Add DNS resolver on MacOS
version 0.1, 2023-04-18
I tried using dnsmasq as a way to allow modifying records in my dev box without having to modify /etc/hosts and having to have super user access.
The experiment was a failure because you need to restart the dnsmasq service for the changes to take effect and that requires sudo.
Since both require sudo, using /etc/hosts is way easier.
Overview
-
/etc/hosts changes are reflected immediately without the need to flush the DNS cache.
-
dnsmasq changes are only reflected after service restart.
NoteThere might be a --host-dir option that dynamically adds new records.
I might try Route53 Resolver if I need this to work for other than one offs.
/etc/hosts
If the record is added to /etc/hosts, nslookup still returns the IP address of the DNS server.
$ nslookup davids-blog.gamba.ca Server: 1.1.1.1 Address: 1.1.1.1#53 Non-authoritative answer: Name: davids-blog.gamba.ca Address: 65.8.66.24 Name: davids-blog.gamba.ca Address: 65.8.66.64 Name: davids-blog.gamba.ca Address: 65.8.66.104 Name: davids-blog.gamba.ca Address: 65.8.66.67
Use dscacheutil or dns-sd to view the actual resolved IP address.
$ dscacheutil -q host -a name davids-blog.gamba.ca name: davids-blog.gamba.ca ip_address: 127.0.0.1
$ dns-sd -q davids-blog.gamba.ca DATE: ---Tue 18 Apr 2023--- 22:12:34.107 ...STARTING... Timestamp A/R Flags IF Name Type Class Rdata 22:12:34.109 Add 40000002 -1 davids-blog.gamba.ca. Addr IN 127.0.0.1
dnsmasq
Install:
brew install dnsmasq
Configure:
-
Create config backup:
cp /opt/homebrew/etc/dnsmasq.conf{,~} -
Edit
/opt/homebrew/etc/dnsmasq.confto enableconf-dirconfigs:--- dnsmasq.conf~ 2023-04-19 08:18:27 +++ dnsmasq.conf 2023-04-19 08:19:50 @@ -681,7 +681,7 @@ #conf-dir=/opt/homebrew/etc/dnsmasq.d,.bak # Include all files in a directory which end in .conf -#conf-dir=/opt/homebrew/etc/dnsmasq.d/,*.conf +conf-dir=/opt/homebrew/etc/dnsmasq.d/,*.conf # If a DHCP client claims that its name is "wpad", ignore that. # This fixes a security hole. see CERT Vulnerability VU#598349
sudo brew services start dnsmasq
Create a resolver for a domain
For example:
$ sudo mkdir -p /etc/resolver/confluent.cloud
Add the following to /etc/resolver/confluent.cloud:
nameserver 127.0.0.1 option timeout:1
You want to ensure there is a backup in case dnsmasq is down. You also want to timeout fast.
Clear DNS cache:
$ sudo dscacheutil -flushcache $ sudo killall -HUP mDNSResponder
Query for the resolver:
$ scutil --dns DNS configuration ... resolver #8 domain : confluent.cloud nameserver[0] : 127.0.0.1 flags : Request A records, Request AAAA records reach : 0x00030002 (Reachable,Local Address,Directly Reachable Address)
Add the addresses you want to add:
$ cat /opt/homebrew/etc/dnsmasq.d/confluent.cloud.conf address=/xxx.yyy.us-west-2.aws.confluent.cloud/127.0.0.1 address=/zzz.yyy.us-west-2.aws.glb.confluent.cloud/127.0.0.1
sudo brew services restart dnsmasq