Jun 30, '04 09:33:00AM • Contributed by: atverd
Sometimes it's good to have separate DNS servers for different domains. For example, you may want to have a local default DNS server on your laptop and use it for all Internet-related DNS lookups, and use your office DNS servers for all intranet domains resolving when at work. There are an endless amount of possible configurations, and Mac OS X has a very nice and simple generic way to set up a DNS server's routing. In the simplest case, all you need to do is to create a text file in the directory /etc/resolver/ with the same name as the desired domain, and define the nameservers inside. Let's say your office network has local domain name foobar.com and DNS servers are 10.1.2.3 and 10.1.2.4. You create file /etc -> resolver -> foobar.com with content:
nameserver 10.1.2.3 nameserver 10.1.2.4and you're all set. From this moment on, all requests for foobar.com and its subdomains will go directly to specified servers, and all other requests will go to the default server in /etc/resolv.conf (this is the server you specify in the Network Preference panel). No need to mess with bind configuration and it will work as soon as file created without restarts, reboots, logouts and other radical enforcements.
Also you may need to setup a reverse-lookup for your foobar.com domain. Let's say your office IP space is 10.0.0.0/8 (ask your sysadmin if you don't know it). Then while in the /etc/resolver directory, copy the file foobar.com. to the file 10.in-addr.arpa, and from this moment on, all reverse-lookups for network 10.0.0.0/8 will go to the same servers. This is little more complex if you don't know how reverse DNS works, but another example may give you a hint. For subnet 192.168.0.0/16, you'll need to copy to file 168.192.in-addr.arpa and for 192.168.1.0/24, copy to 1.168.192.in-addr.arpa. If you're still unsure, ask your sysadmin, but don't tell him my name :). For more advanced users, type man 5 resolver in your Terminal, and you'll get a nice description of this mechanism. Also the name of file is not fixed -- you can use any name if you specify the option domain foobar.com as the first one in that file:
domain foobar.com nameserver 10.1.2.3 nameserver 10.1.2.4But it should be in the /etc/resolver/ directory. So, you can have many configurations for the same domain -- this may be important for reverse lookups if you have overlapping address spaces for different networks (like 192.168.1.0/24 at home and 192.168.0.0/16 at work, for example). Read the man page for more details about search order and so on.
I tested different configurations for the resolver and have been using this feature for some time without any problems, but if you find any pitfalls leave a comment here -- this may save a sleepless night for some good innocent soul!