0

I have configured my home network with its own DNS server (I run dnsmasq on my server, which runs Ubuntu server 16.04). This server also runs DHCP and tells clients that it is the DNS server.

My DNS server is set up to resolve names on my local network as well as externally.

I have a fully qualified domain name set up (via a dynamic dns service) so I can access services on my LAN from a laptop when I am not at home. This all works fine with both my Windows 7 PC and various other ubuntu machines running on the network, however, it gets stuck with my MacBook, currently running MacOS 10.12.3.

From my MacBook on my LAN, i can look up the address of my ubuntu server (serv2) using the dig command as follows:

nick@deathrow:~$ dig serv2

; <<>> DiG 9.8.3-P1 <<>> serv2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;serv2.             IN  A

;; ANSWER SECTION:
serv2.          0   IN  A   192.168.2.4

;; Query time: 9 msec
;; SERVER: 192.168.2.4#53(192.168.2.4)
;; WHEN: Sat Feb 25 18:24:17 2017
;; MSG SIZE  rcvd: 39

As you can see, it correctly connects to my DNS server, on my lan at 192.168.2.4, and correctly returns the address of the server 192.168.2.4.

However, if I try to use a command to access serv2, it uses the external IP address of serv2. Here is a simple example using ping:

nick@deathrow:~$ ping serv2
PING njj.chickenkiller.com (84.63.173.131): 56 data bytes
64 bytes from 84.63.173.131: icmp_seq=0 ttl=64 time=19.293 ms

Where you can see it uses the external address of 84.63.173.131 rather than the internal address of 192.168.2.4

If I then clear the Mac's DNS cache, and ping try to access serv2, it works fine for a bit:

sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder
Password:
nick@deathrow:~$ ping serv2
PING serv2.njj.chickenkiller.com (192.168.2.4): 56 data bytes
64 bytes from 192.168.2.4: icmp_seq=0 ttl=64 time=1.854 ms

but very quickly reverts back to using the external address:

ping serv2
PING njj.chickenkiller.com (84.63.173.131): 56 data bytes
64 bytes from 84.63.173.131: icmp_seq=0 ttl=64 time=2.668 ms

This is a pain because I have firewalled most of the services on my network (so if serv2 resolves to 192.168.2.4, printing works, if it resolves to the external address, printing fails)

Any idea how I can get my Mac Book to use the local DNS service?

EDIT: Output from scutil --dns:

nick@deathrow:~$ scutil --dns
DNS configuration

resolver #1
  search domain[0] : njj.chickenkiller.com
  nameserver[0] : 192.168.2.4
  if_index : 4 (en0)
  flags    : Request A records
  reach    : Reachable, Directly Reachable Address

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : Not Reachable
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : njj.chickenkiller.com
  nameserver[0] : 192.168.2.4
  if_index : 4 (en0)
  flags    : Scoped, Request A records
  reach    : Reachable, Directly Reachable Address

EDIT (2): I used namebench to test the response time of my DNS server (running on a remote linux client) and the rest are here. My server is shown as SYS-127.0.1.1. I'm no expert in this, but its performance looks ok compared to the alternates

EDIT 3: output from dns-sd

Last login: Thu Mar  9 07:04:41 on console
jay@sol3:~$ dns-sd -q njj.chickenkiller.com 255 255
DATE: ---Sat 11 Mar 2017---
 9:56:51.048  ...STARTING...
Timestamp     A/R Flags if Name                          Type  Class           Rdata
 9:56:52.055  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
 9:57:48.377  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
 9:58:43.590  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
 9:59:39.598  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:00:06.548  Add     2  0 njj.chickenkiller.com.        AAAA   IN     0.0.0.0    No Such Record
10:00:06.633  Add     2  0 njj.chickenkiller.com.        Addr   IN     84.63.173.131
10:00:34.965  Rmv     1  0 njj.chickenkiller.com.        Addr   IN     84.63.173.131
10:00:34.965  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:01:30.629  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:02:26.753  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:03:22.282  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:04:18.329  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:05:14.342  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:06:10.251  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:07:06.042  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:08:01.278  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:08:57.289  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:09:52.916  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:10:48.523  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:11:44.831  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:12:40.842  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:13:36.158  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record
10:14:32.105  Add     2  0 njj.chickenkiller.com.        ANY    25     0.0.0.0    No Such Record

Edit 4: This question is answered here

Improve this question
4
  • Please edit your Question to include the output of scutil --dns. That shows the real DNS server landscape your Mac is dealing with. macOS has a sophisticated system of scoped DNS query routing to handle things like VPNs (but not just VPNs). BTW, macOS tries to use DNS servers in the specified order, but if a server fails to give a response within 1 second, it gets put in the penalty box and the next server gets used. So one thing you may need to do is make sure your preferred DNS server is fast and reliable.
    – Spiff
    Commented Feb 25, 2017 at 23:21
  • @Spiff Thanks for looking -- I have edited the question for the extra output you requested
    – Nick Sillito
    Commented Feb 26, 2017 at 7:03
  • Now I wonder how your Mac is every learning of the external IP address of njj.chickenkiller.com if the only DNS server you're ever giving it is 192.168.2.4. Is there any chance that server is sometimes giving the external IP address as an answer? What does dns-sd -q njj.chickenkiller.com 255 255 report? (note: you have to Ctrl-C to exit dns-sd otherwise it'll sit forever looking for new answers or changes)
    – Spiff
    Commented Mar 10, 2017 at 20:51
  • @Spiff Question edited with additional data as requested. Many thanks
    – Nick Sillito
    Commented Mar 11, 2017 at 9:39

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .