Am I setting up routes and DNS for a private network properly?


I use a private network router which is a separate host to my desktop. This private (“corporate”) network comes and goes (mostly under my control), and I want to make sure that when it is available my desktop will use the corporate network DNS, but stop using that DNS when the corporate network is not available.

For the sake of concrete examples to work with, my local network uses with a DNS server at, while the corporate network uses with a DNS server at

The private network router uses dnsmasq which I’ve configured something like this:

# /etc/dnsmasq.d/default.dnsmasq

Where is my local DNS (on my internet router) and is the corporate DNS which handles DNS for private networks such as our intranet. Thus if I look up “” it will be resolved by while “” will be resolved by

So I’ve written a script which basically takes a bunch of CIDRs and configures route for them, then switches to the private network DNS. Here’s a sanitised version of the script for completeness:


networks=( "" ""  )

if ( "$1" = "up" -o "$1" = "on" -o "$1" = "start" ) ; then
    echo "Setting up private configuration"
    for net in ${networks(@)}; do
        /sbin/route add -net $net -gateway $gateway
        /usr/sbin/networksetup -setdnsservers 'Ethernet' $gatewayip
elif ( "$1" = "down" -o "$1" = "off" -o "$1" = "stop" ) ; then
    echo "Shutting down private configuration"
    /usr/sbin/networksetup -setdnsservers 'Ethernet' 'Empty'
    for net in ${networks(@)}; do
        /sbin/route delete -net $net -gateway $gateway
    echo "Usage: $0 (start|stop)"

This leads to a slightly bizarre situation where I’m passing all DNS requests through the private router, when the private router is just going to bounce most DNS requests right back to the Internet router. It works, but I don’t think it’s particularly tidy or robust.

The Question

Is there any way to configure macOS DNS similarly to my dnsmasq configuration, where I simply tell my Mac to keep using for DNS except when the domain is or, in which case it it should use