a way to setup it so that only requests for specific domains go through one dns and others go through another? I don't want to leak dns requests to my VPN DNS, just want to use to resolve the custom domains setup there.