For the life of me I cannot resolve this issue. I was given a 2013 MacBook Air and upgraded it to Big Sur using my work’s WiFi. At home it will connect only to the 5GHz network (it will not connect to 2.4GHz it says “incorrect password” even though it’s correct). Once connected it shows the green dot and connected IP, however no webpages will load. I’ve spent hours trying things online such as: 1) Restarting router/modem 2) Deleting system configuration files in the preferences library 3) Changing network options under the network pretences for DNS 4) Forgetting the network and re-adding it 5) Starting in Safe Mode - problems still persist 6) Clearing DNS cache via Terminal 7) Adding “new” locations 8) Making sure time/date/region settings are correct 9) Turn off firewalls and removing anti virus software 10) Checking router blacklist & settings I do not know where to go from here, the laptop works on other connections as well as my phone Hotspot. Most errors in the browser window are “DNS_PROBE_... NO INTERNET” When I checked my DNS via Terminal, there are 7 resolvers all unreachable and at the bottom under (for scoped queries) Reachable (8.8.8.8) I have fiddled around with so many different “fixes” online and nothing has worked. Any advice would be highly appreciated

My host's IP address changes sometimes, I can't help on it. So, I change the entry in /etc/hosts:

192.168.1.106   myhost

I can *ping* it:

PING myhost (192.168.1.106): 56 data bytes
64 bytes from 192.168.1.106: icmp_seq=0 ttl=64 time=66.849 ms
64 bytes from 192.168.1.106: icmp_seq=1 ttl=64 time=7.315 ms
64 bytes from 192.168.1.106: icmp_seq=2 ttl=64 time=13.457 ms

I can simply *ssh* to it with IP address. But I can not *ssh* with host name:

$ ssh -vvvv myhost
OpenSSH_9.9p2, LibreSSL 3.3.6
debug1: Reading configuration data /Users/ern0/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/ern0/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/ern0/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug1: Connecting to myhost port 22.
ssh: Could not resolve hostname myhost: nodename nor servname provided, or not known

I found no useful information in verbose *ssh* output. I may add entry in ~/.ssh/config to specify the IP address, but I think, /etc/hosts should do the job. I am using latest MacOS:

$ uname -a
Darwin touchbar.local 24.5.0 Darwin Kernel Version 24.5.0: Tue Apr 22 19:48:46 PDT 2025; root:xnu-11417.121.6~2/RELEASE_ARM64_T8103 arm64 arm Darwin

Does *ssh* have some hidden mechanism I don't know?

I have configured dnsmasq to resolve all .dev domains to 127.0.0.1. This works great as long as my Mac is connected to the Internet (using Wi-Fi or even my iPhone in hotspot mode). As soon as I turn off my Wi-Fi or there's no coverage (say I'm nowhere where there's no Wi-Fi connection available) I can't access my .dev websites anymore. Safari refuses to connect saying I'm offline. I would have to put my phone in hotspot mode but in this way I can't truly work offline. Is there a way to have this setup work? I do remember it was working back in the days of Snow Leopard. Even up to Mavericks for sure. All CLI tools work fine. Cocoa apps don't. My dnsmasq config is as simple as: address=/dev/127.0.0.1 domain-needed bogus-priv

How can I prevent safari to redirect the user to the google search page for addresses with custom top-level domains? Given an address of the type http://application.test where test is a primary zone on our intranet, if I enter either: * http://application.test * application.test/ Then Safari correctly resolves the name and opens the page, if I enter: * application.test Then Safari assumes it is a search query and redirects the user to the google search page. Is it possible to prevent this in any way which does not involve the user itself?

Given the following: scutil --get ComputerName // Dan's MacBook Pro scutil --get HostName // Dans-Macbook-Pro scutil --get LocalHostName // Dans-Macbook-Pro Why on earth, if I do a sudo tcpdump -c30 -vn -i en0 port 67 or port 68 and toggle WiFi to check DHCP requests, does macOS do:

➜  ~ sudo tcpdump -c30 -vn -i en0 port 67 or port 68
tcpdump: listening on en0, link-type EN10MB (Ethernet), snapshot length 524288 bytes
01:55:46.692745 IP (tos 0x0, ttl 255, id 61100, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 3a:35:ca:31:4e:fc, length 300, xid 0x53a1e874, Flags [none]
	  Client-Ethernet-Address 3a:35:ca:31:4e:fc
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Request
	    Parameter-Request (55), length 13: 
	      Subnet-Mask (1), Classless-Static-Route (121), Default-Gateway (3), Domain-Name-Server (6)
	      Domain-Name (15), Unknown (108), URL (114), Unknown (119)
	      Unknown (162), Unknown (252), LDAP (95), Netbios-Name-Server (44)
	      Netbios-Node (46)
	    MSZ (57), length 2: 1500
	    Client-ID (61), length 7: ether 3a:35:ca:31:4e:fc
	    Requested-IP (50), length 4: 192.168.50.24
	    Lease-Time (51), length 4: 7776000
	    **Hostname (12), length 3: "Mac"** <---- hostname "Mac" here

OS: macOS Mojave 10.14 (18A389) Current network setup: * Local domain: home.rossipedia.com * Subnet: 172.16.10.0/24 * Gateway / DHCP server / DNS server: 172.16.10.1 Output of scutil --dns: DNS configuration resolver #1 search domain : home.rossipedia.com nameserver : 172.16.10.1 if_index : 21 (en8) flags : Request A records reach : 0x00020002 (Reachable,Directly Reachable Address) resolver #2 domain : local options : mdns timeout : 5 flags : Request A records reach : 0x00000000 (Not Reachable) order : 300000 ... (mdns common stuff)... DNS configuration (for scoped queries) resolver #1 search domain : home.rossipedia.com nameserver : 172.16.10.1 if_index : 21 (en8) flags : Scoped, Request A records reach : 0x00020002 (Reachable,Directly Reachable Address) This works fine. I can find *.home.rossipedia.com hosts without issue. However, the moment I connect to a L2TP VPN, my system gets reconfigured to use the _VPN_ DNS servers to resolve hosts on my _home_ search domain. $ scutil --dns DNS configuration resolver #1 search domain : home.rossipedia.com nameserver : x.x.x.x <- VPN DNS SERVER 1 nameserver : x.x.x.x <- VPN DNS SERVER 2 if_index : 23 (ppp0) flags : Supplemental, Request A records reach : 0x00000003 (Reachable,Transient Connection) order : 100000 resolver #2 nameserver : 172.16.10.1 if_index : 21 (en8) flags : Request A records reach : 0x00020002 (Reachable,Directly Reachable Address) order : 200000 ... (mdns common stuff)... The scoped queries configuration looks right, though: DNS configuration (for scoped queries) resolver #1 search domain : home.rossipedia.com nameserver : 172.16.10.1 if_index : 21 (en8) flags : Scoped, Request A records reach : 0x00020002 (Reachable,Directly Reachable Address) resolver #2 search domain : first.vpn.domain search domain : second.vpn.domain nameserver : x.x.x.x nameserver : x.x.x.x if_index : 23 (ppp0) flags : Scoped, Request A records reach : 0x00000003 (Reachable,Transient Connection) In my Network System Preferences, I have the VPN connection last in the Service Order dialog. If I move the VPN connection to _before_ my ethernet connection, then my local DNS server doesn't show up in the resolver list _at all_ (while connected to the VPN): $ scutil --dns DNS configuration resolver #1 search domain : first.vpn.domain search domain : second.vpn.domain nameserver : x.x.x.x nameserver : x.x.x.x if_index : 23 (ppp0) flags : Supplemental, Request A records reach : 0x00000003 (Reachable,Transient Connection) order : 100000 resolver #2 nameserver : x.x.x.x <- these are the same as above nameserver : x.x.x.x if_index : 23 (ppp0) flags : Request A records reach : 0x00000003 (Reachable,Transient Connection) order : 200000 ... (mdns common stuff)... ### What I want: Ideally, what I'd like to see when connection to a VPN is something like: $ scutil --dns DNS configuration resolver #1 search domain : home.rossipedia.com nameserver : 172.16.10.1 if_index : 21 (en8) flags : Request A records reach : 0x00020002 (Reachable,Directly Reachable Address) resolver #2 search domain : first.vpn.domain search domain : second.vpn.domain nameserver : x.x.x.x nameserver : x.x.x.x if_index : 23 (ppp0) flags : Supplemental, Request A records reach : 0x00000003 (Reachable,Transient Connection) order : 100000 ... (mdns common stuff)... This way I could resolve all *.home.rossipedia.com hosts via my local DNS server at 172.16.10.1, and any hosts on my VPN domain would be resolved using the VPN DNS servers. I've tried changing the order of services in the Network pref pane, changing the local domain on the DNS/DHCP server, deleting and re-creating the VPN connection, nothing has worked so far. Is this possible? Or am I misunderstanding how this all works?

In order to get a useful DNS over TLS server configuration on macOS, I imported a network profile. After having installed this network configuration file, I did not see any new entry in the Network Settings graphical user interface. Only in the terminal, I can see it seems to be active: profiles list [user[1] attribute: profileIdentifier: com.quad9.tsecuredecs.HASH] There are 1 user configuration profiles installed for 'user'. In all tutorials on how to remove custom Network profiles, I see it appears in the GUI (for example Can't delete NextDNS profile from macOS Network Preferences ). But in mine, there is nothing else than the default ones. ![Screenshot of Network settings showing only Wi-Fi, ProtonVPN, an Bluetooth PAN services ][2]

Just added a record in my /etc/hosts but it doesn't work. I also tried to clear DNS via this way: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder When I ping that IP, it's still the IP in the real-world. What can I do with this (so that the domain will go to the IP in my hosts file.

I have one network cable connected to my Mac, and I've set up two services in the Network settings: 1. Internet Realtek LAN IP: 192.168.1.1 | DNS: 192.168.1.1 or 1.1.1.1 (either works for me) 2. Labo Realtek LAN IP: 192.168.137.1 | DNS: 192.168.137.1 When I ping the server or access it via IP using curl or a browser, everything works fine. However, I need both DNS settings to work simultaneously. From what I've observed, macOS uses the DNS of the service listed first in the service order under Network settings. This means only one DNS is active at a time. Is this correct? If so, how can I configure macOS to use both DNS settings as needed? Any solutions or workarounds would be appreciated.

I'm developing a web application on my local machine using the web browser, so adding my domain addresses to the /etc/hosts file worked fine so far. But now comes the mobile app on iOS and Android. I need them to resolve the same domain addresses. I tried to install dnsmasq locally using homebrew, on port 53 since we can't define a custom port with emulators, but the DNS queries doesn't seem to reach dnsmasq. But when I use another higher port, like 8353, dnsmasq replies correctly. So it seems that there's something on macOS Sequoia, which catches the DNS requests on port 53. What are my options to get the my web browser, and mobile emulators resolving a local domain to my local web server?

I need to find how to display my DNS cache on the mac. I have tried multi Google searches but failed to come up with a good solution. The best I found was how to remove the cache with the command sudo killall -HUP mDNSResponder which is great but I need to see the cache to see if the change works.

My company uses Split DNS to resolve internal domains. We configure this Split DNS by installing a mobileconfig with a VPN profile. See also https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf for more information. The profile contains the following section:

SupplementalMatchDomains

  cb.local
  privatelink.azurewebsites.net

Usually this would configure/install the following resolvers, output from scutil --dns where resolver #1 is the one provided by the local network:

DNS configuration

resolver #1
  search domain : cb.local
  search domain : privatelink.azurewebsites.net
  nameserver : 172.16.0.1
  if_index : 14 (en0)
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  domain   : cb.local
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 23 (ipsec0)
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 103000
...

resolver #4
  domain   : privatelink.azurewebsites.net
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 23 (ipsec0)
  flags    : Supplemental, Request A records
  reach    : 0x00000002 (Reachable)
  order    : 103001
...

DNS configuration (for scoped queries)

resolver #1
  nameserver : 172.16.0.1
  if_index : 14 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  search domain : cb.local
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 23 (ipsec0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

However this is no longer the case:

DNS configuration

resolver #1
  nameserver : 172.16.0.1
  if_index : 6 (en0)
  flags    : Request A records
  reach    : 0x00000002 (Reachable)
...

DNS configuration (for scoped queries)

resolver #1
  nameserver : 172.16.0.1
  if_index : 6 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  search domain : cb.local
  nameserver : 10.233.3.17
  nameserver : 10.233.3.27
  if_index : 18 (ipsec0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

I have tried reinstalling the mobileconfig Profile and restarting the machine to no avail:

> ping ad01.cb.local
ping: cannot resolve ad01.cb.local: Unknown host

How can I get Split DNS to work again? I really want to configure it through a profile (.mobileconfig) (and not through various /etc/resolver/domain files or a local dnsmasq instance). macOS Ventura 13.0.1.

I'm on a 2021 MacBook Pro with Sequoia 15.3.2 and some of my settings (DNS, Firewall) are set with a profile by the company I work for. Sometimes I share this MacBook to a user for which I've created a standard (non-admin) account and has Android Studio with Android emulator. I noticed that it is possible to start android emulator from the command line and set another DNS by adding -dns-server parameter. I would like to prevent the use of another DNS in Android emulator and possibly in other apps. I can't uninstall Android Studio as it is needed. How could I do that, independently of the network the user is connected to (I can force something on Wifi network but not with 4G/5G hotpoint) ? I first thought of hosts file, but I think it only allows to block by host name and not by IP. I don't have access to Firewall and DNS settings as it is handled by the company. Then I thought of pfctl but I don't know exactly how to configure it, I made a quick try but didn't succeed I added those lines in pfctl conf and restarted it :

block drop proto tcp from any to 8.8.8.8 port 53
block drop proto udp from any to 8.8.8.8 port 53

Then I launched Android emulator with -dns-server 8.8.8.8 option, but this DNS server was still accessible. Maybe I should add port 853 in my conf too ? Can you please advise me on how I could do that ?

I have an odd issue that I hope someone can help on. I recently switched hosting providers for a subdomain on our website (the main domain is still at the old host). The DNS settings for this subdomain are set with a custom A record which points to the new server's IP address. I have done a DNS lookup and the A record for this subdomain lists the correct IP. In Firefox, the subdomain resolves correctly to the new host. However, in both Chrome (and Safari), the subdomain still goes to the old host. I did a local OS level DNS flush (using sudo killall -HUP mDNSResponder) but that seems to not have done anything. Clearing Chrome's cache does nothing. I even tried clearing Chrome's DNS cache. Again, no luck. I am on Mojave.

Develop > Empty caches (cmd alt e) isn't clearing Safari's DNS cache. I made some changes to /etc/hosts and those changes are reflected in all my other browsers, and ping and getent hosts, but Safari still loads the previous website. I have also tried sudo killall -HUP mDNSResponder and sudo dscacheutil --flushcache and neither help Safari forget the previous address.

So I have been using blocky dns to setup a custom dns server that runs locally on 127.0.0.1 and on port 53. It had been working well for quite some time now and then I decided to update Macos to 15.3.2 and rebooted it and it was no longer working.

sudo lsof -i :53
COMMAND   PID           USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
mDNSRespo 441 _mdnsresponder   33u  IPv4 0xa70e7309758216e7      0t0  UDP *:domain
mDNSRespo 441 _mdnsresponder   34u  IPv6 0x36f01ded9c565b9f      0t0  UDP *:domain
mDNSRespo 441 _mdnsresponder   35u  IPv4 0x2c23d4c61490f3c1      0t0  TCP *:domain (LISTEN)
mDNSRespo 441 _mdnsresponder   36u  IPv6

and

blocky -c .config/blocky/config.yml
{"level":"error","msg":"server start failed: start udp listener failed: listen udp :53: bind: address already in use","time":"2025-03-12T22:02:10+05:30"}
Error: start udp listener failed: listen udp :53: bind: address already in use

I already have internet sharing disabled and docker isn't running either.

On my Mac, I am trying to set my DNS servers so that they are 8.8.8.8 and 8.8.4.4 at my house, while at school they are the router default (they block google's public DNS) How can I set up my DNS servers to be configured differently for each wireless network? note: router configuration at my home is not an option. I am running:
macOS 10.12.3 16D32 Sierra
MacBook Pro 13" w/ 4 Thunderbolt 3

I have a 2013 MacBook Pro and my OS version is macOS Monterey 12.7.6. Now the issue is that sometimes I suddenly am unable to browse websites on my chrome or safari browser, it just stops working out of the blue. I checked and I am connected to Internet because when I ping any websites from MacBook’s terminal I do get a response back, it’s just that the websites are not opening on any browsers. What is the solution for this? The internet is working because when I open those same websites on my phone then there is no issue. I did the usual troubleshooting of clearing cookies, flushing DNS cache, Renew DHCP lease but that still don’t solve the issue.

I have a weird issue with Python on macOS Sequoia for the last couple of days. It did not happen right after the upgrade, it worked initially. Python in Terminal.app cannot resolve any DNS queries. However, the Python console and the builtin Terminal in PyCharm works just fine. Here's a sample; the http command is [HTTPie](http://httpie.io) , a Python based utility:

% http google.com

http: error: gaierror: [Errno 8] nodename nor servname provided, or not known
Couldn’t resolve the given hostname. Please check the URL and try again.

% python3
Python 3.12.6 (main, Sep  6 2024, 19:03:47) [Clang 16.0.0 (clang-1600.0.26.3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> socket.getaddrinfo('google.com', 80)
Traceback (most recent call last):
  File "", line 1, in 
  File "/opt/homebrew/Cellar/python@3.12/3.12.6/Frameworks/Python.framework/Versions/3.12/lib/python3.12/socket.py", line 976, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
socket.gaierror: [Errno 8] nodename nor servname provided, or not known
>>> ^D

% curl google.com

...

% dig google.com
...
;; ANSWER SECTION:
google.com.		41	IN	A	142.250.184.206

;; Query time: 14 msec
;; SERVER: 192.168.178.1#53(192.168.178.1)
;; WHEN: Fri Oct 04 10:13:02 CEST 2024
;; MSG SIZE  rcvd: 55

% http -v 142.250.184.206
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: 142.250.184.206
User-Agent: HTTPie/3.2.3



HTTP/1.1 301 Moved Permanently
...

As you can see, network connections in general are fine, only DNS queries can't be resolved. They time out after about 30 seconds. However, the same within PyCharm works fine. I've read about HTTP_PROXY environment variables maybe being a problem, but I don't have those set. I don't know enough about DNS resolution and how Python uses it to even know where to look. Any ideas?

I installed a configuration profile from NextDNS on my macOS machine to encrypt and track DNS queries and set my Ethernet DNS servers to localhost (:: and 127.0.0.1) to ensure nothing can bypass it, but it appears that macOS will repeatedly make unencrypted DNS queries for mask-api.icloud.com (over port 53) anyway. (I can see the unencrypted lookup attempts to localhost via Wireshark.) (Note: mask-api.icloud.com is blocked via NextDNS.) Further, these A and AAAA queries for mask-api.icloud.com are paired with inexplicable PTR queries for lb._dns-sd._udp.0.0.168.192.in-addr.arpa and 0.0.168.192.in-addr.arpa. I’m wondering if this behavior is considered normal, an Apple bug, or a sign of malware and if there’s some way to disable the undesired queries in macOS. (Note: Private Relay is off since I don’t use an iCloud account on macOS and the “limit tracking” feature is also off for the Ethernet connection.) (Also concerning is that if this behavior is in iOS too, then it’s presumably not actually possible to block iCloud masking or encrypt all DNS requests on a mobile network via a configuration profile since iOS doesn’t seem to provide any other way to control mobile network DNS servers (i.e., I can’t blackhole the requests to localhost).)