nslookup & dig fail; ping, traceroute, and scutil -r work

Solution 1:

I'm still not sure what was causing the problem, but after suffering from another seemingly unrelated issue, I did a complete re-install of 10.8. I had originally upgraded from 10.6 -- though the utilities had seemed to work fine for a while after the initial upgrade, my suspicion is that I did something to some unknown-to-me configuration while attempting to diagnose/resolve the other issue (something that apparently disabled some aspects of DNS access).

After the re-install, all DNS-related utilities are now working fine.

Solution 2:

I would dig into the results of:

 scutil --dns

And check that no firewall is blocking DNS packets (little snitch, IPFW, Apple's Application Firewall, etc…) and that port 53 is open between your Mac and the DNS servers listed from your scutil dumping of DNS options that are configured and in use.

Pay specific attention to the bottom of this command - the DNS configuration (for scoped queries) portion is what is used for looking up actual hosts.

Solution 3:

For those searching around:

I was also hitting a wall with this issue, where ping and scutil were working with expected results but the dig command failed on everything - google, local network, company network, etc...

The issue was that dig was not able to read my /etc/resolv.conf file.

I fixed it with a quick chmod on my resolv.conf file.

sudo chmod 644 /etc/resolv.conf

This will make your resolv.conf file readable by all users, but only writable by the file owning user (which usually is root). This may not fix your problem, but it is a very quick and non-damaging step that you can take while you are trying to cover all the bases.