MacOS – Do /etc/resolver/ files work in Mountain Lion for DNS resolution

dnsmacos

Can anyone tell me if adding a file under /etc/resolver will work for DNS resolution using a DNS server other than what is handed out via DHCP ?

My issue is that I want to use OpenDNS for a clients home DNS resolution in order to take advantage of the filtering and anti scam capabilities but the massive disadvantage is that here in Australia things such as Apple content are delivered by a CDN (Akamai) which will then server content using a US based delivery point.

What I want to do is have the DNS server address handed out via DHCP to be the local router address (DNSMasq using OpenDNS DNS servers) and then, for example, place a file called apple.com under /etc/resolver with the following line:

nameserver 203.12.160.35

The idea is that any DNS request to apple.com would be resolved by a TPG (my ISP) DNS server rather than the local routers DNSMasq daemon using OpenDNS servers.

So I have done this and the output of scutil –dns is:

DNS configuration

resolver #1
  search domain[0] : harland
  nameserver[0] : 192.168.10.1
  nameserver[1] : 192.168.10.1
  if_index : 4 (en2)
  reach    : Reachable,Directly Reachable Address

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 301000

resolver #8
  domain   : apple.com
  nameserver[0] : 8.8.8.8

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : harland
  nameserver[0] : 192.168.10.1
  nameserver[1] : 192.168.10.1
  if_index : 4 (en2)
  flags    : Scoped
  reach    : Reachable,Directly Reachable Address
macbookair:resolver

Now the output of an nslookup on apple.com is:

macbookair:resolver ilium007$ nslookup apple.com
Server:     192.168.10.1
Address:    192.168.10.1#53

Non-authoritative answer:
Name:   apple.com
Address: 17.149.160.49
Name:   apple.com
Address: 17.172.224.47

macbookair:resolver

So I am not using the TPG DNS server – I am still resolving against 192.168.10.1 which is the local router. Does the order of the resolvers matter ? ie. the entry created after I place the apple.com file in /etc/resolver is resolver #8:

resolver #8
  domain   : apple.com
  nameserver[0] : 8.8.8.8

I would really like a way to make this work – any help would be appreciated.

Best Answer

This question seems a bit old, but I'm going to answer it anyways as I had a similar problem:

Yes, this works.

Your first problem is that you obviously have the wrong IP (8.8.8.8 instead of 203.12.160.35) in /etc/resolver/apple.com. Verify that the contents of this file is really:

nameserver 203.12.160.35

Then scutil --dns should have an entry like this:

resolver #8
  domain   : apple.com
  nameserver[0] : 203.12.160.35

The second problem is that you tried to verify it using nslookup which does not use the DNS resolution mechanisms of OS X. If you look at the man page of nslookup you will find this:

Mac OS X NOTICE
   The nslookup command does not use the host name and address resolution or the DNS 
   query routing mechanisms used by other processes running on Mac OS X.  The results of 
   name or address queries printed by nslookup may differ from those found by other
   processes that use the Mac OS X native name and address resolution mechanisms. The 
   results of DNS queries may also differ from queries that use the Mac OS X DNS routing 
   library.

To check your DNS config you could do

dns-sd -G v4 images.apple.com

and verify if it yields the same IP as

nslookup images.apple.com 203.12.160.35

Related Solutions

MacOS – Mac OS X Mountain Lion – DNS resolving uses wrong order on VPN via dial-up connection

I had the same problem on my Mac, and after fixing it I have figured out that it was caused by FortiClient (VPN client). Even when FortiClient was disconnected - it's DNS still appeared in the scutil.

The solution for me was:

scutil
> list ".*DNS"

This will show you a list of all DNS configs, that will look something like:

subKey [0] = State:/Network/Global/DNS <br>
subKey [1] = State:/Network/MulticastDNS<br>
subKey [2] = State:/Network/OpenVPN/DNS<br>
subKey [3] = State:/Network/OpenVPN/OldDNS<br>
subKey [4] = State:/Network/PrivateDNS<br>
subKey [5] = State:/Network/Service/forticlientsslvpn/DNS <br>

To check each of them run: (until you find the problematic one)

> get key_name
> d.show

…and to fix it run:

> get key_name
> d.remove ServerAddresses
> set key_name

This is how it looked on my machine:

> get State:/Network/Service/forticlientsslvpn/DNS 
> d.show
<dictionary> {
  ServerAddresses : <array> {
    0 : 192.168.30.6
    1 : 192.168.30.15
  }
  SupplementalMatchDomains : <array> {
    0 :
  }
  SupplementalMatchOrders : <array> {
    0 : 100000
  }
}
> d.remove ServerAddresses
> d.show
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 :
  }
  SupplementalMatchOrders : <array> {
    0 : 100000
  }
}
> set State:/Network/Service/forticlientsslvpn/DNS
> exit

MacOS – Local DNS circumvented when WiFi is active

I think the DNS settings for each device are independent, so you need to configure DNS in the Advanced tab of system preferences for each NIC (en0, en1, etc.)

Best Answer

Related Solutions

MacOS – Mac OS X Mountain Lion – DNS resolving uses wrong order on VPN via dial-up connection

MacOS – Local DNS circumvented when WiFi is active

Related Question