
Fixing MacOS Stupid DNS Problems with VPNs and Split DNS: Good Bye Resolv.conf - greenboxal
https://github.com/greenboxal/dns-heaven
======
shakna
> curl -L [https://git.io/fix-my-dns-plz](https://git.io/fix-my-dns-plz) |
> sudo bash

curl... sudo...

Can we please move beyond stupidity here?

At least use curl's pinnedpubkey flag. Anything other than a raw get piped to
sudo.

\---

And on another note: [https://git.io/fix-my-dns-pl](https://git.io/fix-my-dns-
pl)

> No url found for fix-my-dns-pl

~~~
icodestuff
On the other note, you missed the last character of the URL, so that's not
terribly surprising.

~~~
shakna
You're right, I screwed that up.

But the resulting script has this lovely gem:

    
    
        curl -L -o $TARGET ...
        chmod +x $TARGET
    

No error management, no download integrity checking... Let's just run a fie
from the web! Which can be incomplete despite the `set -e` at the start of the
file.

------
bocklund
Can someone explain what problem this solves?

~~~
floatingatoll
On a Mac, run “scutil --dns” on the command line. This is the level of
complexity supported by the native resolver.

Many admins prefer the old-style where you can only use one resolver for all
domains. OS X permits each connection to have its own resolver configuration,
selected using the “domain names” and a priority heuristic.

Viscosity implements this as “Split DNS”, where only the domains sent by your
VPN server are attached to the VPN connection’s resolver configuration.

I assume other VPN clients vary in their behavior, and so this (unsafe) curl |
bash guideline is some sort of mechanism that tries to rip apart the priority
stack in favor of simply using resolv.conf.

