MacOSX lookupd and NetInfo


Changing Name Resolution Order

Name resolution is how your system figures out the actual IP address for host.xyz.com (and vice-versa). For most Unix systems, that function is provided by "named" and the configuration files are /etc/resolv.conf, named.conf, and perhaps nsswitch.conf. While you'll find a resolv.conf and even a named.conf on Mac OS X, you won't find named in the process list. Instead, MacOSX has a neat resolver capability controlled by "lookupd".

In spite of its name, "lookupd" is much more than just name resolution. It's a general purpose tool to query NetInfo and other configuration stores, which in turn is really what controls the OS. For example, here we use lookupd to get information about a user:


bash-2.05a$ lookupd -d
lookupd version 272 (root 2002.07.27 09:40:39 UTC)
Enter command name, "help", or "quit" to exit
> userWithName: apl
Dictionary: "NI: user apl"
_lookup_agent: NIAgent
_lookup_validation: 0 0
_shadow_passwd: 
_writers_hint: apl
_writers_passwd: apl
_writers_picture: apl
_writers_tim_password: apl
authentication_authority: ;basic;
gid: 20
hint: 
home: /Users/apl
name: apl
passwd: wfqgzHTjnHZdo
picture: /Library/Caches/com.apple.user501pictureCache.tiff
realname: Anthony Lawrence
sharedDir: Public
shell: /bin/bash
uid: 501
+ Category: user
+ Time to live: 43200
+ Age: 0 (expires in 43200 seconds)
+ Negative: No
+ Cache hits: 0
+ Retain count: 4
 

The most important thing here I want you to notice is the

Dictionary: "NI: user apl"
 

That tells us that the information was taken from the NI or NetInfo database. "Well, duh", you might say, "you said lookupd looks in NetInfo". Correct. But it doesn't have to look there.

bash-2.05a$ lookupd -d
lookupd version 272 (root 2002.07.27 09:40:39 UTC)
Enter command name, "help", or "quit" to exit
> hostWithName: website
Dictionary: "FF: host website"
_lookup_agent: FFAgent
_lookup_validation: /etc/hosts 1059737278
ip_address: 64.226.42.29
name: website
+ Category: host
+ Time to live: 43200
+ Age: 0 (expires in 43200 seconds)
+ Negative: No
+ Cache hits: 0
+ Retain count: 3


> hostWithName: www.aplawrence.com
Dictionary: "DNS: host aplawrence.com"
_lookup_DNS_domain: com
_lookup_DNS_server: 10.0.0.2
_lookup_DNS_time_to_live: 1800
_lookup_DNS_timestamp: 1063723342
_lookup_agent: DNSAgent
_lookup_info_system: DNS
ip_address: 64.226.42.29
name: aplawrence.com www.aplawrence.com
+ Category: host
+ Time to live: 43200
+ Age: 0 (expires in 43200 seconds)
+ Negative: No
+ Cache hits: 0
+ Retain count: 4

When I asked for "website", it found that in the FF (Flat File) dictionary; in this case /etc/hosts.

You may find a note in /etc/hosts (and in some books and on-line references) that says it is not used except in single user mode. That's incorrect for current versions.

However, when I asked for www.aplawrence.com, the answer came from DNS.

Lookup Order

Next question: where does it look first?

That's a pretty easy question to answer.

sh-2.05a$ lookupd -configuration

ConfigSource: default
LookupOrder: Cache NI DS
MaxIdleServers: 4
MaxIdleThreads: 2
MaxThreads: 64
TimeToLive: 43200
Timeout: 30
ValidateCache: YES
ValidationLatency: 15
_config_name: Global Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Host Configuration

LookupOrder: Cache FF NI DS
_config_name: Service Configuration

LookupOrder: Cache FF NI DS
_config_name: Protocol Configuration

LookupOrder: Cache FF NI DS
_config_name: Rpc Configuration

TimeToLive: 60
ValidateCache: NO
_config_name: Group Configuration

TimeToLive: 300
ValidateCache: NO
_config_name: Initgroup Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Network Configuration
 

There's a lot here; as we noted earlier, NetInfo is responsible for a lot of stuff. You might think the very last line (Network Configuration) is what we'd be zooming in on, but actually it's the Host Configuration; you can tell that by noting that both the "website" and the "www.aplawrence.com" lookups included

+ Category: host
 

So, according to lookupd, NetInfo will search Cache FF DNS NI DS, in that order. The meaning of those letters after the obvious Cache is:


Lookupd calls these "agents"; you can see that in the various output examples here. There are other agents: Ldap and NIS can also be used. See the lookupd man page for details.

I added "www.aplawrence.com" to /etc/hosts, and then:

bash-2.05a$ lookupd -d 
lookupd version 272 (root 2002.07.27 09:40:39 UTC)
Enter command name, "help", or "quit" to exit
> hostWithName: www.aplawrence.com
Dictionary: "FF: host website"
_lookup_agent: FFAgent
_lookup_validation: /etc/hosts 1063725658
ip_address: 64.226.42.29
name: website www.aplawrence.com
+ Category: host
+ Time to live: 43200
+ Age: 0 (expires in 43200 seconds)
+ Negative: No
+ Cache hits: 0
+ Retain count: 4
 

Great. It does in fact look in /etc/hosts first. But what if you want to change the order? You'd think that would be easy. It's fairly easy with resolv.conf on other Unixes, and even nsswitch.conf, while a little more complicated, isn't all that difficult.

Mac OS X, unfortunately, makes this into a Major Production. Worse, there's a lot of conflicting information out there on the internet. That's probably due to changes as Mac OS X has evolved, the common core of Darwin, and also that there's often more than one way to do anything. With that in mind, keep anything you find well flavored with salt: it MIGHT be the right advice for whatever OS X is when you read it, but things also may have changed. For reference, I tested on Mac OS X 10.2.6 build 6L60.

To reorder my lookups, I did this:

sudo mkdir /etc/lookupd
sudo echo LookupOrder Cache NI DNS FF DS  > /etc/lookupd/hosts
sudo kill -1 `cat /var/run/lookupd.pid`
 

After this change, lookupd resolved from DNS first, as shown both by "lookupd -configuration" and by an actual lookup:

bash-2.05a$ lookupd -d
lookupd version 272 (root 2002.07.27 09:40:39 UTC)
Enter command name, "help", or "quit" to exit
> hostWithName: www.aplawrence.com
Dictionary: "DNS: host aplawrence.com"
_lookup_DNS_domain: com
_lookup_DNS_server: 10.0.0.2
_lookup_DNS_time_to_live: 1156
_lookup_DNS_timestamp: 1063734909
_lookup_agent: DNSAgent
_lookup_info_system: DNS
ip_address: 64.226.42.29
name: aplawrence.com www.aplawrence.com
+ Category: host
+ Time to live: 43200
+ Age: 0 (expires in 43200 seconds)
+ Negative: No
+ Cache hits: 0
+ Retain count: 4
 

To put my original lookup order back, I simply did:

rm -r /etc/lookupd
sudo kill -1 `cat /var/run/lookupd.pid`
 

The /etc/loookupd directory did NOT previously exist on my machine! If it had, you'd definitely want to make a safe copy of it prior to doing any of this, and you wouldn't remove it to reinstate your original configuration.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> MacOSX lookupd and NetInfo



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Tony Lawrence



Kerio Samepage


Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us