Tuesday, October 4, 2011

OS X and DNS

If you look at /etc/resolv.conf on a mac and expect to see the definitive DNS config, you are being misled. While some tools might use this config, most applications will use the mDNSResponder (the name is confusing, it is also used for unicast DNS) config maintained by configd. You can see this with:
scutil --dns
You can check out the mDNSReponder config with:
defaults read /System/Library/LaunchDaemons/com.apple.mDNSResponder
Which, incidentally, is the place to add -NoMulticastAdvertisements to disable bonjour.

You can make a query through mDNSResponder with:
$ dscacheutil -q host -a name slashdot.org
name: slashdot.org
ip_address: 216.34.181.45

$ dscacheutil -q host -a ip_address 216.34.181.45
name: slashdot.org
alias: 45.181.34.216.in-addr.arpa 
ip_address: 216.34.181.45

To see the DNS cache, dump the state of mDNSResponder into system.log with:
sudo killall -INFO mDNSResponder
You can also turn on (very verbose) DNS logging into system.log:
sudo killall -USR1 mDNSResponder
Or even turn on packet capture with:
sudo killall -USR2 mDNSResponder
You can see the other (non-DNS) caching in the local directory service with:
dscacheutil -statistics
dscacheutil -cachedump -entries

No comments: