Many corporate networks enforce DNS filtering through services like OpenDNS or Cisco Umbrella. While useful for security, this sometimes leads to false positives - like the recent blocking of freenode.net IRC servers. When you need to bypass these restrictions for specific domains while maintaining corporate DNS for everything else, here's how to implement granular DNS resolution.
On modern Linux systems, we can use systemd-resolved or dnsmasq for domain-specific DNS routing:
# Using systemd-resolved (Ubuntu 18.04+)
sudo mkdir -p /etc/systemd/resolved.conf.d
sudo nano /etc/systemd/resolved.conf.d/freenode.conf
[Resolve]
DNS=8.8.8.8 8.8.4.4
Domains=~freenode.net ~irc.freenode.net
# Restart the service
sudo systemctl restart systemd-resolvedFor older systems or more control, configure dnsmasq:
# Install dnsmasq if needed
sudo apt install dnsmasq
# Edit configuration
sudo nano /etc/dnsmasq.conf
server=/freenode.net/8.8.8.8
server=/irc.freenode.net/8.8.4.4On macOS, we can leverage the powerful scutil command or create a resolver directory:
# Create a custom resolver
sudo mkdir -p /etc/resolver
sudo nano /etc/resolver/freenode.net
nameserver 8.8.8.8
nameserver 8.8.4.4Windows doesn't have native domain-specific DNS routing, but we can use PowerShell to modify the NRPT (Name Resolution Policy Table):
# Run PowerShell as Admin
Add-DnsClientNrptRule -Namespace ".freenode.net" -NameServers "8.8.8.8","8.8.4.4"
# Verify the rule
Get-DnsClientNrptRule | Where-Object {$_.Namespace -like "*freenode*"}For cross-platform consistency, consider running a local DNS proxy like dnsmasq or CoreDNS:
# CoreDNS configuration (corefile)
. {
forward . 10.0.0.1 # Corporate DNS
}
freenode.net {
forward . 8.8.8.8 8.8.4.4
}After configuration, verify with dig/nslookup:
dig irc.freenode.net +short
nslookup irc.freenode.netLook for the Google DNS servers (8.8.8.8/8.8.4.4) in the response.
Many corporate networks enforce OpenDNS filtering, which sometimes incorrectly flags legitimate services like Freenode IRC (irc.freenode.net) as malicious. While OpenDNS provides security benefits, these false positives can disrupt developer workflows - especially when accessing technical resources.
Linux (Ubuntu/Debian) via resolvconf
# Install dnsmasq if not present
sudo apt install dnsmasq
# Create custom resolver config
sudo mkdir -p /etc/resolver
echo "nameserver 8.8.8.8" | sudo tee /etc/resolver/freenode.net
echo "nameserver 8.8.4.4" | sudo tee -a /etc/resolver/freenode.net
# Configure dnsmasq
echo "server=/freenode.net/8.8.8.8" | sudo tee -a /etc/dnsmasq.conf
echo "server=/freenode.net/8.8.4.4" | sudo tee -a /etc/dnsmasq.conf
# Restart services
sudo systemctl restart dnsmasq
sudo systemctl restart NetworkManagerMacOS Using Resolver Files
# Create resolver directory if needed
sudo mkdir -p /etc/resolver
# Create domain-specific resolver
echo "nameserver 8.8.8.8" | sudo tee /etc/resolver/freenode.net
echo "nameserver 8.8.4.4" | sudo tee -a /etc/resolver/freenode.net
# Flush DNS cache
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponderWindows via PowerShell
# Create NRPT rule for Freenode domains
Add-DnsClientNrptRule -Namespace "freenode.net" -NameServer "8.8.8.8","8.8.4.4"
# Verify the rule
Get-DnsClientNrptRule | Where-Object {$_.Namespace -eq 'freenode.net'}
# For GUI alternative:
# 1. Open gpedit.msc
# 2. Navigate to: Computer Configuration > Policies > Windows Settings > Name Resolution Policy
# 3. Create new rule for *.freenode.net with 8.8.8.8,8.8.4.4For quick testing, you can manually map domains in your hosts file:
# Linux/Mac: /etc/hosts
# Windows: C:\Windows\System32\drivers\etc\hosts
91.108.56.123 irc.freenode.net
# Get current IPs using: dig irc.freenode.net @8.8.8.8After implementation, verify with these commands:
# Linux/Mac:
dig irc.freenode.net
nslookup irc.freenode.net
# Windows:
nslookup irc.freenode.net 8.8.8.8
Resolve-DnsName irc.freenode.net -Server 8.8.8.8