MacOS – Use hostnames from second network interface

macosNetworkwifi

MacBook Pro Mid-2015, macOS Catalina 10.15.2.

Summary

My Mac is connected to Wi-Fi and a wired LAN. Wi-Fi is the first in the Service Order in Network Preferences. There are some hostnames in the wired LAN that don't exist on the Wi-Fi.

How can I make it so that hostnames which don't exist on the Wi-Fi network, are "looked up" in the wired LAN network?

I am connected to a Wi-Fi network (which has an internet connection), and I am using a USB Ethernet adapter to connect to a second LAN (from which I can't figure out how to access the internet).

I changed my System Preferences > Network ordering so that the Wi-Fi takes precedence over the wired LAN. If I don't do this, then it seems I can't access the internet.

Trying to access the internet with the Service Order the other way round looks like this:

$ ping google.com
PING google.com (172.217.169.78): 56 data bytes
Request timeout for icmp_seq 0
36 bytes from vlan...(lots of stuff, not sure how sensitive).myuni.co.uk (129.??.??.?): Communication prohibited by filter
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 58db   0 0000  3d  01 a4f5 192.168.??.??  172.217.169.78 

16 bytes from ....myuni.co.uk (192.168.???.???): Router Advertisement

Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
36 bytes from vlan.....myuni.co.uk (129.???.??.??): Communication prohibited by filter
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 6cc8   0 0000  3d  01 9108 192.168.??.???  172.217.169.78

I've never seen this kind of ping response before and don't know what it means. It was easy enough for me to infer however that it's going to be more difficult for me to access the internet through the wired LAN.

So I rearranged the Service Order and put wifi first. Now my internet access works as usual.

However, that means that the custom hostnames from the wired LAN aren't available:

$ ping customhostname
ping: cannot resolve customhostname: Unknown host

If I turn Wi-Fi off then it works:

$ ping customhostname
PING customhostname.myuni.co.uk (192.168.100.200): 56 data bytes

Additionally, I can leave Wi-Fi turned on and still access that computer via the IP:

$ ping customhostname
ping: cannot resolve customhostname: Unknown host
$ ping 192.168.100.200
PING 192.168.100.200 (192.168.100.200): 56 data bytes

But how can I make it so that hostnames which aren't recognised (in this case, customhostname) by the Wi-Fi interface, are "looked up" in the wired LAN interface?

I don't want to have to memorise the IP address, and manually update my own records whenever it changes.

Best Answer

To solve your problem you need to install a local DNS server.

The DNS server should then simply be setup to use your current DNS server for all lookups, except those that belong to the "custom hostnames" (*.myuni.co.uk for example) that you want to force to be looked up via the alternative DNS server.

For example here's the way to set it up with the the very popular "bind" DNS-server software:

You install "bind" by using HomeBrew. If you have HomeBrew installed already, you can open the Terminal and use this command to install it:

brew install bind

To configure bind, you need to edit the named.conf configuration file. First you need to define your local IPs (your own computers). This ensures that only you can do DNS lookups using your computer:

  acl mycomputers {
    localhost;
    localnets;
  }

This is a simple configuration that just allows your own computer to do lookups. If you have other devices that you want to use this computer for DNS as well, you can add their IPs or a whole subnet to the list as well.

Then in the existing "options" block, you make it look like this:

options {
  [...]
  recursion yes;
  allow-query { mycomputers };
  zone "myuni.co.uk" in { type forward; forward only; forwarders { 1.1.1.1; 2.2.2.2; }; };
  forwarders {
      8.8.8.8;
      8.8.4.4;
  }

}

Recursion means that you allow clients to lookup "other people's domains" - i.e. not just host names and IP addresses defined on your computer, but by looking other domain names up on the internet.

Allow-query restricts access to only your own computers.

The zone line means that the specific domain myuni.co.uk is going to be handled by a specific set of DNS-servers. I.e. all queries for *.myuni.co.uk is forwarded to these servers. You need to replace 1.1.1.1/2.2.2.2 with the IP addresses of your Uni's DNS servers.

The next line "forwarders" means that all other queries are forwarded to other DNS servers. In this case I just put in the IP addresses for Google's DNS service, but you can your existing DNS server IPs here.

Note that "bind" does come with lots of options and configuration possibilities - it might be a bit hard to grasp at first.

Another option would be install the more limited, but easier to setup "dnsmasq" software. It is also available from HomeBrew with brew install dnsmasq.

With dnsmasq you can essentially keep defaults to use your ordinary DNS servers, and then use the following option:

--server=/myuni.co.uk/1.1.1.1

to forward queries for *.myuni.co.uk to your Uni's DNS server (replace that IP for 1.1.1.1).

Note that dnsmasq also does other things than just DNS - like for example being a DHCP server. This functionality you do not want, so keep it disabled.

Related Question