10

I wanted to use non-default DNS resolver for one specific domain, and the first idea was to simply use local dnsmasq. While looking for MacOS version, I found out that I can achieve the same simply by creating a file with domain name in /etc/resolver/example.com, with simple one line:

nameserver 8.8.8.8

All was good and works as expected, the resolution works, and scutil --dns confirms:

resolver #8
  domain   : example.com
  nameserver[0] : 8.8.8.8
  flags    : Request A records
  reach    : Reachable

The next thing, I wanted to share this with a friend, by creating a simple one liner that he could run in his terminal:

sudo mkdir -p /etc/resolver/ && echo "nameserver 8.8.8.9" | sudo tee /etc/resolver/example.net

Again, scutil --dns confirms:

resolver #10
  domain   : example.net
  nameserver[0] : 8.8.8.9
  flags    : Request A records
  reach    : Reachable

Then I noticed a typo, so I corrected the address to 8.8.8.8 and ran the line again:

sudo mkdir -p /etc/resolver/ && echo "nameserver 8.8.8.8" | sudo tee /etc/resolver/example.net

But that did not seem to have any effect:

resolver #10
  domain   : example.net
  nameserver[0] : 8.8.8.9
  flags    : Request A records
  reach    : Reachable

I checked the file content, all seemed fine:

$ cat /etc/resolver/example.net 
nameserver 8.8.8.8

And then I opened the file in vim, changed to 8.8.4.4 and:

resolver #10
  domain   : example.net
  nameserver[0] : 8.8.4.4
  flags    : Request A records
  reach    : Reachable

I have checked back and forth several times, when I echo the address to the file, the change has no effect, but it is enough to only open it in vim and not even change anything (just exit), previously echoed changes will be applied. What is the mechanism behind this?

Dusan Bajic
  • 153
  • 1
  • 1
  • 8

3 Answers3

6

[It] is enough to only open it in vim and not even change anything (just exit), previously echoed changes will be applied.

I had to use sudo vim for that to work. Running it with my regular user had no effect. My theory is that whatever is watching /etc/resolver watches for changes to the directory, and not to changes to files within it, and the reloads everything in it when it sees a change to the directory. Vim creates a swap file, by default in the same directory as the file being edited. This is a change to the directory, and is picked up by the watcher. So, when I did:

sudo vim -n /etc/resolver/example.net

where -n disable swap file creation, changes to the file were no longer picked up.

muru
  • 69,900
  • 13
  • 192
  • 292
4

Changes to existing files in /etc/resolver are not noticed, it is only noticed when files are created or deleted in that folder.

It's the IPMonitor plugin of configd that monitors this folder.
From the source code:

status = notify_monitor_file(notify_token, resolver_directory_path, 0);

And what this function does is to set a monitor on the inode of the path. So it will only get a notification if the inode of /etc/resolver changes, not when the inode of any file within that directory changes.

In UNIX a directory is just like a file whose content is a table listing the directory content. Thus whenever you add or remove a file, this table is updated and thus the inode is updated as well, triggering the notification. If you edit a file within the directory, the inode of the directory isn't touched at all.

But you shouldn't use /etc/resolver at all on macOS, it's only kept for backward compatibility. Instead you should create a DNS entry in the Dynamic Store which you can access with the tool scutil. Please check out my reply about this topic.

Mecki
  • 256
  • 2
  • 6
0

I couldn't get scutil --dns to return my expected DNS entry until I restarted my computer or forced a refresh of the networking device DNS settings, something like this:

networksetup -setdnsservers Wi-fi 8.8.8.8

Wrote down some more detail about this fix/hack here: https://josephharding.github.io/tutorials/2018/06/28/mac-resolver-refresh.html

joe
  • 101
  • 2