Domain specific DNS under OSX

I’m going to do a series of these, the first being OSX, then I’ll move on to more specialized systems like pfSense and then probably the PS3.

So, let’s consider for a moment, that you want some of your DNS queries for certain domains to go through a particular server, but the bulk of your queries (everything not specified) to go through a default DNS system.

Say you’re using a service like unblock-us.com but you don’t want them to see all the sites you connect to, or you want to use OpenDNS‘s protection features or whatever. Maybe you’re like me and just want to use a faster local DNS system for everything except Netflix.

First thing, figure out what domains you need to specify (I’m asking Unblock-US to provide me with a list of domains they support, but honestly I’m only interested in netflix.com and the other domains linked to by it’s homepage).

So for me, I need to worry about

As you all know, I’m a command line junkie. That’s just how it is. I figure if you’re wanting to do things like this, you should be comfortable enough messing about in console.

I’m going to go with OpenDNS and GoogleDNS as a backup.

Unfortunately, there is no reliable way to set the base/default DNS server through the command line. Too many things change depending on exactly which release of OSX you are running.

So we need to fire up the GUI network preferences and set the DNS in there.

On my system, it looks something like this :

Screen Shot 2013-04-22 at 3.35.07 PM Screen Shot 2013-04-22 at 3.36.21 PM Screen Shot 2013-04-22 at 3.37.06 PM

Click for big. It’s pretty standard.

Now for the interesting part.

We have our list of domains from above.

We know that we want to make them resolve using specific DNS.

Now we drop into Terminal and open up an interactive root shell with “sudo -i”, create the resolver override, and then add the domains in.

 

This tells your computer to use the unblock-us.com DNS for the domains associated with Netflix.

This can be confirmed with

 

You might notice that I’m not actually using OpenDNS. That is because I don’t really want/like OpenDNS, I have my own custom DNS servers that I need to use for various things.

For super special extra verification