New Mac – DNS (BIND), Part 1

I’m writing this blog entry to share my experiences with the setting up of a local DNS server to ease some of the pains of testing local sites on virtual machines. When I initially started this entry the only text I could think to write was “I wish I knew what I was doing…” Now, after tons of reading and fiddling, I know much better what I’m doing, but I should note that I am by no means an expert at this. I may be making my laptop incredibly vulnerable to DoS attacks or worse. Before you embark on this make sure that you either have an expert level understanding of BIND and DNS or you have a backup system in place that would make catastrophic failure acceptable.

Initial Attempts

First, I tried to follow a lot of the directions out there on the web. Everything seemed so simple and yet I continued to have problems. Things didn’t work, things broke, and then, since I wasn’t disciplined in my testing, things stayed broken until I reverted every change I had made and started again with a disciplined approach. For those who’ve never traveled this path before, take heed, don’t do what I did.

Trying Again, Setting Up For Iterative Tests

Starting over, the first thing I did was to define a test procedure. Some of the times my DNS server may have worked might have been masked by other problems. That eventual test procedure became rather complex because I wanted to make sure I had all of my bases covered. First, I tested my environment to make sure that I wasn’t going to get false positives or failures.

  1. Ensure the webserver responds to requests with the host name and IP address that is to be defined with DNS. My test method for this was to modify /etc/hosts and include the IP address and hostname for my Apache virtual host and then see if I could resolve that page.
  2. Ensure that /etc/hosts does not contain the hostname I’m attempting to test. That would of course result in a false positive of the DNS server working. Basically, this is reverting the previous test.
  3. Add 127.0.0.1 as a DNS server to all available network adapters under network preferences. For me this was just my wired and wireless ethernet adapters. A whole lot of good a DNS server does if you don’t use it!

Enabling BIND, Adding A Host

The steps here are tested on Mac OS X 10.5.5 and may not work for other versions. So far as I can tell in my reading, this method should work for both Tiger and Leopard. All of the software necessary comes with Leopard and is just not provided a GUI in the client version.

  1. Set up rndc. rndc is a utility used to manage the BIND instance. It needs to be configured and linked into the BIND configuration file. Using some code I found at the most helpful place on the net for what I’m trying to accomplish with one addition, I ran this:


    rndc-confgen > /etc/rndc.conf
    head -n5 /etc/rndc.conf |tail -n4 > /etc/rndc.key
    sed -e 's/port 54/port 953/g' /etc/named.conf > /etc/named2.conf
    mv –f /etc/named2.conf /etc/named.conf

  2. Setting up BIND (named). Now, all that is left is to tell BIND to start. That is a simple one-line command that enables it both immediately and upon restart.


    sudo launchctl load -w /System/Library/LaunchDaemons/org.isc.named.plist

  3. Setting up your own zone. I generally use the format http://mytestsite/ for defining my virtual hosts, I find it quite clean. To me that meant that I should probably just set up my new zones to completely mirror the way that the default zone, localhost, is set up. Some code to do that looks like this:


    sed -e 's/localhost/myhostname/g' /var/named/localhost.zone > /var/named/myhostname.zone

    Next I added a section to named.conf that looks something like this:


    zone "myhostname" IN {
    type master;
    file "myhostname.zone";
    allow-update { none; };
    };

That should get everything set up just right.

Testing BIND

  1. Restart the computer. I don’t know that this is necessary, but why not go ahead and test that named does start up on boot.
  2. See if your DNS Server is running.


    rndc status

  3. See if your DNS Server is responding. Make sure you get a positive response. If not review the log (/Libray/Logs/named.log) and Google the error message(s).


    nslookup myhostname 127.0.0.1

  4. Ensure that your webserver is started.
  5. Try browsing to your new host.

If all of that works, you’re done!

Next Steps

That finishes getting a DNS server on Leopard, but for those who’ve been paying attention, that isn’t my end goal. I want to be able to use this DNS server to quickly and easily have access to all of these hosts from within my virtual machines. I’ve not done that yet, so I’ll let you know how that turns out when I’m done with it.