dns

Links

resolver(5) – manpage
dig howto
nslookup
man 5 resolver
Setting up wildcard DNS on localhost domains on OSX
Set DNS server on OS X even when without internet connection
Notes
- dig and nslookup all use the DNS resolver so the ordering present in /etc/resolv.conf matters.
- ping uses the internal OS X name resolution system which uses a "super DNS search client". That list can be seen by running scutil --dns.
Search Strategy
- See the "Search Strategy" section of resolver(5)
BIND Configuration Files
ISC Bind links
OS X 10.6.3 and DNS server priority changes
- Set/add StrictUnicastOrdering to true under EnableTransactions in /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
Configure DNS lookups from the terminal
Programmatically changing network configuration
Yosemite
- sudo discoveryutil configresolver
- joedj/yosemite_dnsfix
- How to Flush DNS Cache in OS X Yosemite with discoveryutil
  - sudo discoveryutil mdnsflushcache; sudo discoveryutil udnsflushcaches
- Why DNS in OS X 10.10 is broken, and what you can do to fix it
How to Flush DNS Cache
- Tiger through Yosemite.
Bonjour and DNS Service Discovery
- Wide area Bonjour using Dyn DNS.

Snippets

Flush DNS cache

sudo dscacheutil -flushcache

# This is part of "dscacheutil -flushcache" so you don't
# need to do it explicitly.
sudo killall -HUP mDNSResponder

DNS Lookup

To perform DNS resolution the way OS X natively does it (dig, nslookup, etc. don't go through the system resolution order), use dscacheutil (ping works too.)

developer.apple.com/…/man1/dig.1.html contains this notice:

The dig command does not use the host name and address resolution or the DNS query routing mechanisms used by other processes running on Mac OS X. The results of name or address queries printed by dig may differ from those found by other processes that use the Mac OS X native name and address resolution mechanisms. The results of DNS queries may also differ from queries that use the Mac OS X DNS routing library.

dscacheutil -q host -a name www.google.com
# name: www.google.com
# ipv6_address: 2607:f8b0:4005:802::1011

# name: www.google.com
# ip_address: 74.125.129.104
# ip_address: 74.125.129.106
# ip_address: 74.125.129.105
# ip_address: 74.125.129.103
# ip_address: 74.125.129.147
# ip_address: 74.125.129.99

Set DNS servers for specific domains

You can set up DNS servers that should be used just for specific domains names this way.

Edit

/etc/resolver/[subdomains].domain.TLD

Add

nameserver 1.2.3.4
nameserver 1.2.3.5

Local DNS server

# bind is not present on OS X Mavericks
sudo port install bind9
# Set to autoload with launchctl and load it now.
sudo port load bind9
# sudo port unload bind9  # If you want to stop the server.

# NOTE: Change the paths to /opt/local/etc instead of /etc in the
# following commands if using the macports version.

# Generate key file for bind.
sudo rndc-confgen -b 256 -a -c /etc/rndc.key

# Confirm that named and bind aren't using the same port.
sudo grep -E 'inet.*port' /opt/local/etc/named.conf
sudo grep -E 'inet.*port' /opt/local/etc/named.conf

# Start bind.  It also startup automatically next time.
# Not needed for the macports version (you ran "sudo port load bind9")
sudo launchctl load -w /System/Library/LaunchDaemons/org.isc.named.plist

If you want to use a different name than localhost, then clone the localhost section in /opt/local/etc/named.conf and replace localhost there with a different name, say, lhost. However, if you're just wanting to add wildcards to localhost, then no change is needed. (Some of the snippets below will show the lhost version commented out for informational purposes.)

For reference, if you cloned localhost to lhost, it would look like this.

zone "lhost" IN {
        type master;
        file "lhost.zone";
        allow-update { none; };
};

Now edit /opt/local/var/named/db.localhost (this is just a zone file). (If you're creating the lhost zone instead, clone this file as db.lhost and make appropriate changes. For db.localhost, you only need to append one line to the end of the file. Here's what it looks like.

$TTL    86400
$ORIGIN localhost.
@                       1D IN SOA       @ root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        1D IN NS        @
                        1D IN A         127.0.0.1

; Note(chirayu): The following line was added.
*.localhost. 86400 IN A 127.0.0.1

Now verify your config.

# This command will have no output.
sudo named-checkconf /opt/local/etc/named.conf
# This should print out "OK".
sudo named-checkzone localhost /opt/local/var/named/db.localhost
# sudo named-checkzone lhost /opt/local/var/named/db.lhost

Test

dig @localhost foo.localhost
# dig @localhost foo.lhost

# Don't use nslookup - it doesn't not use OS X's DNS lookup mechanism
dns-sd -G v4 foo.localhost
dns-sd -G v4 foo.cheshire.local.c-k.me

Reload bind / rdnc

# Reload bind / rdnc
sudo rndc -p 54 reload

# Flush cache
sudo dscacheutil -flushcache

Set 127.0.0.1 as the nameserver for localhost

Note: You can not just add 127.0.0.1 to the list of DNS servers in the Network "tab" of System Preferences. First, you'll have to do it per interface. But more importantly, adding 127.0.0.1 or any address there will disable the greyed out DNS servers listed there that were returned by DHCP. Good luck if you need those nameservers to resolve other names!

# Create if not exists
sudo mkdir /etc/resolver

sudo vim /etc/resolver/localhost
# sudo vim /etc/resolver/lhost

# Add this single line,
#
#     nameserver 127.0.0.1
#
# to this file, save and exit.

What DNS servers are being used?

scutil --dns


# Another way
networksetup listallnetworkservices

#    An asterisk (*) denotes that a network service is disabled.
#    Bluetooth DUN
#    Thunderbolt Ethernet
#    Wi-Fi

networksetup -getdnsservers Wi-Fi
#    There aren't any DNS Servers set on Wi-Fi.

# Note:  That statement above is a lie.  There aren't
#   any DNS servers set *explicitly* but OS X is still
#   using the ones returned by DHCP.  It just isn't
#   listing it here.
#
#   "scutil --dns" would have shown them to you.

# Example of setting two DNS servers.
# NOTE:  This will make OS X stop using the DHCP
#   provided DNS servers so you're now out of luck for
#   resolving names that those would have resolved. :(
sudo networksetup -setdnsservers Wi-Fi 127.0.0.1 192.168.6.1

Augment the DNS servers for the current adapter

This is temporary. You'll have to script it to do it automatically on network service changes.

NOTE: Updating State:/Network/Global/DNS does not appear to help with this.

$ sudo scutil
> list State:/Network/Service/[^/]+/DNS
  subKey [0] = State:/Network/Service/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/DNS
>
>
> show State:/Network/Service/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/DNS
<dictionary> {
  DomainName : cheshire.roam.chirayuk.com
  SearchDomains : <array> {
    0 : chirayuk.com
  }
  ServerAddresses : <array> {
    0 : 8.8.8.8
    1 : 8.8.4.4
  }
}

> d.init
> get State:/Network/Service/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/DNS
# d.add key [*#?] val [v2 ...]  : add information to dictionary
#       (*=array, #=number, ?=boolean, %=hex data)
# 
> d.add ServerAddresses * 8.8.8.8 8.8.4.4 127.0.0.1
> d.add SearchDomains * local.c-k.me chirayuk.com

# Confirm it looks good.
> d.show

# Set config from dict
# This automatically updates /etc/resolv.conf
> set State:/Network/Service/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/DNS

Renew DHCP

ifconfig set en0 NONE && ifconfig set en0 DHCP