At work we have some internal subdomains that only resolve via a specific DNS server only available via a VPN, that is pushed automatically upon connection.
I don’t want all my queries to go trough this DNS resolver, mainly because the one I usually use blocks ads and trackers.
After doing some research, I stumbled upon this tip on Mac OS X Hints from… 2004!
The solution is simple: to specify the resolver to use for a specific domain, create a file named after the domain in /etc/resolver/
and add the nameservers.
stanislas@mbp ~> cat /etc/resolver/domain.tld
nameserver 192.168.42.42
Now, all my queries for domain.tld
will be resolved by 192.168.42.42
.
The caveat with this technique is that tools like dig
won’t actually resolve domains like apps and will bypass this.
To make sure your config works you better use scutil --dns
:
resolver #8
domain : domain.tld
nameserver[0] : 192.168.42.42
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
Try to ping the domains to test your changes. If it doesn’t work, the easiest way might be to reboot 🤷♂️. I haven’t found a better solution to get it to work right away.
Since the domain also contains publicly-accessible websites that I use, I want to be able to access them without the VPN. To do so, I just add another resolver in the file above. It will add some latency because of the fallback, but it will work.