You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Manually provided DNS server addresses are higher priority than DHCP's

Disclaimer: Apple does not necessarily endorse any suggestions, solutions, or third-party software products that may be mentioned in the topic below. Apple encourages you to first seek a solution at Apple Support. The following links are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use the information below at your own discretion.



With the recent revelation of DNS server security issues, many have expressed a desire to use DNS servers they know to be secure rather than the servers specified by their routers via DHCP, which often are those of a particular ISP.

When you manually enter a DNS server address in Mac OS X Leopard's Network preference pane, the manually entered address(es) appear below any DHCP-provided addresses (which are shown in grey as they are unchangeable), leading one to assume that DHCP-provided addresses always have priority over any a user may specify.

However, a check of the /etc/resolv.conf file generated by Mac OS X shows that in fact user-provided DNS addresses will supercede any provided by DHCP.

As an example, if your router promotes itself as a DHCP server, its IP address, say "192.168.0.253," will appear, greyed out, in the Network->Advanced->DNS preferences pane.

If you then add, say, OpenDNS' addresses of "208.67.222.222" and "208.67.220.220," the preferences window will show:

192.168.0.253 (greyed out)
208.67.222.222
208.67.220.220


But the generated /etc/resolv.conf will show the order Mac OS X will actually reference the servers is:

nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 192.168.0.253


While this is non-intuitive, given how the addresses are displayed in the preference pane, it is exactly the way a user would hope things would work - allowing one to specify DNS servers to be used in lieu of any a router provides, especially handy if the router propagates the address of a DNS server that is having issues, that is untrusted or is simply overloaded or offline.

Do you want to provide feedback on this User Contributed Tip or contribute your own? If you have achieved Level 2 status, visit the User Tips Library Contributions forum for more information.

Quad 2.5 GHz G5, 5 GB | 2.33 GHz MBP C2D 2 GB, Mac OS X (10.5.4)

Posted on Aug 12, 2008 6:10 AM

Reply

There are no replies.

Manually provided DNS server addresses are higher priority than DHCP's

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.