7

I expect to be able to resolve the DNS name www.foobar.dev using a DNS server that's running in a VM on my OS/X (High Sierra) system because I have created an /etc/resolver/dev file containing the following one line: (specifying the VM's virtual address)

nameserver ww.xx.yy.zz

... but dig www.foobar.dev continues to consult the Internet nameserver,

while dig @ww.xx.yy.zz www.foobar.dev successfully retrieves the entry from the VM's DNS.

I've used the dscacheutil command to be sure that an errant entry is not in the DNS resolver cache.

So, why isn't the presence of an /etc/resolver/dev file with the specified contents sufficient to direct "anything.dev" to the specified DNS server?

Interestingly – sometimes it seems to work. Also, the command scutil --dns produces the following expected entry, which seems to indicate that the /etc/resolver/dev file is being detected!

resolver #8
  domain   : dev
  nameserver[0] : ww.xx.yy.zz
  flags    : Request A records
  reach    : 0x00020002 (Reachable,Directly Reachable Address)
Mike Robinson
  • 8,490
  • 5
  • 28
  • 41
  • Post "https://stackoverflow.com/questions/19579138/osx-mavericks-dnsmasq-stops-working/19651350#19651350" directly indicates that this ought to work, and the correct operation of the `dig @ww.xx.yy.zz` command clearly indicates that the `dnsmasq` server on the VM is operating correctly and that it can be reached from the OS/X side. When directly addressed, it answers correctly. But the problem is, it isn't being asked. – Mike Robinson Jun 18 '18 at 17:02
  • 1
    Even more confusing, but possibly significant: I found this frequently-referenced web page https://passingcuriosity.com/2013/dnsmasq-dev-osx/ and after confirming that I had done things comparable to what they say, I tried `ping www.foobar.dev` and my ping-response came from `ww.xx.yy.zz`! So, the `ping` command *did* come up with the right iP! But still, the `dig` command did *not* query that DNS server by default and thus said `NXDOMAIN`. So now I am quite confused. – Mike Robinson Jun 18 '18 at 17:44

3 Answers3

23

It's probably working fine, you're just testing it wrong. dig (and host and nslookup) don't use the system resolver, nor do they fully implement the system resolver's lookup policy. As a result, they're useful for testing the DNS system itself, but not for testing how the OS uses DNS. The official way to test the system resolver is dscacheutil (e.g. dscacheutil -q host -a name www.foobar.dev ), but that's annoyingly verbose, so I tend to just use ping (and/or ping6 for IPv6) and look at the IP it reports.

Gordon Davisson
  • 118,432
  • 16
  • 123
  • 151
5

As @GordonDavisson in other answer said - ping command is useful for the system resolver testing. My addition is that it also may fail because of DNS cache. Do not forget to clear it:

sudo killall -HUP mDNSResponder
mixel
  • 25,177
  • 13
  • 126
  • 165
1

Better replace /etc/resolver files with true DNS config, as just like /etc/resolv.conf this is all legacy stuff kept only for backward compatibility (and maybe because POSIX requires it?).

Here's how you can do it from command line using scutil, it's really simple.

Of course, there is also a programmatic interface to all this.
See Apple's SystemConfiguration Framework.

Mecki
  • 125,244
  • 33
  • 244
  • 253
  • I've seen that you mention `/etc/resolver` being kept for backward compatibility in a couple of places, and I've desperately been trying to find some authoritative documentation that explains the relationship between `scutil` and `/etc/resolver` without success. Can you please point me to the source that mentions the backward compatibility? – Thomas Hallgren Aug 27 '22 at 06:23
  • @ThomasHallgren First of all there is the comment inside `/etc/resolv.conf` itself https://snippi.com/s/6iep7fc and then there is `man 5 resolver` saying https://snippi.com/s/66fb8sa Why would you keep a file around, that is not used by the majority of DNS functions in the system (as the file itself tells you) if not for backward compatibility with hundreds of programs that simply parse `/etc/resolv.conf` if they want to know the DNS settings? As the later one is common for cross-platfom code since there is no POSIX API for getting DNS settings. – Mecki Aug 28 '22 at 22:02