Summary

When connecting to Versa SASE, macOS clients may display the same DNS search domain multiple times in /etc/resolv.conf. This is a cosmetic behavior specific to macOS and does not impact DNS resolution.


Behavior on macOS

  • macOS associates each DNS server in a resolver configuration with the specified search domain.

  • If multiple DNS servers are defined for a resolver that has a domain attached, macOS writes the same domain once for each server.

  • Example:
    Configured in Versa SASE profile:

    • DNS servers: 10.10.10.10, 10.57.20.1, 172.25.160.1, 10.56.116.1

    • Domain: carnival.com

  • Example:

    search carnival.com carnival.com carnival.com carnival.com

    nameserver 8.8.8.8

    nameserver 10.10.10.10

    nameserver 10.57.20.1

    nameserver 172.25.160.1

    nameserver 10.56.116.1

  • Functionally, macOS still treats this as a single carnival.com search domain. The repetition is cosmetic only.


Behavior on Linux/Windows

  • Linux: Uses systemd-resolved, so /etc/resolv.conf usually shows only 127.0.0.53. The actual DNS servers and search domains can be checked with resolvectl status. Search domains appear only once, even if multiple DNS servers are configured.

  • Windows: Search domains are applied per interface and listed once. They do not repeat for each DNS server.


Impact

  • No functional issues are caused by duplicate entries on macOS.

  • DNS lookups work normally, and the system resolves names correctly.



Workarounds (Cosmetic Only)

  • To avoid repeated entries, configure only one DNS server per resolver that has a search domain, and place additional DNS servers in a separate resolver without a domain.

  • This change is optional, as the duplicates are harmless.