41 lines
1.2 KiB
Markdown
41 lines
1.2 KiB
Markdown
# NordVPN macOS DNS Design
|
|
|
|
## Goal
|
|
Keep NordVPN DNS while connected on macOS, but only apply it to active physical services so the WireGuard backend does not break Tailscale or other virtual interfaces.
|
|
|
|
## Behavior
|
|
- Keep the generated WireGuard config free of `DNS = ...`
|
|
- During `connect` on macOS:
|
|
- detect active physical network services
|
|
- snapshot current DNS/search-domain settings
|
|
- set NordVPN DNS only on those physical services
|
|
- During `disconnect`:
|
|
- restore the saved DNS/search-domain settings
|
|
- During failed `connect` after DNS changes:
|
|
- restore DNS before returning the error
|
|
|
|
## DNS Values
|
|
- IPv4 primary: `103.86.96.100`
|
|
- IPv4 secondary: `103.86.99.100`
|
|
- No IPv6 DNS for now
|
|
|
|
## Service Selection
|
|
Include only enabled physical services from `networksetup`.
|
|
Exclude names matching:
|
|
- Tailscale
|
|
- Bridge
|
|
- Thunderbolt Bridge
|
|
- Loopback
|
|
- VPN
|
|
- utun
|
|
|
|
## Persistence
|
|
- Save DNS snapshot under `~/.nordvpn-client`
|
|
- Overwrite on each successful connect
|
|
- Clear after successful disconnect restore
|
|
|
|
## Verification
|
|
- Unit tests for service selection and DNS snapshot/restore helpers
|
|
- Direct logic/config tests
|
|
- Avoid live connect tests from this session unless explicitly requested because they can drop connectivity
|