Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Disable DHCP-specified DNS servers Network
I've been running djbdns on all of my servers for several years. I've also been running it on OSX for about three years.

Under 10.4 and earlier, when I specified a custom nameserver, the system would use only the nameserver(s) I specified. However, under 10.5 Apple has apparently changed that behavior, and uses my specified nameservers in addition to the DNS servers specified by the DHCP server. It shows the DHCP-provided server IP on the list, greyed out, so you can't delete it.

For a while, I adopted a "grin and bear it" attitude -- after all, the DHCP server at home is handing out the IP of my internal Linux server (also running djbdns) as the DNS server, so I was only unsafe when I used the laptop outside the house. However, with the recently announced vulnerability in the DNS protocol, the massive world-wide patch effort by major DNS vendors, and the fact that many networks haven't applied the patches yet, I don't really feel safe relying on anybody else's nameservers.

I tried calling Apple about this, but it turns out that my AppleCare contract doesn't cover technical support such as this.

My next approach was to just brute-force search the system for anything relating to DHCP. It took a while, but I was able to find the file which needed to be changed, and figure out the necessary changes. Basically, I found a file which controls which options are used by the DHCP client when handling a response from a DHCP server. I removed the DNS-related options from this list, and after rebooting the system, the laptop now ignores the DNS server options being sent by the DHCP server.

The file I found is named IPConfiguration.xml, and it's buried in this folder: /System » Library » SystemConfiguration » IPConfiguration.bundle » Contents » Resources. You need to create a copy of that file, edit the copy, and remove a few entries in the DHCPRequestedParameterList key. (The entries to remove are those for 6, 15, and 119.) I have added full details on this process to my djbdns setup page, in the section titled Disabling DNS servers from DHCP.

[robg adds: If you're going to use this hint, I strongly suggest using the detailed version of the instructions from the linked blog -- this hint is technical enough that you'll want to make sure you do everything just right, and I didn't want to risk a transcription error.]
    •    
  • Currently 2.78 / 5
  You rated: 5 / 5 (9 votes cast)
 
[38,334 views]  

10.5: Disable DHCP-specified DNS servers | 15 comments | Create New Account
Click here to return to the '10.5: Disable DHCP-specified DNS servers' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Disable DHCP-specified DNS servers
Authored by: tom_b on Jul 31, '08 08:36:47AM

Nice finding! I'm on 10.4 so don't have this problem but it's good to see a way around it for when I upgrade.

Typo in the blog post:

cp IPConfiguration.xml IPConfiguration.new

Should be cp IPConfiguration.xml IPConfiguration.xml.new since that is what is used for the rest of the sequence.



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: jms1 on Aug 02, '08 02:24:51PM

fixed, thank you!



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: hamarkus on Jul 31, '08 08:40:11AM

As side-note, I recently changed employment and are now at work behind a rather limiting firewall. At first I still had the DNS servers of my old work place (a university which also hosts the regional internet backbone) noted down as DNS servers. Resolving any address took ages, ie, 10 to 15 seconds with no activity. Once I removed the DNS entries, things went back to normal.

My explanation was that the OS first tried to contact the listed DNS servers but those were blocked by the firewall. After 10 seconds, the OS gave up and asked the DHCP server for another DNS server.

So, from that I would conclude that listed DNS servers take preference, but maybe my guess of what caused the delays is also wrong.



[ Reply to This | # ]
P.S.: I'm on 10.5
Authored by: hamarkus on Jul 31, '08 08:41:29AM

(I should have added that.)



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: LordGilman on Jul 31, '08 12:58:49PM

I use dnsmasq as a local caching server and found that the networksetup command works for this as well. It has two options, -getdnsservers and -setdnsservers to set and get these settings per network interface.

The system preferences panel still shows the greyed out DNS server from DHCP but -getdnsservers just lists the one I added. Checking dnsmasq's logs confirm that all my DNS queries are going through dnsmasq.



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: rpaege on Jul 31, '08 03:35:32PM

Excellent hint and thread. This problem has confounded me since Sprint's DNS servers refused to resolve properly to a common news site, I complained to Sprint, and they did eventually fix it, but not before telling me it was Apple's fault and that I had to dump my cache. They were, of course, completely in the wrong and they figured that out eventually.

In a recent OS X admin course, I brought up this issue. I as told that even in versions prior to 10.5 that it still used the DHCP-supplied DNS as this was a spec of DHCP. I was not able to verify this, but I have tinkered a bit on my corporate network (using 10.4.11) and have found that I can in fact change my servers, but the DHCP DNS still shows up in the list (using "cat /etc/resolv.conf"). My servers show up first though, so this leads me to believe that it may be a spec of DHCP, but it is easy to override - until leopard.

Thanks for the great advice! Apple needs to address this issue and stop denying it can't do anything about it.



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: siena on Aug 01, '08 06:39:31AM

I think that this is a not a big issue because OSX 1.5 contacts in first instance the added DNSs and then the DHCP assigned (tested personally). Only when no positive query reply comes from the first the grayed are used



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: rpaege on Aug 01, '08 06:41:40PM

I had the opposite experience. The custom DNSs were used only after the first DHCP server failed.



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: siena on Aug 02, '08 06:55:02AM

Verified again (tcpdump on a 10.5.4 MacBook) ) and seen that the first DNS contacted is the OpenDNS server (208.67.222.222) added by an applescript ,not the DCHP assigned. Someone told me this was different in past versions.



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: jonathank on Feb 17, '09 07:56:17PM

I am in Hawaii and the roadrunner dns is useless, I am trying to use OpenDNS. Sometimes OSX uses OpenDNS, sometimes it uses RR (and fails). Maybe there is an issue contacting OpenDNS but I doubt it. Seems like it arbitrarily selects a DNS server or maybe there is a timeout and OpenDNS is not fast enough (could be high latency over the pacific ocean)



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: rbp on Mar 29, '09 01:44:58PM

I also confirmed this with tcpdump. the added DNS servers are checked first.



[ Reply to This | # ]
why 15 & 119?
Authored by: Zeitkind on Aug 06, '08 04:26:11PM
I see no reason why disabling option 15 and 119. Removing the FQDN and the search domain might break things, so be careful.
A list of all DHCP-parameters can be found here:
http://www.iana.org/assignments/bootp-dhcp-parameters

[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: avinashmeetoo on Apr 24, '09 12:00:32PM

I am confirming that the added DNS servers in Network Preferences > Advanced > DNS are checked first. I used tcpdump and nslookup to investigate.

So there is no need to change anything in any XML file. It seems that Apple has (once more) managed to come up with a good implementation :-)



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: Neville Hillyer on Apr 24, '09 02:15:27PM

For some years I have been happier with fixed IPs. Whilst I am supplied with a fixed internet IP at no extra cost this is not necessary in order to get away from DHCP on a typical home network. I have a Netgear DG834G router at 192.168.0.1 which is set up to work with the following Leopard network settings:

Configure: - Manually
IP Address: - 192.168.0.10
Subnet Mask: - 255.255.255.0
Router: - 192.168.0.1
DNS Server: - 212.139.132.6, 212.139.132.21

I believe in copper and hence wireless is only used occasionally for my children's laptops.

I don't understand why so many people use wireless and/or DHCP and then complain about the consequences. In many cases it would take them less effort to set up local fixed IPs.



[ Reply to This | # ]
10.5: Disable DHCP-specified DNS servers
Authored by: slferris on Dec 31, '09 12:26:06PM

Does this hint work for OS 10.6.2?



[ Reply to This | # ]