Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Configure DNS lookups from the terminal Network
There's a lot of conflicting information about how to set networking information (such as DNS resolution configuration) from the terminal. In the course of setting up a VPN package (openvpn) on OS X, I had to set the DNS resolution configuration dynamically from a shell script.

As of (at least) 10.3, /etc/resolv.conf (or /var/run/resolv.conf) is NOT the place to do this. Re-writing /etc/resolv.conf resulted in a system where a DNS lookup with host would work, but dig and ping would not. Sometimes /etc/resolv.conf would be magically restored to its original configuration. I thought the smarter option would be in the NetInfo database, except on my machine, I had no resolver configuration hiding there.
,br> The answer? OS X has a daemon called configd, which magically collects configuration information, sends notifications, and maintains a dynamic database of the current settings. The host command would read my hacked-up /etc/resolv.conf, but smarter DNS lookups would query the network configuration database from configd.

The command-line tools to interface with the configuration daemon are scselect and scutil. scselect provides a list of defined network locations (as in the Network preference pane) and allows you to choose between them. scutil enables much more fine-grained control over the current network configuration. Unfortunately, it only really offers a command-line interface to modify the configuration database. To use scutil from a bash script, you must dynamically create an scutil script as a text file, and pipe it to scutil.

The following sample scutil sessions perform some useful tasks...

To retrieve the current primary network interface:
scutil
> open
> get State:/Network/Global/IPv4
> d.show
<dictionary> {
  PrimaryService : 7BB2FEBC-B166-11D9-AA42-000A95EED02C
  Router : 198.32.18.254
  PrimaryInterface : en0
}
> quit
To retrieve the current DNS settings, having retrieved the ID (that long hex string) of the primary service as shown above:
scutil
> open
> get State:/Network/Service/PRIMARY_SERVICE_ID/DNS
> d.show
<dictionary> {
  ServerAddresses : <array> {
    0 : 198.35.23.2
    1 : 198.32.56.32
  }
  DomainName : apple.co.uk
}
> quit
To set the resolver configuration, with a domain of 'apple.co.uk' and DNS name server IPs of 198.35.23.2 and 198.32.56.32, and the primary network service ID as obtained above. Root privileges are required for the modification:
sudo scutil
> open
> d.init
> d.add ServerAddresses * 198.35.23.2 198.32.56.32
> d.add DomainName apple.co.uk
> set State:/Network/Service/PRIMARY_SERVICE_ID/DNS
> quit
This last procedure will update /etc/resolv.conf for you as the change filters through the system. scutil does other useful things too -- read the man page and look at the help from within scutil for details.

To reset the network services as per your system preferences, or via DHCP, I used scselect to change the network location. This causes the entire network configuration to be re-initialised.
    •    
  • Currently 2.86 / 5
  You rated: 3 / 5 (7 votes cast)
 
[91,655 views]  

Configure DNS lookups from the terminal | 13 comments | Create New Account
Click here to return to the 'Configure DNS lookups from the terminal' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Configure DNS lookups from the terminal
Authored by: hexghost on Jul 05, '05 01:29:20PM

I believe if you have flat files configured as an option in directory access, that /etc/resolv.conf should work fine (it does for me). You just need to do a sudo killall -1 lookupd when you make changes, to force lookupd to reread the files.



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: DylanMuir on Jul 05, '05 09:28:16PM

We tried this, it didn't work.

The FFAgent for lookupd reads a whole bunch of files (listed in the lookupd man page) but not /etc/resolv.conf.

D.



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: cueball on Jul 05, '05 02:29:11PM

Be aware that scutil/scselect only function for the current boot of the machine - on reboot, the information that configd uses (in /Library/Preferences/SystemConfiguration/preferences.plist) is re-read; any and all changes made with scutil will be lost (if you read the man pages, you'll note that it refers to the "dynamic store" that configd uses. The dynamic store gets reinitialized whenever configd restarts - whether by reboot, "kill -HUP `cat /var/run/configd.pid`" or something else.)

If you're looking for something to make *permanent* changes to network settings, you'll want the ncutil framework [Google is your friend.]



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: djpluv on Jul 05, '05 03:55:37PM

I use Tunnelblick/openvpn to connect to HotSpotVPN from my mac; however, I can't get the new DNS settings to take. I see the /etc/resolv.conf file change to reflect the new DNS settings, but Safari and Mail.app still use my original settings. Even upon issuing a " kill -HUP `cat /var/run/lookupd.pid`" or "lookupd -flushcache", the original DNS settings are used. DNS lookups using host and ping work fine, however. I'm using 10.4.1. Any ideas to get Safari and Mail.app to use the DNS settings issued once connected to the VPN?



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: DylanMuir on Jul 05, '05 09:24:45PM

You need to incorporate the methods mentioned in the hint into script files that are run by openvpn. I don't know anything about the particular VPN server you mentioned, but as of a few weeks ago there was no working script available from openvpn.net to correctly take the DNS configuration from openvpn and apply it to configd.

We intend to submit our scripts to the openvpn.net site once our testing period is over.

D.



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: sabi on Jul 05, '05 10:19:57PM

/etc/resolv.conf is not the primary source for OS X and later; take a look at scutil --dns to see the current resolver configuration. It is possible to get the DNS stuff to override for the duration of an OpenVPN tunnel; I wrote a script that uses it (Python using the SystemConfiguration framework wrapper) and can send it to anyone who's interested...



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: DylanMuir on Jul 05, '05 09:39:00PM

Update:

Another (better?) way to reset the lookup configuration for an interface is to use ipconfig (but you need sudo).

ipconfig <interface> DOWN

then

ipconfig <interface> DHCP

will force a re-read of DHCP configuration over the network.

D.



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: DylanMuir on Sep 12, '05 03:21:59AM
Sorry that should be

ifconfig set (interface) NONE

and

ifconfig set (interface) DHCP

where (interface) is something like en0, en1, etc.

D.

[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: ChiefTypist on Jul 06, '05 11:44:35AM

Shouldn't you be using:

State:/Network/Global/DNS

instead of:

State:/Network/Service/PRIMARY_SERVICE_ID/DNS

If you've defined any DNS servers in the Network system preferences, they won't be listed in the dictionary returned by the primary interface. Also, the information in the global DNS record is an exact match for the contents of resolv.conf

-ch



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: DylanMuir on Sep 12, '05 03:24:42AM

I'm not sure. This didn't work for us, any changes made to .../Global/DNS wouldn't be reflected in resolv.conf.

D.



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: emzy on Sep 15, '05 12:41:55PM

Here my little Shell Script to Set the DNS.
See the Power of the Shell:

Filename: setdsn
-------------------------------------------------
#!/bin/bash

# Script is used to set the Nameserver Lookup under Max OS X 10.4 with the Console
# Script by Stephan Oeste <stephan@oeste.de>

if [ $# -lt 2 ] ; then
echo "Use: $0 <domain> <1.Nameserver> [2.Nameserver]"
echo "Example Use: $0 example.tld 1.2.3.4 1.2.3.5"
exit 1
fi

PSID=$( (scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<< EOF
open
get State:/Network/Global/IPv4
d.show
quit
EOF
)

scutil << EOF
open
d.init
d.add ServerAddresses * $2 $3
d.add DomainName $1
set State:/Network/Service/$PSID/DNS
quit
EOF
-------------------------------------------------

Create the file
chmod +x setdns

And then use ist with (Example): setdns domain.com 12.23.34.45

CU Emzy



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: DylanMuir on Sep 20, '05 07:01:29PM

Cool, Emzy.

You may be interested, I contributed some scripts to openvpn.org for automatically dsitributing the nameserver configuration over the openvpn tunnel. You won't have to set the resolver configuration manually in that case. But your script should be great for fixing a stuffed config...

D.



[ Reply to This | # ]
Configure DNS lookups from the terminal
Authored by: nwfrg on Oct 21, '09 11:27:15AM