4

OSX Yosemite Search Domains Madness – RESOLVED

After upgrading a couple of my Macs to OSX Yosemite (10.10), I discovered that the former DNS resolution service, mDNSResponder, has been replaced by discoveryd.

This causes issues for me, as with mDNSResponder I was able to add “-AlwaysAppendSearchDomains” to the plist file, and it would do as it says, always append the search domains.

In my workplace, we have servers that have very long, multiple-part hostnames, for example:

host1.sub1.sub2.sub3.example.com

With “AlwaysAppendSearchDomains” enabled, I was able to access these servers via ssh like so:

ssh host1.sub1.sub2.sub3

With discoveryd, attempts to access them this way fail, as it does not add the search domains to anything longer than a single subdomain.

10.10.1 Resolution

As of Yostemite 10.10.1, the AlwaysAppendSearchDomains functionality is back!

sudo vim /System/Library/LaunchDaemons/com.apple.discoveryd.plist

Edit to add the option, so the first several lines appear as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
 <key>Label</key>
 <string>com.apple.networking.discoveryd</string>
 <key>UserName</key>
 <string>_mdnsresponder</string>
 <key>GroupName</key>
 <string>_mdnsresponder</string>
 <key>ProgramArguments</key>
 <array>
 <string>/usr/libexec/discoveryd</string>
 <string>--udsocket</string>
 <string>standard</string>
 <string>--loglevel</string>
 <string>Basic</string>
 <string>--logclass</string>
 <string>Everything</string>
 <string>--logto</string>
 <string>asl</string>
 <string>--AlwaysAppendSearchDomains</string>
 </array>

Reload the discoveryd plist:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist

And there was much rejoicing!

Not as old resolution

As pointed out in the comments, this can be very easily resolved with some edits to ~/.ssh/config

For example, mine now contains:

Host *.sub3
HostName %h.example.com

Of course, this only works for SSH, but that was the major part of my workflow that was broken.

OLD resolution

This severely broke my workflow, until I discovered that nslookup still works without the search domain being added (this is likely due to the configuration of the DNS servers in my workplace).

I decided to write a small bash script to allow me to ssh to these servers:

#!/bin/bash 
# Created by tfmm to get around OSX 10.10's crappy dns resolution and lack of appending search domains.  
ip=`nslookup $1 | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' |tail -1`  
ssh $ip

Save to a file, like “ssh2.sh”, make it executable, and use like so:

./ssh2.sh host1.sub1.sub2.sub3

I created an alias, so I don’t have to call the file directly, and can call it from any location.

This script could be modified for any command-line function, I have also copied it and modified it for PING use by replacing “ssh $ip” with “ping $ip”.

tfmm

4 Comments

  1. What I do is in my ~/.ssh/config file, setup wildcard host matches for the subdomains now that the mDNSResponder fix from the OS X Mavericks days is missing.

    For example, I have subdomains prod.foo.com and staging.foo.com.
    So I setup a:

    Host *.prod
    HostName %h.foo.com

    Host *.staging
    HostName %h.foo.com

    which does the trick. No messy external shell scripts, etc, that blow up some of the more interesting uses for ssh piping.

  2. According to http://support.apple.com/en-us/HT6572 this should be fixed now: “Allows you to append search domains for partially qualified domain names when performing DNS lookups (consult the discoveryd man page for more information)”.

    Can’t find anything in man pages or discoveryd/discoveryutil though. Any ideas?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.