DNS
nslookup vs. ping
On many operating systems, nslookup
uses its own implementation whereas ping
and other services go through the OS-specific stack. This results in potentially different results for ip-to-name resolution.
Mac OS
Both nslookup and dig are actually third-party tools by ISC (which also make BIND). The ISC tools rely on /etc/resolv.conf
.
To use an “Apple-native” command for DNS lookups, try dscacheutil
:
dscacheutil -q host -a name www.apple.com
You can see the DNS settings macOS is using with:
scutil --dns
DNSSEC
If there are more than one DNS servers configured in the network settings, Apple blocks non-DNSSEC systems when one that uses DNSSEC is in the list. DNSSEC, or Domain Name System Security Extensions, is a set of extensions to DNS that provides authentication of DNS data.
8.8.8.8 (Google NS), for example, supports DNSSEC. If your config (or your DCHP server) configures the Google NS in parallel to local ones, those local entries might be ignored. You can solve this by configuring no secondary name server in your DHCP configuration, and instead enabling forwarding to that name server in your DNS configuration.