Summary

When connecting to Versa SASE, macOS clients may display the same DNS search domain multiple times in /etc/resolv.conf. This is a cosmetic behavior specific to macOS and does not impact DNS resolution.

Behavior on macOS

• macOS associates each DNS server in a resolver configuration with the specified search domain.

• If multiple DNS servers are defined for a resolver that has a domain attached, macOS writes the same domain once for each server.

• Example:
  Configured in Versa SASE profile:
  
  

  • DNS servers: 10.10.10.10, 10.57.20.1, 172.25.160.1, 10.56.116.1

  • Domain: carnival.com

• Example:
  
  search carnival.com carnival.com carnival.com carnival.com

  nameserver 8.8.8.8

  nameserver 10.10.10.10

  nameserver 10.57.20.1

  nameserver 172.25.160.1

  nameserver 10.56.116.1
  
  

• Functionally, macOS still treats this as a single carnival.com search domain. The repetition is cosmetic only.

Behavior on Linux/Windows

• Linux: Uses systemd-resolved, so /etc/resolv.conf usually shows only 127.0.0.53. The actual DNS servers and search domains can be checked with resolvectl status. Search domains appear only once, even if multiple DNS servers are configured.
  
  

• Windows: Search domains are applied per interface and listed once. They do not repeat for each DNS server.

Impact

• No functional issues are caused by duplicate entries on macOS.

• DNS lookups work normally, and the system resolves names correctly.

Workarounds (Cosmetic Only)

• To avoid repeated entries, configure only one DNS server per resolver that has a search domain, and place additional DNS servers in a separate resolver without a domain.

• This change is optional, as the duplicates are harmless.