OS stops using VPN DNS settings after delayed response

I've noticed that the OS stops consulting the VPN extension for DNS after a delayed response.


We want to use split-tunnel, but handle all of the DNS. We have our DNS settings for our Packet Tunnel Provider set as described here:
https://forums.developer.apple.com/message/122209#122209


With an empty match domain. That works Ok, but if we receive any significantly (~3 seconds) delayed response to a DNS query the OS starts sending all DNS queries out the wireless interface instead of over the VPN.


It doesn't try again right away, but continues to use the wireless interface instead of the VPN interface. It will try again at intervals and things can recover, but this causes serious issues for the VPN.


Does anyone know of a way to tweak the settings that determine when the system falls back to the system DNS resoluton instead of the VPN DNS resolution, and how it retries?


We have to support macOS versions older than 10.15, so we can't use the DNS proxy provider.


Kevin

Curious what the 'Service Order' is if you look at Setting/Networks..

OS stops using VPN DNS settings after delayed response
 
 
Q