How To: Enable BIND - Mac OS X's Built-in DNS Server

From MacShadows KB

Jump to: navigation, search

This tutorial gives a beginner's introduction on how to configure and enable BIND, the built-in DNS server on Mac OS X. Note: I am using Leopard (10.5), so these instructions may not work on older versions of Mac OS.

Advantages to running a local DNS server:

  • DNS cache will make your internet connections respond more quickly since your remote DNS servers need not be contacted for every name lookup.
  • Web developers and network engineers can finally have more control over local domains than is allowed by the /etc/hosts file (i.e. wildcards).


Step 1: Configure rndc

Create a new config file and secret key

rndc is the DNS server configuration utility. Enter the following commands into terminal to generate a new secret key and configuration for rndc:

 sudo -s
 rndc-confgen -b 256 > /etc/rndc.conf
 head -n5 /etc/rndc.conf | tail -n4 > /etc/rndc.key

Watch out!

The rndc-confgen utility is extremely handy for generating new rndc configuration files, but it may set a different default port than named. You can use the following commands to ensure that the port number is the same in both configurations:

 more /etc/named.conf | grep 'inet.*\?port'
 more /etc/rndc.conf | grep '\-port'

If both ports are not the same, it's best to change one before starting BIND.

Step 2: Enable BIND

Configure to Launch at Startup

This should set-up BIND to load up when your computer starts up:

 launchctl load -w /System/Library/LaunchDaemons/org.isc.named.plist
 echo "launchctl start org.isc.named" >> /etc/launchd.conf

Older versions of Mac OS X can try this command:

 echo "DNSSERVER=-YES-" >> /etc/hostconfig

Start BIND


Or you can start it more gracefully through launchctl:

 launchctl start org.isc.named

Step 3: Configure named

This step may require a little research if you have special needs, but I will go over a couple sample configurations for you. We will be dealing mainly with zone files, located in /var/named/ by default.

Senario A: Top-Level Domain

Let's say that you want to have an entire top-level domain default to localhost (Note: this can be extremely useful when combined with Apache Virtual Hosts). For the sake of this tutorial, I'll assume you want that top-level domain to be .local. If you want yours to be something different, make sure you update both the zone file and the named.conf file.

First create the zone file. In Terminal, type:

 vi /var/named/

Press i to engage INSERT mode

Copy and paste the following configuration, replacing with your e-mail address (changing the @ to a period as shown).

$TTL    86400
$ORIGIN local.
@       IN      SOA     localhost. (
                                        42              ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        1D IN NS        @
                        1D IN A

* IN A

Be sure that the final line is empty.

Press ESC then type :wq and hit ENTER to save and quit

Next, we need to update the /etc/named.conf file to tell BIND about our new zone.

 vi /etc/named.conf

Insert the following lines after the existing zone configurations (remember to press i before pasting):

zone "local" IN {
        type master;
        file "";
       allow-update { none; };

Press ESC then type :wq and hit ENTER to save and quit

Step 4: Reload Configuration

Whenever you happen to make changes to these files, you may need to reload the DNS configuration and zone files.

 rndc reload

If you receive an error, try first using

 rndc stop

You can also flush the DNS cache by using this command:

 rndc flush


Handy Websites

Handy Commands

As many things in *nix environments tend to be, managing your DNS server may seem just a bit more complicated than necessary.

  • rndc is the DNS control utility, used to reload your DNS configuration or restart your DNS server
  • launchctl enables you to launch services such as DNS as a daemon.

See Also

Personal tools