macOS DNS Routing by Domain
Table of Contents
Overview #
I have been looking into a solution for using specific DNS servers for certain internal sudomains. These DNS servers are only available via VPN.
I don’t want all my queries to go trough this internal DNS resolver, because the my usual resolver blocks ads and trackers.
The solution is simple: to specify the resolver to use for a specific domain, create a file named after the domain in /etc/resolver/ and add the nameservers.
Configuration #
First make sure the /etc/resolver/ directory exists
macbook:~ user$ sudo mkdir /etc/resolver/Create the domain file
macbook:~ user$ sudo vi /etc/resolver/example.comAdd the nameservers to the file you just created
macbook:~ user$ cat /etc/resolver/example.com
nameserver 192.0.2.100Now, all queries for example.com will be resolved by 192.0.2.100.
The caveat with this technique is that tools like dig won’t actually resolve domains like apps and will bypass this.
Testing #
To make sure your config works you better use scutil –dns:
macbook:~ user$ scutil --dns
resolver #8
domain : example.com
nameserver[0] : 192.0.2.100
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)