nself dns-setup

Write a local DNS resolver entry so that *.local.nself.org resolves to 127.0.0.1 on macOS. Idempotent — checks existing state before writing.

Quick start

nself dns-setup

Synopsis

nself dns-setup [FLAGS]

Description

nself dns-setup writes /etc/resolver/local on macOS so the system resolver routes all *.local.nself.org lookups to 127.0.0.1 on port 5353 (the dnsmasq instance managed by nSelf). This enables your local stack to be reachable at URLs likeapi.local.nself.org without editing /etc/hosts per service.

The command is idempotent: it reads /etc/resolver/local before writing and skips the admin prompt entirely if the file already contains the correct content. This prevents stacked macOS admin dialogs when running in CI or during CRUNCH parallel agent workflows.

On macOS, writing to /etc/resolver/ requires elevated privileges. The CLI invokes osascript with administrator privileges once, only when the resolver is not yet configured.

This command is called automatically by nself trust and nself dev bootstrap. You normally only need to run it directly when troubleshooting DNS resolution issues.

macOS only. On Linux, nSelf adds entries to /etc/hosts instead. On Windows (WSL2), the same approach applies inside the WSL environment.

Flags

Flag	Type	Default	Description
`--dry-run`	bool	false	Print what would be written without making changes
`--force`	bool	false	Overwrite `/etc/resolver/local` even if it already exists
`--domain`	string	`local.nself.org`	Override the wildcard domain to configure
`--port`	int	5353	DNS port for the resolver entry

Examples

Standard setup

nself dns-setup
# Checking /etc/resolver/local...
# ✓ Already configured — skipping (no admin prompt needed)

nself dns-setup
# Checking /etc/resolver/local...
# Not found. Writing resolver entry...
# [macOS admin prompt appears once]
# ✓ /etc/resolver/local written
# ✓ *.local.nself.org → 127.0.0.1

Preview without writing

nself dns-setup --dry-run
# Would write /etc/resolver/local:
#   nameserver 127.0.0.1
#   port 5353

Verify DNS is working

# After running dns-setup, verify resolution:
dig api.local.nself.org @127.0.0.1 -p 5353
# Should return: 127.0.0.1

# Or use the CLI health check:
nself doctor --category network

Use with a custom local domain

nself dns-setup --domain local.myapp.dev
# Writes resolver for *.local.myapp.dev → 127.0.0.1

What gets written

# /etc/resolver/local
nameserver 127.0.0.1
port 5353

macOS reads files under /etc/resolver/ and applies them as per-domain resolver configuration. The filename (local) matches the TLD being resolved.

Exit codes

0 — resolver configured (or already correct, no-op)
1 — write failed (permission denied without admin escalation)
2 — unsupported OS

nself dev bootstrap — one-shot setup that includes dns-setup
SSL Setup — configure local HTTPS certificates
nself doctor --category network — verify DNS resolution

nself dns-setup

Write a local DNS resolver entry so that *.local.nself.org resolves to 127.0.0.1 on macOS. Idempotent — checks existing state before writing.

Quick start

nself dns-setup

Synopsis

nself dns-setup [FLAGS]

Description

On macOS, writing to /etc/resolver/ requires elevated privileges. The CLI invokes osascript with administrator privileges once, only when the resolver is not yet configured.

This command is called automatically by nself trust and nself dev bootstrap. You normally only need to run it directly when troubleshooting DNS resolution issues.

macOS only. On Linux, nSelf adds entries to /etc/hosts instead. On Windows (WSL2), the same approach applies inside the WSL environment.

Flags

Flag	Type	Default	Description
`--dry-run`	bool	false	Print what would be written without making changes
`--force`	bool	false	Overwrite `/etc/resolver/local` even if it already exists
`--domain`	string	`local.nself.org`	Override the wildcard domain to configure
`--port`	int	5353	DNS port for the resolver entry

Examples

Standard setup

nself dns-setup
# Checking /etc/resolver/local...
# ✓ Already configured — skipping (no admin prompt needed)

nself dns-setup
# Checking /etc/resolver/local...
# Not found. Writing resolver entry...
# [macOS admin prompt appears once]
# ✓ /etc/resolver/local written
# ✓ *.local.nself.org → 127.0.0.1

Preview without writing

nself dns-setup --dry-run
# Would write /etc/resolver/local:
#   nameserver 127.0.0.1
#   port 5353

Verify DNS is working

# After running dns-setup, verify resolution:
dig api.local.nself.org @127.0.0.1 -p 5353
# Should return: 127.0.0.1

# Or use the CLI health check:
nself doctor --category network

Use with a custom local domain

nself dns-setup --domain local.myapp.dev
# Writes resolver for *.local.myapp.dev → 127.0.0.1

What gets written

# /etc/resolver/local
nameserver 127.0.0.1
port 5353

macOS reads files under /etc/resolver/ and applies them as per-domain resolver configuration. The filename (local) matches the TLD being resolved.

Exit codes

0 — resolver configured (or already correct, no-op)
1 — write failed (permission denied without admin escalation)
2 — unsupported OS

nself dev bootstrap — one-shot setup that includes dns-setup
SSL Setup — configure local HTTPS certificates
nself doctor --category network — verify DNS resolution

nself dns-setup

Quick start

Synopsis

Description

Flags

Examples

Standard setup

Preview without writing

Verify DNS is working

Use with a custom local domain

What gets written

Exit codes

Related

nself dns-setup

Quick start

Synopsis

Description

Flags

Examples

Standard setup

Preview without writing

Verify DNS is working

Use with a custom local domain

What gets written

Exit codes

Related