I wanted to get wildcard DNS running on my Mac laptop, for development purposes. I wanted http://anything.mysite.lan/
to point to my localhost IP address.
I figured out how to do this using dnsmasq
, installed via Homebrew.
Tip from Daniel Landau - anything.localhost
(and foo.anything.localhost
) should resolve to 127.0.0.1
already. This seems to work on macOS, so this entire TIL is likely obsolete.
dig foo.bar.localhost
; <<>> DiG 9.10.6 <<>> foo.bar.localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58764
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;foo.bar.localhost. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023063000 1800 900 604800 86400
;; Query time: 241 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 30 07:15:48 PDT 2023
;; MSG SIZE rcvd: 121
Also this broke DNS for me on other networks - see note at the bottom for details.
Some clues:
dnsmasq
.I installed dnsmasq
using Homebrew:
brew install dnsmasq
Then I viewed the configuration file that had been installed like this:
cat $(brew --prefix)/etc/dnsmasq.conf
Based on the discussion in the Gist comments I decided to point *.lan
(which includes any level of subdomains, so you can do foo.bar.lan
) to 127.0.0.1
. I did that using:
echo 'address=/.lan/127.0.0.1' >> $(brew --prefix)/etc/dnsmasq.conf
I tried running brew services start dnsmasq
without sudo
and it appeared to work, but didn't. The correct command to run is:
sudo brew services start dnsmasq
Weirdly, even the brew services list
command needs to be run as sudo
. Here's what I get with and without sudo
for that command:
brew services list
Name Status User File
caddy none
dnsmasq error 512 root ~/Library/LaunchAgents/homebrew.mxcl.dnsmasq.plist
unbound none
sudo brew services list
Name Status User File
caddy none
dnsmasq started root /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist
unbound none
Running dig
and specifically telling it to use the new 127.0.0.1
DNS server works:
dig foo.test.lan @127.0.0.1
; <<>> DiG 9.10.6 <<>> foo.test.lan @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10618
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.test.lan. IN A
;; ANSWER SECTION:
foo.test.lan. 0 IN A 127.0.0.1
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 30 05:43:11 PDT 2023
;; MSG SIZE rcvd: 57
I searched for "dns" in macOS system preferences, clicked on "DNS servers" and used the + button to add 127.0.0.1
to my list of DNS servers, leaving the previous entry in there too.
Having done this, running cat /etc/resolv.conf
showed me this, with a confusing warning message:
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
# scutil --dns
#
# SEE ALSO
# dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
nameserver 127.0.0.1
nameserver 10.0.0.1
Running scutil --dns
gave me this (truncated):
scutil --dns
DNS configuration
resolver #1
nameserver[0] : 127.0.0.1
nameserver[1] : 10.0.0.1
flags : Request A records, Request AAAA records
reach : 0x00030002 (Reachable,Local Address,Directly Reachable Address)
resolver #2
# ...
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 127.0.0.1
nameserver[1] : 10.0.0.1
if_index : 15 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00020002 (Reachable,Directly Reachable Address)
Finally, I ran a quick HTTP server using python -m http.server 8005
and confirmed that http://foo.bar.lan:8005/
in my browser worked as expected - which it did.
When I tried connecting to other networks later on the same day I found that DNS lookups were not working.
I eventually figured out why by running scutil --dns
and noting that it was always trying to hit 10.0.0.1
.
The fix was to open up the DNS servers area in Network settings again and remove ALL of the nameservers from that list. Once I did that the DNS server for the WiFi network I was connected to started working again.
Created 2023-06-30T05:51:21-07:00, updated 2023-06-30T08:53:13-07:00 · History · Edit