我会尽我所能详细地描述这个问题...但真正的问题是,我不知道是什么原因导致了这个问题。
我设置了 VPN,用于访问公司服务器(内联网 + 网络驱动器)。该服务器无法访问互联网,因此使用拆分隧道。
直到昨天,我的 2020 M1 MacBook Pro – 13.2 Ventura 上的一切运行正常。我使用的是 Tunnelblick,速度不是很快,但相当可靠。
然后我尝试更新 Tunnelblick,但它却不可逆转地损坏了它(在安装/启动时陷入循环)。
于是我安装了 Viscosity——事情开始变得非常奇怪:当我连接到 VPN 时,Chrome 和其他应用程序似乎无法正确解析 DNS
但通过终端,一切似乎都很好——甚至 Safari 也运行正常!(连接到内联网、WWW,一切都运行正常)
网络驱动器也能连接并正常工作。
怀疑这是一个权限问题,Apple 应用程序会覆盖它,我尝试通过 root 用户(我的普通帐户是管理员级别)并在 root 下,一切都运行正常 - 所有应用程序都可以完美访问 WWW 和内联网。
那么,呃...有什么想法吗?
(除了全新安装 macOS 之外,我似乎尝试了所有方法,在放弃之前,我花了整整一天时间与 Google、ChatGPT、我们的 IT 部门等讨论这个问题。)
[终端输出如下]
VPN 开启:
平
vasekrych@Vaclav-MacBook-Pro ~ % sudo ping google.com
PING google.com (142.251.37.110): 56 data bytes
64 bytes from 142.251.37.110: icmp_seq=0 ttl=117 time=27.302 ms
64 bytes from 142.251.37.110: icmp_seq=1 ttl=117 time=20.465 ms
64 bytes from 142.251.37.110: icmp_seq=2 ttl=117 time=12.443 ms
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 12.443/20.070/27.302/6.073 ms
vasekrych@Vaclav-MacBook-Pro ~ % sudo ping seznam.cz
PING seznam.cz (77.75.77.222): 56 data bytes
64 bytes from 77.75.77.222: icmp_seq=0 ttl=55 time=27.136 ms
64 bytes from 77.75.77.222: icmp_seq=1 ttl=55 time=13.984 ms
64 bytes from 77.75.77.222: icmp_seq=2 ttl=55 time=13.753 ms
--- seznam.cz ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.753/18.291/27.136/6.255 ms
vasekrych@Vaclav-MacBook-Pro ~ % sudo ping news.greenpha.local
PING news.greenpha.local (10.0.1.12): 56 data bytes
64 bytes from 10.0.1.12: icmp_seq=0 ttl=63 time=10.873 ms
64 bytes from 10.0.1.12: icmp_seq=1 ttl=63 time=9.514 ms
64 bytes from 10.0.1.12: icmp_seq=2 ttl=63 time=10.276 ms
--- news.greenpha.local ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.514/10.221/10.873/0.556 ms
斯库蒂尔
vasekrych@Vaclav-MacBook-Pro ~ % scutil --dns
DNS configuration
resolver #1
search domain[0] : greenpha.local
search domain[1] : home
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
nameserver[2] : 2001:4860:4860::8888
nameserver[3] : 2001:4860:4860::8844
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #2
domain : greenpha.local
nameserver[0] : 10.0.0.5
flags : Supplemental, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
order : 101800
resolver #3
domain : local
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #4
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #5
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #6
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #7
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #8
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : home
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
nameserver[2] : 2001:4860:4860::8888
nameserver[3] : 2001:4860:4860::8844
if_index : 13 (en7)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #2
search domain[0] : home
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
nameserver[2] : 2001:4860:4860::8888
if_index : 11 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #3
search domain[0] : greenpha.local
nameserver[0] : 10.0.0.5
if_index : 19 (utun10)
flags : Scoped, Request A records
reach : 0x00000002 (Reachable)
猫
vasekrych@Vaclav-MacBook-Pro ~ % sudo cat /etc/resolv.conf
Password:
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
# scutil --dns
#
# SEE ALSO
# dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search greenpha.local home
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860:0:0:0:0:8888
nameserver 2001:4860:4860:0:0:0:0:8844
主持人
vasekrych@Vaclav-MacBook-Pro ~ % sudo host google.com
google.com has address 142.251.36.78
google.com has IPv6 address 2a00:1450:4014:80b::200e
google.com mail is handled by 10 smtp.google.com.
vasekrych@Vaclav-MacBook-Pro ~ % sudo host seznam.cz
seznam.cz has address 77.75.79.222
seznam.cz has address 77.75.77.222
seznam.cz has IPv6 address 2a02:598:a::79:222
seznam.cz has IPv6 address 2a02:598:2::1222
seznam.cz mail is handled by 10 mx1.seznam.cz.
seznam.cz mail is handled by 20 mx2.seznam.cz.
vasekrych@Vaclav-MacBook-Pro ~ % sudo host news.greenpha.local
Host news.greenpha.local not found: 3(NXDOMAIN)
挖
vasekrych@Vaclav-MacBook-Pro ~ % sudo dig google.com
; <<>> DiG 9.10.6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59744
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 36 IN A 142.251.36.142
;; Query time: 78 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 25 23:56:11 CEST 2023
;; MSG SIZE rcvd: 55
vasekrych@Vaclav-MacBook-Pro ~ % sudo dig seznam.cz
; <<>> DiG 9.10.6 <<>> seznam.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41765
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;seznam.cz. IN A
;; ANSWER SECTION:
seznam.cz. 19 IN A 77.75.77.222
seznam.cz. 19 IN A 77.75.79.222
;; Query time: 74 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 25 23:56:22 CEST 2023
;; MSG SIZE rcvd: 70
vasekrych@Vaclav-MacBook-Pro ~ % sudo dig news.greenpha.local
; <<>> DiG 9.10.6 <<>> news.greenpha.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23497
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;news.greenpha.local. IN A
;; AUTHORITY SECTION:
. 86396 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023072502 1800 900 604800 86400
;; Query time: 74 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 25 23:56:31 CEST 2023
;; MSG SIZE rcvd: 123
nslookup
vasekrych@Vaclav-MacBook-Pro ~ % sudo nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 142.251.36.142
vasekrych@Vaclav-MacBook-Pro ~ % sudo nslookup seznam.cz
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: seznam.cz
Address: 77.75.79.222
Name: seznam.cz
Address: 77.75.77.222
vasekrych@Vaclav-MacBook-Pro ~ % sudo nslookup news.greenpha.local
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find news.greenpha.local: NXDOMAIN
VPN 关闭:
平
vasekrych@Vaclav-MacBook-Pro ~ % sudo ping google.com
PING google.com (142.251.37.110): 56 data bytes
64 bytes from 142.251.37.110: icmp_seq=0 ttl=117 time=34.201 ms
64 bytes from 142.251.37.110: icmp_seq=1 ttl=117 time=15.227 ms
64 bytes from 142.251.37.110: icmp_seq=2 ttl=117 time=19.628 ms
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 15.227/23.019/34.201/8.109 ms
vasekrych@Vaclav-MacBook-Pro ~ % sudo ping seznam.cz
PING seznam.cz (77.75.77.222): 56 data bytes
64 bytes from 77.75.77.222: icmp_seq=0 ttl=55 time=35.463 ms
64 bytes from 77.75.77.222: icmp_seq=1 ttl=55 time=124.522 ms
64 bytes from 77.75.77.222: icmp_seq=2 ttl=55 time=27.554 ms
--- seznam.cz ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 27.554/62.513/124.522/43.966 ms
vasekrych@Vaclav-MacBook-Pro ~ % sudo ping news.greenpha.local
ping: cannot resolve news.greenpha.local: Unknown host
vasekrych@Vaclav-MacBook-Pro ~ % sudo ping 10.0.1.12
PING 10.0.1.12 (10.0.1.12): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8
Request timeout for icmp_seq 9
Request timeout for icmp_seq 10
Request timeout for icmp_seq 11
Request timeout for icmp_seq 12
--- 10.0.1.12 ping statistics ---
14 packets transmitted, 0 packets received, 100.0% packet loss
斯库蒂尔
vasekrych@Vaclav-MacBook-Pro ~ % scutil --dns
DNS configuration
resolver #1
search domain[0] : home
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
nameserver[2] : 2001:4860:4860::8888
nameserver[3] : 2001:4860:4860::8844
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
search domain[0] : home
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
nameserver[2] : 2001:4860:4860::8888
nameserver[3] : 2001:4860:4860::8844
if_index : 13 (en7)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
resolver #2
search domain[0] : home
nameserver[0] : 8.8.8.8
nameserver[1] : 8.8.4.4
nameserver[2] : 2001:4860:4860::8888
if_index : 11 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
猫
vasekrych@Vaclav-MacBook-Pro ~ % sudo cat /etc/resolv.conf
Password:
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
# scutil --dns
#
# SEE ALSO
# dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search home
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860:0:0:0:0:8888
nameserver 2001:4860:4860:0:0:0:0:8844
主持人
vasekrych@Vaclav-MacBook-Pro ~ % sudo host google.com
google.com has address 142.251.36.110
google.com has IPv6 address 2a00:1450:4014:80e::200e
google.com mail is handled by 10 smtp.google.com.
vasekrych@Vaclav-MacBook-Pro ~ % sudo host seznam.cz
seznam.cz has address 77.75.77.222
seznam.cz has address 77.75.79.222
seznam.cz has IPv6 address 2a02:598:2::1222
seznam.cz has IPv6 address 2a02:598:a::79:222
seznam.cz mail is handled by 10 mx1.seznam.cz.
seznam.cz mail is handled by 20 mx2.seznam.cz.
vasekrych@Vaclav-MacBook-Pro ~ % sudo host news.greenpha.local
Host news.greenpha.local not found: 3(NXDOMAIN)
挖
vasekrych@Vaclav-MacBook-Pro ~ % sudo dig google.com
; <<>> DiG 9.10.6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27355
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 211 IN A 142.251.36.110
;; Query time: 79 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 26 00:05:41 CEST 2023
;; MSG SIZE rcvd: 55
vasekrych@Vaclav-MacBook-Pro ~ % sudo dig seznam.cz
; <<>> DiG 9.10.6 <<>> seznam.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57275
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;seznam.cz. IN A
;; ANSWER SECTION:
seznam.cz. 9 IN A 77.75.79.222
seznam.cz. 9 IN A 77.75.77.222
;; Query time: 73 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 26 00:05:45 CEST 2023
;; MSG SIZE rcvd: 70
vasekrych@Vaclav-MacBook-Pro ~ % sudo dig news.greenpha.local
; <<>> DiG 9.10.6 <<>> news.greenpha.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45331
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;news.greenpha.local. IN A
;; AUTHORITY SECTION:
. 86398 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023072502 1800 900 604800 86400
;; Query time: 74 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 26 00:05:54 CEST 2023
;; MSG SIZE rcvd: 123
nslookup
vasekrych@Vaclav-MacBook-Pro ~ % sudo nslookup google.com
Server: 8.8.4.4
Address: 8.8.4.4#53
Non-authoritative answer:
Name: google.com
Address: 142.251.36.110
vasekrych@Vaclav-MacBook-Pro ~ % sudo nslookup seznam.cz
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: seznam.cz
Address: 77.75.79.222
Name: seznam.cz
Address: 77.75.77.222
vasekrych@Vaclav-MacBook-Pro ~ % sudo nslookup news.greenpha.local
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find news.greenpha.local: NXDOMAIN
常见的
ls
vasekrych@Vaclav-MacBook-Pro ~ % ls -l /etc/resolv.conf
lrwxr-xr-x 1 root wheel 22 14 led 2023 /etc/resolv.conf -> ../var/run/resolv.conf