Private network (VPN) resources “unreachable”/“unknown”?

thegeniunearticle · March 5, 2025, 11:24am

MacOS Sonoma. MacBookPro (also iPad).

Connected via WiFi to [parent’s] home network. Everything seems to be ok for general usage/browsing, etc.

However, when I connect to my work network with my VPN client, I am unable to resolve any private network hosts (10.0.0.0/8). I have verified that my VPN client is connecting to the VPN server’s public IP, and I am getting assigned a private VPN address.

Same thing is also occurring on my iPad.

If I try to ping a known private IP address (e.g. 10.0.0.126) using its host name, (internal.somehost.mycompany.com), I get “ping: cannot resolve internal.somehost.mycompany.com: Unknown host” (DNS for mycompany.com is AWS Route53).

DNS Server(s) assigned when I am on this WiFI is as I’d expect (single DNS entry, which is the router’s IP address - 192.168.1.254).

I am currently in the UK, but I am usually US-based (CA). When I left, everything was working fine. I don’t have cellular on my iPad, so I can’t just turn off the WiFi, and I don’t have any public networks nearby. There’s no geo blocking on my VPN hosts. Internet provider is BT Internet. I took a look at the admin interface of the WiFi router, and couldn’t see any thing obvious that would be filtering/blocking private IP addresses.

Not sure why the DNS isn’t resolving. I am by no means a networking expert.

EDIT: Additional info (and a resolution):

I added 1.1.1.1 to my DNS server list, then tried nslookup:

> nslookup internal.somehost.mycompany.com
Server:         1.1.1.1
Address:        1.1.1.1#53 
Non-authoritative answer: 
Name:   internal.somehost.mycompany.com 
Address: 10.0.0.126
So, something.

Then I tried dig:

> ❯ dig internal.somehost.mycompany.com

; <<>> DiG 9.10.6 <<>> internal.somehost.mycompany.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26793
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;internal.somehost.mycompany.com.INA

;; ANSWER SECTION:
internal.somehost.mycompany.com. 300 INA10.0.0.126

;; Query time: 160 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Aug 12 10:51:03 BST 2024
;; MSG SIZE  rcvd: 74

So, looks like that was it - adding 1.1.1.1 to my DNS servers did the trick.

It works back home, because I am running my own DNS servers (PiHole) on my home network.