Custom resolver configuration do not work on Big Sur

dnsNetwork

I have configured DNSmasq locally to translate all *.localhost requests to 127.0.0.1 (as per now expired RFC draft let-localhost-be-localhost).

I am running DNSmasq on non standard port (to not collide with multipass):

18411   ??  Ss     0:00.03 /nix/store/qv29whm9sdfwbxpsysjdiki6z0rylabv-dnsmasq-2.82/bin/dnsmasq --listen-address=127.0.0.1 --port=35353 --keep-in-foreground --address=/localhost/127.0.0.1

Which is ran using Launchd:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>KeepAlive</key>
    <true/>
    <key>Label</key>
    <string>org.nixos.dnsmasq</string>
    <key>ProgramArguments</key>
    <array>
        <string>/nix/store/qv29whm9sdfwbxpsysjdiki6z0rylabv-dnsmasq-2.82/bin/dnsmasq</string>
        <string>--listen-address=127.0.0.1</string>
        <string>--port=35353</string>
        <string>--keep-in-foreground</string>
        <string>--address=/localhost/127.0.0.1</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/var/log/dnsmasq.log</string>
</dict>
</plist>

The /etc/resolver/localhost contain:

nameserver 127.0.0.1.35353

scutil --dns returns entry for localhost TLD:

DNS configuration

resolver #1
  search domain[0] : srebrna.space
  nameserver[0] : 192.168.188.199
  if_index : 6 (en0)
  flags    : Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

resolver #8
  domain   : localhost
  nameserver[0] : 127.0.0.1
  flags    : Request A records, Request AAAA records
  reach    : 0x00030002 (Reachable,Local Address,Directly Reachable Address)

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : srebrna.space
  nameserver[0] : 192.168.188.199
  if_index : 6 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)

But I cannot resolve it:

$ host test.localhost
Host test.localhost not found: 3(NXDOMAIN)

Even while querying DNSmasq directly returns correct response:

$ dig -p 35353 @127.0.0.1 test.localhost

; <<>> DiG 9.10.6 <<>> -p 35353 @127.0.0.1 test.localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18207
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.localhost.            IN  A

;; ANSWER SECTION:
test.localhost.     0   IN  A   127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#35353(127.0.0.1)
;; WHEN: Mon Jan 25 14:23:47 CET 2021
;; MSG SIZE  rcvd: 59

My system is Big Sur 11.1

Darwin 20.2.0 Darwin Kernel Version 20.2.0: Wed Dec  2 20:39:59 PST 2020; root:xnu-7195.60.75~1/RELEASE_X86_64 x86_64 i386

Best Answer

This got me going: https://gist.github.com/petemcw/9265821

I used localhost as the .com. Not sure if it was reloading dnsmasq plist or adding the domain to the resolver, but this is what I did and have it working now, after setting up the dnsmasq configuration file:

Reload configuration and clear cache:

$ sudo launchctl unload /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
$ sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
$ dscacheutil -flushcache

Setup DNS resolving:

$ sudo tee /etc/resolver/localhost > /dev/null <<EOF
nameserver 127.0.0.1
domain localhost
search_order 1
EOF

Related Solutions

MacOS – Mac OS X Mountain Lion – DNS resolving uses wrong order on VPN via dial-up connection

I had the same problem on my Mac, and after fixing it I have figured out that it was caused by FortiClient (VPN client). Even when FortiClient was disconnected - it's DNS still appeared in the scutil.

The solution for me was:

scutil
> list ".*DNS"

This will show you a list of all DNS configs, that will look something like:

subKey [0] = State:/Network/Global/DNS <br>
subKey [1] = State:/Network/MulticastDNS<br>
subKey [2] = State:/Network/OpenVPN/DNS<br>
subKey [3] = State:/Network/OpenVPN/OldDNS<br>
subKey [4] = State:/Network/PrivateDNS<br>
subKey [5] = State:/Network/Service/forticlientsslvpn/DNS <br>

To check each of them run: (until you find the problematic one)

> get key_name
> d.show

…and to fix it run:

> get key_name
> d.remove ServerAddresses
> set key_name

This is how it looked on my machine:

> get State:/Network/Service/forticlientsslvpn/DNS 
> d.show
<dictionary> {
  ServerAddresses : <array> {
    0 : 192.168.30.6
    1 : 192.168.30.15
  }
  SupplementalMatchDomains : <array> {
    0 :
  }
  SupplementalMatchOrders : <array> {
    0 : 100000
  }
}
> d.remove ServerAddresses
> d.show
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 :
  }
  SupplementalMatchOrders : <array> {
    0 : 100000
  }
}
> set State:/Network/Service/forticlientsslvpn/DNS
> exit

MacOS – Do /etc/resolver/ files work in Mountain Lion for DNS resolution

This question seems a bit old, but I'm going to answer it anyways as I had a similar problem:

Yes, this works.

Your first problem is that you obviously have the wrong IP (8.8.8.8 instead of 203.12.160.35) in /etc/resolver/apple.com. Verify that the contents of this file is really:

nameserver 203.12.160.35

Then scutil --dns should have an entry like this:

resolver #8
  domain   : apple.com
  nameserver[0] : 203.12.160.35

The second problem is that you tried to verify it using nslookup which does not use the DNS resolution mechanisms of OS X. If you look at the man page of nslookup you will find this:

Mac OS X NOTICE
   The nslookup command does not use the host name and address resolution or the DNS 
   query routing mechanisms used by other processes running on Mac OS X.  The results of 
   name or address queries printed by nslookup may differ from those found by other
   processes that use the Mac OS X native name and address resolution mechanisms. The 
   results of DNS queries may also differ from queries that use the Mac OS X DNS routing 
   library.

To check your DNS config you could do

dns-sd -G v4 images.apple.com

and verify if it yields the same IP as

nslookup images.apple.com 203.12.160.35

Best Answer

Related Solutions

MacOS – Mac OS X Mountain Lion – DNS resolving uses wrong order on VPN via dial-up connection

MacOS – Do /etc/resolver/ files work in Mountain Lion for DNS resolution

Related Question