Vault DNS Resolution fails on VPN now that --with-dynamic is gone


(Adam Baker) #1

First, let me say that I think Homebrew is an awesome project and it’s made using open source tools on macOS just as seamless as they are on Linux.

Back in 2017 when I first started using Vault I discovered that Vault from Homebrew didn’t work correctly when I was working offlsite over VPN because it was using Go’s internal resolver which, from my understanding, is relatively naive and just uses what’s in /etc/resolv.conf and doesn’t have a way to use DNS servers provided by a VPN connection. Then I came across this issue which allowed me to get Vault to work by using the --with-dynamic option which instructs Go to build Vault with support to use the native system resolver.

I updated a couple of days ago and discovered that Vault no longer works over VPN because of the DNS resolution issue. Then I discovered this issue:

Further reading Issues, including https://github.com/Homebrew/homebrew-core/issues/31510 , would also indicate that options are never coming back, no matter what.

Question: Since not having --with-dynamic makes Vault completely unusable for myself and members of my team when we have to work remotely, what alternatives do we have other than finding a non-brew way to install and update Vault?

Update: it would seem that the Go project is aware of the shortcomings of the Go native resolver - https://github.com/golang/go/issues/12524 - perhaps a worthwhile place for anyone who is experiencing the same issue to chime in.


(Sean Molenaar) #2

You could use the information here: https://docs.brew.sh/Migrating-A-Formula-To-A-Tap to maintain your own version of the formula until go fixes their DNS.


(Marcus Maxwell) #3

I’ve setup a tap for those interested https://github.com/mindfulmonk/homebrew-tap