All names and addresses changed. example.com is a domain I own.
% ping foo.example.com
PING foo.example.com (1.1.1.1)
1.1.1.1 is an IP address I have never heard of. Same for others programs (ssh, curl)
% host foo.example.com
foo.example.com has address 2.2.2.2
2.2.2.2 is the correct IP address.
% grep foo /etc/hosts
(empty)
This is on the Mac. On Linux, I would look for /etc/nsswitch.conf for other sources of host info. Is there something similar on the Mac?
macOS has a sophisticated system of scoped DNS routing for the sake of things like VPN. So if you for example have a VPN connection to “work” up right now, queries for your work’s domain names may be going to a DNS server at work.
To see the whole list, run:
scutil --dns
To query DNS like the system does, use:
dns-sd -G v4v6 example.com
dns-sd -q example.com 255 255
(you have to hit Ctrl-C to get out of dns-sd).
The host, dig, and nslookup commands are old unix commands for DNS server troubleshooting that contain their own DNS resolver code and don’t use the system’s libraries. So if you don’t specify which server you want them to use, they just get the ones from the autogenerated /etc/resolv.conf, which only gets populated with the default servers for unscoped queries. But a tool like ping probably just calls gethostbyname(3) which uses the system’s scoped DNS routing.
Edited to add: I should also mention that macOS can get hostname to IP address resolution information from a variety of other means, including:
You can edit these settings with the dscl command-line tool, or with the Directory Utility app, which hides at:
/System/Library/CoreServices/[Applications]/Directory\ Utility.app
