How Mac OS X Handles Name Resolution with lookupd
On most Unix‑like operating systems, name resolution is the responsibility of the named daemon and the /etc/resolv.conf file. Mac OS X takes a different route: it relies on a built‑in resolver called lookupd. lookupd is more than just a DNS client; it is the single point that pulls data from several sources - flat files, DNS servers, NetInfo, Directory Services, LDAP, and even NIS - so the OS can answer questions about users, hosts, services, and more.
Unlike the usual named daemon that you see on Linux or BSD, lookupd does not appear as a persistent background process in the normal ps listings. Instead, it is started on demand when a query is made. This design keeps the system lean while still offering a rich set of lookup capabilities. The key to understanding lookupd is its “agent” model. Each agent knows how to query a particular data source and returns a dictionary of key/value pairs that describe the entity in question.
Take the example of querying a user record. Running lookupd -d launches an interactive shell. Entering userWithName: apl returns a dictionary that contains the user’s home directory, UID, group, shell, real name, and authentication data. The output begins with the line Dictionary: "NI: user apl". The NI prefix tells us that the information was sourced from the NetInfo database, the legacy data store that Apple used to keep track of system configuration before the adoption of Directory Services.
NetInfo is not just a user database; it is a full configuration repository. It stores information about networks, services, protocols, and many other system settings. When These prefixes are more than just labels. They map to the order in which Because The caching layer plays a vital role. When a query is resolved, the result is stored in a local cache for up to 43,200 seconds (12 hours) by default. The cache is consulted before any external source, which speeds up repeated lookups and reduces network traffic. The cache can be flushed by sending a SIGUSR1 to the In summary, While the default lookup order (Cache FF DNS NI DS) works well for most users, there are scenarios where you might want to prioritize one source over another. For instance, an organization may want DNS to override any entries in First, view the current configuration with lookupd queries NetInfo, it returns the data in a consistent dictionary format, which makes it easy for other components of the OS to consume. The same query format works for hosts, services, protocols, and even group membership. For instance, querying a host named website will look up the address in the flat file (/etc/hosts) first, yielding a dictionary that starts with Dictionary: "FF: host website". The FF prefix indicates the “Flat File” agent. When a full URL like www.aplawrence.com is requested, lookupd falls back to DNS, and the dictionary will begin with Dictionary: "DNS: host aplawrence.com"
lookupd consults the various data sources. The default lookup order for host queries on Mac OS X is Cache FF DNS NI DS - meaning the system first checks its in‑memory cache, then looks in /etc/hosts, then queries DNS servers, then checks NetInfo, and finally consults Directory Services. This order can be viewed by running lookupd -configuration. The output lists several configuration sets (Global, Host, Service, Protocol, etc.), but the one that matters for host resolution is the “Host Configuration” block, which shows LookupOrder: Cache FF DNS NI DS
lookupd centralizes all these lookups, you can perform the same query against different data sources by specifying the appropriate agent. For example, lookupd -d > hostWithName: website uses the FF agent, while lookupd -d > hostWithName: www.aplawrence.com uses the DNS agent. If you want to force a lookup against NetInfo even for hosts, you could use the hostWithName: NI syntax, though this is rarely needed.lookupd process or by restarting the daemon. Flushing the cache is sometimes necessary when you change DNS records or edit /etc/hosts and want the changes to take effect immediately.lookupd is the Mac OS X equivalent of the name resolution stack you see on other Unix systems, but it extends far beyond DNS. By pulling data from NetInfo, Directory Services, LDAP, and flat files, it provides a unified interface for all the OS components that need to resolve names. Understanding how lookupd works and how to inspect its configuration is essential for advanced networking, system administration, or troubleshooting name resolution issues on Mac OS X.Changing the Order of Lookups on Mac OS X
/etc/hosts, or a developer might prefer to test against a local flat file before hitting the network. Mac OS X allows you to customize this order by creating a configuration file under /etc/lookupd and then restarting the lookupd daemon.lookupd -configuration. The output will show the lookup order for each configuration set. The host configuration section looks like this:
To change this order, you need to create a directory named /etc/lookupd if it doesn't already exist. Use sudo mkdir /etc/lookupd to create the directory. Then create a file called hosts inside that directory and write the new order. For example, to make DNS the first source and keep the rest unchanged, run:
Notice that the file must contain only the LookupOrder directive and no other lines. The syntax is strict: you cannot add comments or extra parameters. After writing the file, you must tell lookupd to reload its configuration. The daemon stores its process ID in /var/run/lookupd.pid. Sending a SIGUSR1 or simply restarting the process is sufficient:
Once the daemon restarts, lookupd -configuration will show the updated order:
LookupOrder: Cache NI DNS FF DS
Now when you run lookupd -d > hostWithName: www.aplawrence.com, the lookup will first consult NetInfo, then DNS, then /etc/hosts, and finally Directory Services. You can verify that DNS is indeed used first by checking the _lookup_agent field in the output; it should say DNSAgent
Reverting to the original order is equally simple. Remove the custom directory or its contents and restart lookupd again:
sudo rm -r /etc/lookupd
Be careful: if /etc/lookupd existed before you made changes, delete or rename its contents instead of removing the directory entirely. Otherwise you risk losing other custom configurations that may have been added by system updates or third‑party tools.
It is worth noting that Mac OS X 10.2.6 (the version used in the original example) is an older release. Later versions, such as 10.4 through 10.15, moved to the Directory Services framework and eliminated NetInfo. In those releases, the lookup order may include DS as the primary source, and the /etc/lookupd mechanism may have been superseded by the networksetup command or the System Preferences pane. Nonetheless, the underlying principle remains: you can control where the OS looks for names by adjusting the lookup order.
In practice, editing /etc/lookupd is a powerful tool for system administrators. It allows you to enforce corporate DNS policies, route name resolution through custom servers, or test new network configurations without modifying the operating system's core files. Always back up the original configuration before making changes, and verify the new order with lookupd -configuration to avoid unintended lookup failures. With this knowledge, you can fine‑tune name resolution on Mac OS X to suit your environment and workflow.
No comments yet. Be the first to comment!