3

A domain stopped resolving for me yesterday on my MacBook running macOS 10.15.7 (Catalina). Ping cannot reach it and browsers cannot reach it, and all other domains / websites are fine on the computer:

  • It resolves on my other computer and my iPhone on the same Wi-Fi network.
  • Ping fails with the cannot resolve / Unknown host error message.
  • traceroute also gives me an unknown host error.
  • Dig on the other hand does find the correct IP.
  • Host also finds the correct IP.
  • If I add the domain and its IP to my hosts file, it works fine.

Things I’ve tried:

  • I tried re-booting the computer and the router, with no luck.
  • I tried 'forgetting' and then reconnecting to the Wi-Fi network, with no luck.
  • I tried flushing dns (sudo killall -HUP mDNSResponder;sudo killall mDNSResponderHelper;sudo dscacheutil -flushcache), with no luck.

My only clue as to what might have caused the problem is I was connected yesterday afternoon via VPN (FortiClient VPN) yesterday to my employer’s network and while I was editing the website belonging to this domain, the VPN went down, and that’s when the problem started.

The domain would have been resolving through the VPN at the time it went down, and somehow that has caused a more permanent problem for my machine resolving the domain (but one that flushing DNS should have fixed with no problem). I tried un-installing and re-installing the VPN software and that did not fix it either.

Improve this question
0

1 Answer 1

Reset to default
2

Delete the DNS resolver file for that domain name located in /etc/resolver/.

This is a known issue with FortiClient in many cases when the VPN connection goes down. The solution is as follows.

  • Shut down and quit the FortiClient.

  • Open up the Terminal and go to the DNS resolver directory:

    cd /etc/resolver/

  • Do a directory listing (ls -la) and see if your company’s VPN domain name is in there; in this case lets say it’s example.com.

  • If it’s there, then run this command to delete the stray DNS resolver file:

    sudo rm -f example.com

The second you do that, you should be able to reach those previously unreachable domain names and hostnames associated with example.com without issue. Feel free to restart the FortiClient as well for the VPN. All should be good again.

What is happening — or is not happening — is that resolver file is used by the VPN to help you resolve hostnames that are specific to that VPN network by pointing to DNS servers internal to example.com.

If your VPN connection is suddenly lost — but that DNS resolver file is still there — then you have no VPN connection to example.com but the DNS resolver file is still going to try to connect to those internal DNS servers… But it can’t… And thus the errors you saw.

Improve this answer
1
  • 1
    Thx so much for this fix. I've been manually modifying the host file as a work around on multiple machines. FortiClient for MacOS has been sooo buggy
    – chris
    Commented Feb 22, 2023 at 13:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .