Redirect to an alternative DNS Lookup server depending on domain request

dnsNetworkPROXY

Background

I had a problem loading images from a particular website. ( more details of that here)

Someone at work Suggested I change my DNS servers to openDNS and see if that resolves the problem.

As they thought it may be that the DNS server from my provider is what was slowing down the page/image loads due to the cross domain calls with its javascript.

It turns out that this was indeed the case. The images loaded as expect with the new DNS servers ( google 8.8.8.8 and 8.8.4.4)
Changing back the Problem reoccurs.

But I do not really want to change my DNS servers. Especially for just one site.

Question

Is there any way I can use my normal DNS server addresses. But have a proxy (PAC file) that redirects to an alternate DNS server when this web domain (cultofma.com) is used.

Best Answer

You can specify the DNS servers that will be used for specific domains, but AFAIK this requires you to run BIND (named) on your machine. In this situation, your computer would be running a named process, and will have its configuration file setup to forward DNS requests for most queries to your ISP (i.e., the DNS servers that you were using before Google's Open DNS). This also allows you to specify domains in which you'd like the 'alternative' DNS server to be queried. Once you've got named up and running, you could then configure System Preferences to use your loopback address (127.0.0.1) for DNS lookups. The /etc/named.conf file for this configuration (based on Apple's default named.conf) would look something like:

//
// Include keys file
//
include "/etc/rndc.key";

// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.

//
// Default controls
//
controls {
    inet 127.0.0.1 port 953 allow {any;}
    keys { "rndc-key"; };
};

options {
    directory "/var/named";
    /*
     * If there is a firewall between you and nameservers you want
     * to talk to, you might need to uncomment the query-source
     * directive below.  Previous versions of BIND always asked
     * questions using port 53, but BIND 8.1 uses an unprivileged
     * port by default.
     */
    // query-source address * port 53;

    // *** forward all DNS lookups to these servers
    forwarders { 8.8.8.8; 8.8.4.4; };
};
// 
// a caching only nameserver config
// 

zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
    allow-update { none; };
};

// *** requests for records in this zone will be forwarded to 10.0.0.5
zone "test.example.com" IN {
    type forward;
    forwarders { 10.0.0.5; 10.0.0.6; };
    forward only;
};

logging {
        category default {
                _default_log;
        };

        channel _default_log  {
                file "/Library/Logs/named.log";
                severity info;
                print-time yes;
        };
};

Configuring named

Before starting named, it may be necessary to generate the rndc key that's being used for rndc control:

sudo rndc-confgen -a

Note: the only portion of the default /etc/named.conf file that was modified above is the line in "options" that specifies the forwarder DNS servers (the ones that will answer most of your queries), as well as a zone entry for the "special" zone that you'd like to perform split horizon lookups for.

In this example, all queries are forwarded to the DNS servers 8.8.8.8 and 8.8.4.4 (Google Open DNS) with the exception of queries for records in the "test.example.com" domain (which are forwarded to 10.0.0.5 and 10.0.0.6).

Forwarder options

// *** forward all DNS lookups to these servers
forwarders { 8.8.8.8; 8.8.4.4; };

Zone to forward

// *** requests for records in this zone will be forwarded to 10.0.0.5 and 10.0.0.6
zone "test.example.com" IN {
    type forward;
    forwarders { 10.0.0.5; 10.0.0.6; };
    forward only;
};

Test your local named configuration

Next, you can test your named installation by running it in the foreground (before committing to the setup):

sudo /usr/sbin/named -g

In another Terminal window, query your local DNS server to confirm that it is working:

nslookup  apple.com 127.0.0.1

Make sure that your "special" forwarding zone is being utilized:

nslookup test.example.com 127.0.0.1

Setup named process to start at boot

Once you see that the lookups are working as expected, you can kill the named process that's running in the foreground of the first Terminal window by issuing an interrupt using the "Control"+"C" key command (^C).

It's possible to start the DNS server every time the machine boots by enabling the launch daemon job for that process:

sudo launchctl load -w /System/Library/LaunchDaemons/org.isc.named.plist

Lastly, you'd configure that the local machine's loopback address be used as the DNS server in System Preferences -> Network.

How to remove configuration and setup

This setup could potentially cause network problems (if not configured correctly). Here are some instructions on how to undo this setup:

1.) Remove the DNS server (127.0.0.1) from the network interface that you configured in System Preferences.

2.) Disable the launchd job that causes named to start on boot:

sudo launchctl unload /System/Library/LaunchDaemons/org.isc.named.plist

Best Answer

Related Solutions

MacOS – Ping and curl resolve to one IP, dig/nslookup/host resolve to another

MacOS – Browser (Safari, Chrome, Firefox) routes to incorrect server for domain

Related Question