DNS Troubleshooting Excerpt

gistfile1.txt

scutil --dns shows:

resolver #1
domain : comcast.net.
nameserver\[0] : 208.67.222.222
nameserver\[1] : 208.67.220.220
order : 200000

Indeed, /etc/resolv.conf was generated as:

#
# Mac OS X Notice
#
# This file is not used by the host name and address resolution
# or the DNS query routing mechanisms used by most processes on
# this Mac OS X system.
#
# This file is automatically generated.
#
domain comcast.net.
nameserver 208.67.222.222
nameserver 208.67.220.220

But the output of "killall -INFO mDNSResponder" shows:

Sep 8 03:02:32 Sun-MacBookPro mDNSResponder\[27]: --------- DNS Servers ----------
Sep 8 03:02:32 Sun-MacBookPro mDNSResponder\[27]: DNS Server . 208.67.220.220:53
Sep 8 03:02:32 Sun-MacBookPro mDNSResponder\[27]: DNS Server . 208.67.222.222:53

The output clearly shows the DNS Servers in the REVERSE order of that specified.

This is confirmed by watching DNS traffic with:

$ tcpdump -n -i en1 port domain

The following behavior is seen:

1) A "nslookup microsoft.com." queries the specified name servers in the documented order:

03:07:50.338737 IP 192.168.0.104.56799 > 208.67.222.222.53: 38560+ A? microsoft.com. (31)
03:07:50.399542 IP 208.67.222.222.53 > 192.168.0.104.56799: 38560 2/0/0 A 207.46.197.32, A 207.46.232.182 (63)

2) A "dscacheutil -q host -a name dell.com." queries the specified name servers in REVERSE order as shown by the SIGINFO dump from mDNSResponder:

03:08:45.999752 IP 192.168.0.104.52265 > 208.67.220.220.53: 51153+ AAAA? dell.com. (26)
03:08:46.113500 IP 208.67.220.220.53 > 192.168.0.104.52265: 51153 0/0/0 (26)
03:08:46.448882 IP 192.168.0.104.65288 > 208.67.220.220.53: 44627+ A? dell.com. (26)
03:08:46.510262 IP 208.67.220.220.53 > 192.168.0.104.65288: 44627 2/0/0 A 143.166.83.38, A 143.166.224.244 (58)

Both sets of queries should have been made to 208.67.222.222.