/ #code 

Domain-specific DNS Client Configuration on macOS

Sometimes it’s good to have separate DNS servers for different domains. One of my colleagues asked me this morning how to avoid filling up his /etc/hosts file to access a new environment I’m building for him.

Take the example of a lab: it is common amongst IT professionals to have a homelab or a corporate lab to test new software, gain new skills, or troubleshoot a problem. It is also quite common to use a VPN to connect to your lab or the corporate network.

Most of the time, different environments may need different DNS servers than those inherited by DHCP from your home or corporate network; I’m sure you can see where this is headed. 😬

I’ll take my lab as an example:

  • I connect to my lab using a VPN.
  • The DNS servers configured in macOS are the ones assigned from my home (or corp.) network.
  • My lab has two Active Directory servers, which also act as DNS servers for the lab components.
  • The domain used is sddc.lab.

How can I make sure to use my lab DNS servers for this particular sddc.lab domain?

As I’m using macOS, there is an easy way to solve that challenge: macOS uses a DNS search strategy that supports multiple DNS client configurations. To use that capability, I only need to create a sddc.lab file in the /private/etc/resolver/ folder with the nameservers to use for that particular domain and I’m all set! 🙌

From this moment on, all DNS requests for the sddc.lab (and subdomains) will go directly to the specified nameservers while all other requests will go the default nameservers configured in /etc/resolv.conf.

Per-zone DNS resolution on macOS - Useful trick for lab/homelab

My /private/etc/resolver/sddc.lab only contains the 2 nameservers to use for that particular domain. Other configuration options are available, please check the resolver(5) man page for more information.

nameserver a.b.c.d
nameserver a.b.c.e

I end up having a default DNS configuration, which is configured and maintained by DHCP when I connect to my network or to the corporate one, as well as a domain-specific DNS client configuration, which is really helpful to solve my lab FQDNs.



Staff Technical Product Manager, technologist with 16+ years of Networking and Security experience in Data Center, Public Cloud & Virtualization (VMs and Containers). He is a double VCDX (DCV and NV, #120), VCDX panelist, frequent VMUG/VMworld speaker and contributor to the community via this blog or social media (follow him on Twitter @woueb).