User Tools

Site Tools


kb:common:dns

DNS

nslookup vs. ping

On many operating systems, nslookup uses its own implementation whereas ping and other services go through the OS-specific stack. This results in potentially different results for ip-to-name resolution.

Mac OS

Both nslookup and dig are actually third-party tools by ISC (which also make BIND). The ISC tools rely on /etc/resolv.conf.

To use an “Apple-native” command for DNS lookups, try dscacheutil:

  dscacheutil -q host -a name www.apple.com

You can see the DNS settings macOS is using with:

  scutil --dns

DNSSEC

If there are more than one DNS servers configured in the network settings, Apple blocks non-DNSSEC systems when one that uses DNSSEC is in the list. DNSSEC, or Domain Name System Security Extensions, is a set of extensions to DNS that provides authentication of DNS data.

8.8.8.8 (Google NS), for example, supports DNSSEC. If your config (or your DCHP server) configures the Google NS in parallel to local ones, those local entries might be ignored. You can solve this by configuring no secondary name server in your DHCP configuration, and instead enabling forwarding to that name server in your DNS configuration.

kb/common/dns.txt · Last modified: 2024/05/06 09:00 by joerg.hampel