MAC OS - Configuring multiple DNS resolvers

  2 minute read

New company, new gear and the plain/fun of going through the hassle of setting up your laptop and all tweaks and preferences that you love.

Challenge

My new laptop has a VPN client installed that push DNS settings overriding my home network DNS, that stops me from solving the internal FQDNs for my local network.

This is a normal behavior for the majority of VPN clients, when there is a conscious security policy in place.

This setup is perfectly fine for majority of the users that do not really bother to setup DNS on their home network, or just have a good memory to remember which device has IP X.X.X.X.

Well my problem is that I am in none of these two groups, since lets face it, I am really bad remembering what IPs my devices at home have configured or what IPs were assigned to them by DHCP, and I do have internal DNS setup at home to be able to use FQDNs instead of IPs.

Hence my challenge when your VPN client changes the /etc/resolv.conf removing my internal DNS from the config.

Solution

Initial state of my resolv.conf

domain home
nameserver 192.168.0.1
nameserver 192.168.0.2

State of resolv.conf after connecting VPN client

search mycompany.com it.mycompany.com
nameserver 10.30.20.10
nameserver 10.30.20.11

At this point all my internal DNS resolution is gone

$ ping mydevice.home

ping: cannot resolve mydevice.home: Unknown host

To solve the problem we need to add an additional resolv.conf

The additional configuration is similar to any other resolv.conf file that we add to /etc/resolver/ directory.

For example, to our home domain we need a config file:

domain home
nameserver 192.168.0.1
nameserver 192.168.0.2

Checking again if we now can use FQDN instead of IP

$ ping mydevice.home -c 2

PING mydevice.home (192.168.0.5): 56 data bytes
64 bytes from 192.168.0.5: icmp_seq=0 ttl=64 time=7.756 ms
64 bytes from 192.168.0.5: icmp_seq=1 ttl=64 time=2.554 ms

--- mydevice.home ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.554/5.155/7.756/2.601 ms

Seems that it works :)

Summary

The solution is pretty simple as explained.

  1. Get the config that you would need in a normal /etc/resolv.conf file for your domain
  2. Create an additional config file in /etc/resolver/
  3. Reconnect VPN client or restart network config