Mac seems to ignore the result of local DNS for local hosts


I have a server (running Ubuntu 16.04) on my local network, which amongst other things, runs DMSmasq. My local domain is

Running on my Mac, if you query the DNS, it returns the LAN address of various machines on my network. E.g.:

beethoven:~ nick$ dig

; <<>> DiG 9.8.3-P1 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36867
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;   IN  A


;; Query time: 82 msec
;; WHEN: Fri Aug 11 14:22:39 2017
;; MSG SIZE  rcvd: 61

and in this example, my Mac can correctly resolve, using the default DNS, the address of serv2 on my LAN.

However, when I use other commands (e.g. ping) sometimes they correctly resolve:

beethoven:~ nick$ ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.832 ms

other times, my Mac seems to ignore the result from the local DNS (which is the only name server it is configured to use) and somehow manages to use the WAN address (that you would get if you queried an other DNS):

beethoven:lib nick$ ping serv2
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=2.140 ms

As far as I can tell, the local DNS server works correctly — it always returns the LAN address ( and never returns the WAN address ( I also have both Windows 7 and Linux machine running on the network when I use the ping command (or any other command) they always use the LAN address (, so I assume that this is something specific to macOS.

Why is this important to me? The router I have from my ISP discards packets from the LAN attempting to access machines using the WAN address. This means that commands accessing other machines on the network fail. eg:

beethoven:lib nick$ ssh serv2
ssh: connect to host serv2 port 22: Connection refused

I am using macOS 10.12.6

Any suggestions as to how I should configure my Mac so it only uses the configured DNS to resolve hosts would be gratefully received.

Whats my search domain?: On the network setting page the DNS server is shown as and the search domain is shown as

EDIT 2: Output of commands:

beethoven:bin nick$ networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
*Bluetooth PAN
*Thunderbolt Bridge
beethoven:bin nick$ networksetup -getsearchdomains  Wi-Fi
There aren't any Search Domains set on Wi-Fi.

EDIT 3: dnsmasq.conf (from ubuntu 16.04 host, "serv2")

# Use google open DNS name servers (avoids the risk of a router attack)

# Do not use /etc/hosts, but serve hostnames from /etc/hosts.dnsmasq

# expand unqualified hostnames to suffix

# turn on dhcp (limit leases to 12hours so updates dont need a restart)

# and redirect all gateway requests through router

# and offer a time server

# and we are the *only* dns server

Best Answer

This has been driving me mad for ages, anyway, I think that I have stumbled on the solution.

The way I had set up my dynamic DNS was that was an alias for not the best way of doing this, but it meant that serv2 handled all the requests for

So when you query the server:

beethoven:~ nick$ host serv2 has address is an alias for

So what I think is happening is that mDNSresponder was clever enough to cache as an alias (and I assume that this doesn't happen on windows and linux), so when it did a subsequent DNS lookup for serv2, it tried to save time by sending a query for (not serv2...), which it has cached as the alias. My local DNS server didn't recognize as part of the local domain and responded by giving the external IP address.

To solve this I added as an alias for serv2 in the hosts file used by dnsmasq:

# Fixed IP machines gateway wifi1 wifi2 serv2