MacOS Networking – How to Prepend 127.0.0.1 to DNS Servers List

dhcpdnsdnsmasqmacosnetworking

I am trying to use dnsmasq to resolve certain known domains using its configuration, but let the rest of the requests go through to the normal DNS server assigned by DHCP. I cannot get this to work. When I set DNS to 127.0.0.1 through the Network panel, I have to hardcode the DHCP assigned DNS servers to dnsmasq's configuration. However, when I'm on a different network, e.g. at work, at a client, these addresses are different. I have to reconfigure anytime I change networks.

How can I configure OS X to use 127.0.0.1 AND any DNS servers assigned through DHCP?

If that is not possible, then how can I tell dnsmasq to obtain upstream DNS servers through DHCP?

Here's what I know so far.

/etc/resolv.conf on OS X is dynamic, it changes according to what you set in the Network preferences, or using DHCP. It changes anytime you reconnect. It's even deleted when you go offline. So as soon as I use 127.0.0.1 this is reflected in /etc/resolv.conf and I don't know if there is any place where the formerly DHCP-assigned DNS addresses can be found.
OS X doesn't use /etc/resolv.conf.head.
OS X doesn't use /etc/dhclient.conf where you can prepend DNS servers to the DHCP provided list.
/etc/resolver/tld.conf is not a solution, because that tries to use a DNS server based on matching a tld (it's good if you use .dev or something).

Edit:
There is a screenshot of the Network DNS setting here that looks like what I want, but I have no idea how the author of that article achieved.

Best Answer

First, using 127.0.0.1 AND the DHCP-assigned DNS server won't work. If OS X has multiple DNS servers configured, it doesn't try them in sequence, it does something more like round robin -- sending different requests to different servers more or less at random. Net result: some of the lookups you wanted handled by dnsmasq will go to the regular server instead (and get the wrong result), and some that you wanted sent to the regular server will go to dnsmasq (and fail). Not good.

Telling dnsmasq to use the DHCP-provided DNS server might be possible, but I don't see a clean way to do it. Instead, what I'd recommend is using a DNS config that overrides the regular DNS config for the domains you want specially handled. There are two options for this:

Skip dnsmasq, and put the hosts you want specially handled into /etc/hosts (see this article, for example).
Use /etc/resolver/ files to direct queries for specific domains to 127.0.0.1, overriding the general (DHCP-supplied) DNS server (see the man page for /etc/resolver and this Mac OS X Hints article. Essentially, you create the /etc/resolver folder, and put a file in it for each domain you want to override. E.g. /etc/resolver/somedomain.com would contain "nameserver 127.0.0.1".

Related Solutions

Macos – How to use dnsmasq with DHCP-assigned DNS servers

Sounds like you're trying to achieve the exact same thing I've just setup on my new MacBook and have previously had working on my Linux dev machines.

As you know, manually adding 127.0.0.1 to your DNS entries in network settings is a pain because it has to be reapplied when changing network interfaces / connecting to alternate wifi access points and also prevents your machine from automatically picking up the DNS servers assigned through DHCP. Thankfully, the following solution completely avoids having to mess with your network settings so you can use DHCP as normal.

First off, if you've previously manually added 127.0.0.1 and external DNS servers to your network interface, now is the time to delete them and reset it back to DHCP defaults.

Having done that, you now need to create the folder /etc/resolver.

sudo mkdir /etc/resolver

Within this folder, you can now add text files named by domain to match and containing nameserver entries to use for those matching requests. OS X will automatically look in this folder for rules so it really is that simple.

So, for your setup (same as mine), we want to create a text file called /etc/resolver/dev (to catch all requests for *.dev) containing a standard nameserver entry for 127.0.0.1 (local IP used by dnsmasq).

sudo bash -c 'echo "nameserver 127.0.0.1" > /etc/resolver/dev'

Now all DNS requests for *.dev domains will be passed on to dnsmasq at 127.0.0.1 and anything not matching *.dev will be handled as normal by whatever DNS servers your DHCP has picked up.

Linux – Systemd-networkd: How to prepend a static nameserver entry to DHCP-discovered nameservers

Have you tried adding these two lines:

  [Network]
  DNS=127.0.0.1

to one of the files /etc/systemd/network/*.network? For instance, for a dhcp client, modify /etc/systemd/network/80-dhcp.network to contain the lines:

  [Match]
  Name=en*

  [Network]
  DHCP=yes
  DNS=127.0.0.1

EDIT:

Have you tried the in_addr representation? Try substituting 127.0.0.1 with 16777343.

Best Answer

Related Solutions

Macos – How to use dnsmasq with DHCP-assigned DNS servers

Linux – Systemd-networkd: How to prepend a static nameserver entry to DHCP-discovered nameservers

Related Question