Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

DNS Question

S

ScoobyMcDoo

macrumors 65816
Original poster
Nov 26, 2007
1,188
37
Austin, TX
On my company network the IT dept has blocked the ability to get to some sites via DNS - not real effective, but it's a small company and it keeps most folks from getting to sites they want to block. Anyway, I was trying to set up my macbook to bypass this, so I just entered in some different DNS servers - I just used the 8.8.8.8 and 8.8.4.4 to use google. This got me around the DNS block, but, of course, it will no longer resolve names on our internal network. So, I just appended the two internal name servers to the list of DNS servers. It appears that if a connection to the first DNS server is made, it will not fail over to the others in the list, even it it can't resolve the address with that server.

So my question is, is there a way I can tell the system to try the next DNS server in the list if it is unable to resolve the address?

Just to be clear, by DNS list looks like:
8.8.8.8 # google
8.8.4.4 # google
10.0.100.2 #internal
10.0.100.1 #internal

Right now if I try to ssh to an internal address (lets say its blah1234), it will look it up on 8.8.8.8 and see it doesn't exist. What I want is for it to continue down the list until it finds a server that can resolve the address.

By the way, I'm running 10.6.8 for my OS..
 
r0k

r0k

macrumors 68040
Mar 3, 2008
3,611
75
Detroit
ScoobyMcDoo said:
On my company network the IT dept has blocked the ability to get to some sites via DNS - not real effective, but it's a small company and it keeps most folks from getting to sites they want to block. Anyway, I was trying to set up my macbook to bypass this, so I just entered in some different DNS servers - I just used the 8.8.8.8 and 8.8.4.4 to use google. This got me around the DNS block, but, of course, it will no longer resolve names on our internal network. So, I just appended the two internal name servers to the list of DNS servers. It appears that if a connection to the first DNS server is made, it will not fail over to the others in the list, even it it can't resolve the address with that server.

So my question is, is there a way I can tell the system to try the next DNS server in the list if it is unable to resolve the address?

Just to be clear, by DNS list looks like:
8.8.8.8 # google
8.8.4.4 # google
10.0.100.2 #internal
10.0.100.1 #internal

Right now if I try to ssh to an internal address (lets say its blah1234), it will look it up on 8.8.8.8 and see it doesn't exist. What I want is for it to continue down the list until it finds a server that can resolve the address.

By the way, I'm running 10.6.8 for my OS..
Click to expand...

You can use the google dns to "look up" servers you need. Record those values in /private/etc/hosts being careful not to botch the required entries for localhost, then switch back to your internal dns. The down side is having to fiddle with dns whenever you want to add a new site. DNS blocking is most effective when non-admin users are being blocked. You couldn't be changing your dns in the first place if you weren't an admin so have at it.

Another way to check what's going on is to use http://isitdown.us/. If your request times out but isitdown says the site is up, your IT ppl are getting in the way.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom