Am I setting up routes and DNS for a private network properly?


Background

I use a private network router which is a separate host to my desktop. This private (“corporate”) network comes and goes (mostly under my control), and I want to make sure that when it is available my desktop will use the corporate network DNS, but stop using that DNS when the corporate network is not available.

For the sake of concrete examples to work with, my local network uses 172.16.1.0/24 with a DNS server at 172.16.1.1, while the corporate network uses 10.10.0.0/16 with a DNS server at 10.10.1.1.

The private network router uses dnsmasq which I’ve configured something like this:

# /etc/dnsmasq.d/default.dnsmasq
server=172.16.1.1
server=/mycompany.com/it.mycompany.com/mycompany.org/10.10.1.1

Where 172.16.1.1 is my local DNS (on my internet router) and 10.10.1.1 is the corporate DNS which handles DNS for private networks such as our intranet. Thus if I look up “apple.stackexchange.com” it will be resolved by 172.16.1.1 while “confluence.mycompany.com” will be resolved by 10.10.1.1.

So I’ve written a script which basically takes a bunch of CIDRs and configures route for them, then switches to the private network DNS. Here’s a sanitised version of the script for completeness:

#!/bin/sh

networks=( "10.10.0.0/16" "192.168.20.0/24"  )
gateway=172.16.1.10

if ( "$1" = "up" -o "$1" = "on" -o "$1" = "start" ) ; then
    echo "Setting up private configuration"
    for net in ${networks(@)}; do
        /sbin/route add -net $net -gateway $gateway
        /usr/sbin/networksetup -setdnsservers 'Ethernet' $gatewayip
    done
elif ( "$1" = "down" -o "$1" = "off" -o "$1" = "stop" ) ; then
    echo "Shutting down private configuration"
    /usr/sbin/networksetup -setdnsservers 'Ethernet' 'Empty'
    for net in ${networks(@)}; do
        /sbin/route delete -net $net -gateway $gateway
    done
else
    echo "Usage: $0 (start|stop)"
fi

This leads to a slightly bizarre situation where I’m passing all DNS requests through the private router, when the private router is just going to bounce most DNS requests right back to the Internet router. It works, but I don’t think it’s particularly tidy or robust.

The Question

Is there any way to configure macOS DNS similarly to my dnsmasq configuration, where I simply tell my Mac to keep using 172.16.1.1 for DNS except when the domain is mycompany.com or mycompany.org, in which case it it should use 10.10.1.1?