macOS DNS Routing by Domain
I have been looking into a solution for using specific DNS servers for certain internal sudomains. These DNS servers are only available via VPN.
I don’t want all my queries to go trough this internal DNS resolver, because the my usual resolver blocks ads and trackers.
The solution is simple: to specify the resolver to use for a specific domain, create a file named after the domain in /etc/resolver/ and add the nameservers.
First make sure the /etc/resolver/ directory exists
macbook:~ user$ sudo mkdir /etc/resolver/
Create the domain file
macbook:~ user$ sudo vi /etc/resolver/example.com
Add the nameservers to the file you just created
macbook:~ user$ cat /etc/resolver/example.com nameserver 192.0.2.100
Now, all queries for example.com will be resolved by 192.0.2.100.
The caveat with this technique is that tools like dig won’t actually resolve domains like apps and will bypass this.
To make sure your config works you better use scutil –dns:
macbook:~ user$ scutil --dns resolver #8 domain : example.com nameserver : 192.0.2.100 flags : Request A records, Request AAAA records reach : 0x00000002 (Reachable)