I wanted to get wildcard DNS running on my Mac laptop, for development purposes. I wanted
http://anything.mysite.lan/ to point to my localhost IP address.
I figured out how to do this using
dnsmasq, installed via Homebrew.
Tip from Daniel Landau -
foo.anything.localhost) should resolve to
127.0.0.1 already. This seems to work on macOS, so this entire TIL is likely obsolete.
; <<>> DiG 9.10.6 <<>> foo.bar.localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58764 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;foo.bar.localhost. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023063000 1800 900 604800 86400 ;; Query time: 241 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jun 30 07:15:48 PDT 2023 ;; MSG SIZE rcvd: 121
Also this broke DNS for me on other networks - see note at the bottom for details.
dnsmasq using Homebrew:
brew install dnsmasq
Then I viewed the configuration file that had been installed like this:
cat $(brew --prefix)/etc/dnsmasq.conf
Based on the discussion in the Gist comments I decided to point
*.lan (which includes any level of subdomains, so you can do
127.0.0.1. I did that using:
echo 'address=/.lan/127.0.0.1' >> $(brew --prefix)/etc/dnsmasq.conf
I tried running
brew services start dnsmasq without
sudo and it appeared to work, but didn't. The correct command to run is:
sudo brew services start dnsmasq
Weirdly, even the
brew services list command needs to be run as
sudo. Here's what I get with and without
sudo for that command:
brew services list
Name Status User File caddy none dnsmasq error 512 root ~/Library/LaunchAgents/homebrew.mxcl.dnsmasq.plist unbound none
sudo brew services list
Name Status User File caddy none dnsmasq started root /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist unbound none
dig and specifically telling it to use the new
127.0.0.1 DNS server works:
dig foo.test.lan @127.0.0.1
; <<>> DiG 9.10.6 <<>> foo.test.lan @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10618 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;foo.test.lan. IN A ;; ANSWER SECTION: foo.test.lan. 0 IN A 127.0.0.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jun 30 05:43:11 PDT 2023 ;; MSG SIZE rcvd: 57
I searched for "dns" in macOS system preferences, clicked on "DNS servers" and used the + button to add
127.0.0.1 to my list of DNS servers, leaving the previous entry in there too.
Having done this, running
cat /etc/resolv.conf showed me this, with a confusing warning message:
# # macOS Notice # # This file is not consulted for DNS hostname resolution, address # resolution, or the DNS query routing mechanism used by most # processes on this system. # # To view the DNS configuration used by this system, use: # scutil --dns # # SEE ALSO # dns-sd(1), scutil(8) # # This file is automatically generated. # nameserver 127.0.0.1 nameserver 10.0.0.1
scutil --dns gave me this (truncated):
DNS configuration resolver #1 nameserver : 127.0.0.1 nameserver : 10.0.0.1 flags : Request A records, Request AAAA records reach : 0x00030002 (Reachable,Local Address,Directly Reachable Address) resolver #2 # ... DNS configuration (for scoped queries) resolver #1 nameserver : 127.0.0.1 nameserver : 10.0.0.1 if_index : 15 (en0) flags : Scoped, Request A records, Request AAAA records reach : 0x00020002 (Reachable,Directly Reachable Address)
Finally, I ran a quick HTTP server using
python -m http.server 8005 and confirmed that
http://foo.bar.lan:8005/ in my browser worked as expected - which it did.
When I tried connecting to other networks later on the same day I found that DNS lookups were not working.
I eventually figured out why by running
scutil --dns and noting that it was always trying to hit
The fix was to open up the DNS servers area in Network settings again and remove ALL of the nameservers from that list. Once I did that the DNS server for the WiFi network I was connected to started working again.
Created 2023-06-30T05:51:21-07:00, updated 2023-06-30T08:53:13-07:00 · History · Edit