I'm running the latest AnyConnect (4.10.01075) on MacOS Big Sur 11.4. The problems seem to have begun around the time Apple released Big Sur, but in short, any time I (or a coworker in the same boat) connect to the corporate VPN, we're having a ton of issues with DNS resolution. We've tried some workaround scripts we've found to reset DNS cache, etc, on the Mac's, but those only seem to last for an hour or so (if we're lucky) before things start to go awry, and they ALWAYS go awry if the Macs go to sleep while connected. Everything worked fine prior, and DNS wasn't an issue.

In short, it appears to completely stop honoring our corporate network DNS settings and starts trying to resolve internal assets and domain addresses against the non-corporate, public internet DNS servers. Looking at Reddit / elsewhere, this seems to be a known issue, and one that is plaguing a lot of people so trying to get some direction as to when there might be a fix. Obviously we get that this could be an issue with MacOS Big Sur as much as it can be with AnyConnect, just that the problem only makes itself an issue when connected to VPN, as resolution works fine any other time.

When this is happening we can use netstat -r or scutil --dns and see improper DNS listed, but sporadically, nslookup and ping can still resolve some internal entries properly. It's a mess.