macOS DNS Routing by Domain

Published Friday, Mar 26, 2021 by Tony Davis

Overview

I have been looking into a solution for using specific DNS servers for certain internal sudomains. These DNS servers are only available via VPN.

I don’t want all my queries to go trough this internal DNS resolver, because the my usual resolver blocks ads and trackers.

The solution is simple: to specify the resolver to use for a specific domain, create a file named after the domain in /etc/resolver/ and add the nameservers.

Configuration

First make sure the /etc/resolver/ directory exists

macbook:~ user$ sudo mkdir /etc/resolver/

Create the domain file

macbook:~ user$ sudo vi /etc/resolver/example.com

Add the nameservers to the file you just created

macbook:~ user$ cat /etc/resolver/example.com
nameserver 192.0.2.100

Now, all queries for example.com will be resolved by 192.0.2.100.

The caveat with this technique is that tools like dig won’t actually resolve domains like apps and will bypass this.

Testing

To make sure your config works you better use scutil –dns:

macbook:~ user$ scutil --dns
resolver #8
  domain   : example.com
  nameserver[0] : 192.0.2.100
  flags    : Request A records, Request AAAA records
  reach    : 0x00000002 (Reachable)