For whatever reason, Apple really likes messing with how I use DNS.
I've written many, many, many times about having to modify OS X's DNS functionality to append search domains when a hostname includes a dot. Every single time I upgrade, this change is broken.
Previously, the workaround had been to add <string>-AlwaysAppendSearchDomains</string>
to the list of program arguments in com.apple.mDNSResponder.plist. Today I learned
that isn't so simple in OS X 10.11 (El Capitan):
Ullr:~ slap$ ls -lO /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
-rw-r--r-- 1 root wheel restricted,compressed 1028 Aug 22 23:40 /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
Apparently, El Capitan includes a feature called System Integrity Protection (SIP) that prevents crucial directories from being modified. In the output above, that's indicated by the "restricted" flag. As of this writing, my research indicates the only way around this is to reboot, disable SIP, make changes, reboot, enable SIP. You can find the procedure outlined on Stack Overflow, but I'll re-print it here for ease of use.
- Reboot.
- Press Cmd+R to enter Recovery mode.
- Open Utilities -> Terminal.
- Run the command
csrutil disable. - Reboot. You are back in OS X with SIP disabled.
- Make your changes.
- Reboot.
- Press Cmd+R to enter Recovery mode.
- Open Utilities -> Terminal.
- Run the command
csrutil enable. - Reboot.
See? No big deal. /sarcasm
The NEW workaround for El Capitan is to make a change to the defaults file (see link above):
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo defaults write /Library/Preferences/com.apple.mDNSResponder.plist AlwaysAppendSearchDomains -bool YES
sudo launchctl load /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
This has done the trick. Hopefully it will survive a reboot and the next upgrade!
