ibresolv on macOS has no split-DNS support
| Originator: | m.hanauska | ||
| Number: | rdar://FB7633839 | Date Originated: | Mar 20, 2020 |
| Status: | Open | Resolved: | |
| Product: | macOS | Product Version: | any |
| Classification: | Bug | Reproducible: | Always |
Some applications still use libresolv for custom DNS queries.
The macOS version of libresolv still retrieves the DNS configuration from /etc/resolv.conf, which actually is a symlink to /var/run/resolv.conf and is auto generated by configd (IPMonitor plugin, ip_plugin.c) every time the key State:/Network/Global/DNS changes in the dynamic store.
For global DNS settings, it all works as expected but as soon as split-DNS is used ("SupplementalMatchDomains"), this setup breaks.
The reason for that is that libresolv has support for split-DNS by looking at resolver files that are found at /etc/resolver and named after search domains, yet configd is not creating any such files.
Two very easy solutions to that problem would be possible:
1) The IP Plugin also checks for split-DNS and writes resolver files to /etc/resolver (or to /var/run/resolver to that /etc/resolver could be a symlink). This would make split-DNS on macOS compatible to pretty much all existing UNIX DNS code that also supports this feature.
2) The macOS version of libresolv stops using /etc/resolver and /etc/resolv.conf altogether and pulls the DNS configuration directly from the dynamic store. This is probably the better solution in the long run.
This issue affects all versions of macOS since support for "SupplementalMatchDomains" was added (I think 10.6) and it exists up to 10.15
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!