Change DNS Server From Terminal (or script) on Mac OS X

Question

How can I change my DNS server from the Terminal on Mac OS X? [I need this because my DNS is not working correctly with my VPN. Sometimes it's using the DNS for my main connection, and sometimes it's using the DNS specified for the VPN (which it should).]

Answer 1

You can use networksetup, e.g. for having the Airport connection use Google's DNS Servers:

networksetup -setdnsservers AirPort 8.8.8.8 8.8.4.4

You can find out the name of the network service by running networksetup -listallnetworkservices. It'll be 'Wi-Fi' probably.

This is the same as if you were to edit the entires in the Network Preference Pane in System Preferences, so it is persistent across reboots.

To reset the list of DNS servers, simply pass empty:

networksetup -setdnsservers AirPort empty

To set DNS automatically for multiple services, you can use a script like this, e.g. to use 1.1.1.1's servers:

services=$(networksetup -listallnetworkservices | grep 'Wi-Fi\|Ethernet\|USB')
while read -r service; do
    echo "Setting DNS for $service"
    networksetup -setdnsservers "$service" 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
done <<< "$services"

You may be running into a DNS issue on Snow Leopard that occurs when the order DNS servers are queried changes (see question 84144))

Answer 2

I don't have enough points to reply to Chealion's post but to add on to it I'd start with listing the interfaces

networksetup -listallnetworkservices

Once you have the interface you'd like to change you can do the below (I'm using the Wi-Fi but you can do any other interface)

sudo networksetup -setdnsservers Wi-Fi empty
sudo networksetup -setdnsservers Wi-Fi 8.8.8.8 8.8.4.4
sudo killall -HUP mDNSResponder

The first line of the above will empty out the DNS settings then follow it with the DNS servers we'd like to use and finely clear the DNS cache

To verify the DNS change you can do this before and after or simply after

scutil --dns | grep 'nameserver\[[0-9]*\]'

Answer 3

You can use scutil interactively from the terminal. Run sudo scutil and run these commands, swapping your DNS servers in where appropriate:

> open
> d.init
> d.add ServerAddresses * 8.8.8.8 9.9.9.9
> set State:/Network/Service/PRIMARY_SERVICE_ID/DNS
> quit

Instead of using 8.8.8.8 and 9.9.9.9 use your DNS servers.

The only problem is this is not persistent across reboots. If you want permanent changes, you'll want ncutil. The reason editing /etc/resolv.conf isn't sufficient in newer versions of OS X is because configd now uses a database to store information of current settings, which other applications read. Certain applications will still read /etc/resolv.conf (host for example), although that is not the case for all applications.

Answer 4

resolv.conf does not work on OSX anymore. There is a notice right at the top of that file as follows:

#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#

Also, networksetup -listallnetworkservices does not list all VPN interfaces.

Here is one way to use scutil to target the right interface: 1. Create a file commands.txt with your commands for the interactive scutil tool. e.g. contents for Pulse secure interface in my case:

get State:/Network/Service/net.pulsesecure.pulse.nc.main/DNS
d.add ServerAddresses * 8.8.8.8 9.9.9.9
set State:/Network/Service/net.pulsesecure.pulse.nc.main/DNS

2. Run scutil with the commands piped in. (You need sudo for set)

sudo scutil < commands.txt

Answer 5

If you just want to resolve certain domains over the vpn you can do this. Not sure what all versions of macos this works on but it works on Big Sur. Just replace that IP with that of your nameserver over the vpn and the filename is the domain you want to resolve there. It seems to work pretty instantaneously, you don't need to HUP anything.

sudo bash
mkdir /etc/resolver
cd /etc/resolver
echo 10.10.10.1 > domain.tld

Answer 6

You should be able to do it by editing /etc/resolv.conf (remember resolv.conf is reset after reboot), hope it helps - http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man5/resolver.5.html