3

I connect to several networks throughout my workday as I go from site to site and have noticed the different DNS's these LANs use and handout to my system. If I'm on a "safe" LAN, I can trust the DNS's; however, there have been times that I must use untrusted sites... say a restaurant's free WiFi services. So, I want to understand better how my system updates settings. At each site, I notice that the DNS's listed in OSX's Network settings window change. And of course, when I'm on my home LAN, I see my familiar DNS's. I prefer to always use these DNS's when I'm at home.

Until now, I've trusted OSX to automatically and fully switch over to my Network when I'm at home, but a recent experience tells me that it isn't totally doing this. That is, it appears it is retaining previously acquired DNS's even though they aren't listed in the network settings under the DNS tab's list of DNS Servers.

I discovered this while setting up a new WiFi printer. I skimmed the printer manual and felt informed and savvy enough that I could just connect it's ethernet directly to my MacBook ethernet port via a patch cable. I accessed its configuration page to set it to connect to my WiFi. Before changing settings, I printed out the default network configuration information. I was surprised that it had already picked up a few things from my MacBook. I was already surprised that I didn't even have to manually configure the ethernet on my MacBook to the printer's default network. Anyhow, one of the settings that REALLY stood out was it had picked up a Secondary DNS server setting... an IP, which I'm familiar with from one of the LANs I frequently use.

The only conclusion I could come up with was that OSX is maintaining a history of DNS's to fallback on perhaps; however, I checked the network settings right away and found that neither AirPort or Eithernet listed the DNS server that was given to the printer.

Is there a command-line method of checking what DNSs my system is currently using?

OSX says it is using my DNS servers, but how can I be 100% certain? OSX obviously retained and even oddly handed out an IP to printer?

Improve this question

2 Answers 2

Reset to default
7

Since Mac OS X 10.6.3 Apple decided to not follow the list order of DNS servers specified in System Preferences, but to determine the fastest DNS server available and than use that. While this can be totally fine if you trust the networks you´re on (my guess is Apple takes that as given), in other cases this can be a security problem.

To see the search order of DNS servers (and search domains), run: scutil --dns

To see which DNS server you are actually currently using, run for example nslookup apple.com from the Terminal.

Additionally, this cnet article walks you through changing the DNS search order back to "strict ordering".

Improve this answer
3
  • Thanks Asmus for VERY helpful information, specially that article about the OS X update dynamically sorting the DNS order. I know that the DNS's that the printer received would certainly be the fastest available when I'm on that network... might even be faster than those specified by my home's DHCP server. Even using the commands you and Spiff listed, I didn't see any undesirable DNSs. There must be another another service holding onto them. Maybe this new method of selecting DNS's cached them.
    – Michael Prescott
    Commented Feb 26, 2011 at 13:00
  • 1
    All good to know; however, the nslookup man page (on OS X 10.9) states "The nslookup command does not use the host name and address resolution or the DNS query routing mechanisms used by other processes running on Mac OS X", so I wonder if nslookup can reliably be used to determine the current DNS server. Sadly, the same warning can be found in dig's man page.
    – mklement0
    Commented Nov 5, 2013 at 21:00
  • @mklement Uh, nice catch! Upvote for pointing that out, though I have no idea in which way Apple presumes we're going to resolve network issues now. So far I'm not aware of a reliable workaround, I'll update my answer once (if) I find one.
    – Asmus
    Commented Nov 6, 2013 at 8:52
1

You can see the current DNS servers in System Preferences > Network > [Whatever your current highest-ranked active interface is, perhaps "Ethernet" or "AirPort"] > Advanced... > DNS.

You'll see the same thing if you cat /etc/resolv.conf (note the intentional lack of an "e" in "resolv").

Bonjour might also be doing Wide Area Bonjour. To see what domains are being used for Wide Area Bonjour, do dns-sd -F, then hit ^C after the list of domains appears (otherwise it'll stay running indefinitely, watching for changes in the list).

Mac OS X does not "give out" DNS server addresses to other machines unless you fire up its DHCP server, and about the only way people fire up the DHCP server is when they turn on Internet Sharing the the "Sharing" panel of System Preferences. If you had left Internet Sharing running, it may have given out its own NAT private IP address (192.168.2.1) as the DNS server address, and it may be doing DNS proxy. Or it may have been giving out the last DNS server address it had been using on its NAT public interface (its "upstream" interface; the "Share your connection FROM:" interface). So if you had, say, been on a public Wi-Fi network and had used Internet Sharing from AirPort to Ethernet to get an Ethernet-connected machine onto the Internet through your Mac, that could explain what you were seeing.

If you didn't have Internet Sharing enabled (checked), and you haven't been messing around with launching the DHCP server by hand, then your Mac almost certainly didn't give that DNS server address to your printer.

What DNS server address did you see your printer using, exactly? For instance, if your printer had assigned itself an IPv4 link-local (169.254.x.x) address, then it may have been showing its own address in that field as a way to know that it's supposed to rely on itself (probably Bonjour multicast DNS) for DNS lookups.

Improve this answer
1
  • Thanks for the tips! I haven't launched the DHCP server or enabled Internet Sharing. The printer had a default, link-local address. I just reviewed the network configuration printout and see that the printer received a primary dns, secondary dns, primary wins, and secondary wins from the MacBook.
    – Michael Prescott
    Commented Feb 26, 2011 at 12:49

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .