OSX Mavericks - BIND no longer installed… how to get local DNS server working?

Question

I have always used BIND on OSX to provide a local DNS resolver for my local development machines, particularly to facilitate virtual machines accessing my local dev environment.

Answer 1

You can install bind with Homebrew: http://brew.sh/

Answer 2

Installing Homebrew and using it to installing bind seems the best route.

There are few little "gotcha's", so I put together this bash script to simplify it all.

1) Install Homebrew.

2) Save this file to your Mac as "ConfigureBrewBindOnOSX10_9.sh" and run it (sh ./ConfigureBrewBindOnOSX10_9.sh) , or run it's commands line-by-line by hand (if you want to see more detail as you go.

Contents of ConfigureBrewBindOnOSX10_9.sh

#!/bin/bash

# Last Updated: Jun 17, 2014
# camden@arrowtech.net
#
# Run as root or sudo the commands that need it as you go.

# 1) USE HOMEBREW TO INSTALL BIND

brew install bind

# 2) CONFIGURE BIND

# Create a custom launch key for BIND

/usr/local/sbin/rndc-confgen > /etc/rndc.conf
head -n 6 /etc/rndc.conf > /etc/rndc.key

# Set up a basic named.conf file.
# You may need to replace 9.10.0-P2 with the current version number if it is out of date.

cat > /usr/local/homebrew/Cellar/bind/9.10.0-P2/etc/named.conf  <<END
//
// Include keys file
//
include "/etc/rndc.key";

// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.

//
// Default controls
//
controls {
        inet 127.0.0.1 port 54 allow {any;}
        keys { "rndc-key"; };
};

options {
        directory "/var/named";
};

// 
// a caching only nameserver config
// 
zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
    allow-update { none; };
};

logging {
        category default {
                _default_log;
        };

        channel _default_log  {
                file "/Library/Logs/named.log";
                severity info;
                print-time yes;
        };
};

END

# Symlink Homebrew's named.conf to the typical /etc/ location. 
ln -s /usr/local/homebrew/Cellar/bind/9.10.0-P2/etc/named.conf /etc/named.conf 


# Create directory that bind expects to store zone files

mkdir /var/named

curl http://www.internic.net/domain/named.root > /var/named/named.ca


# 3) CREATE A LuanchDaemon FILE: 

cat > /System/Library/LaunchDaemons/org.isc.named.plist <<END
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Disabled</key>
        <false/>
        <key>EnableTransactions</key>
        <true/>
        <key>Label</key>
        <string>org.isc.named</string>
        <key>OnDemand</key>
        <false/>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/sbin/named</string>
                <string>-f</string>
        </array>
        <key>ServiceIPC</key>
        <false/>
</dict>
</plist>
END

chown root:wheel /System/Library/LaunchDaemons/org.isc.named.plist 
chmod 644 /System/Library/LaunchDaemons/org.isc.named.plist 

# Shutdown bind (if it was running)
#launchctl unload /System/Library/LaunchDaemons/org.isc.named.plist


# Launch BIND and set it to start automatically on system reboot.
launchctl load -wF /System/Library/LaunchDaemons/org.isc.named.plist

Let me know if you need any help, I've successfully configured this on quiet a few machines.

Answer 3

Bind is installed in Mavericks. Just files have moved. You can find all the zone files in /Library/Server/named/.

Apple actually have done a good job going for a more compliant implementation compared to 10.6.8.

It's easy to modify the files by hand.

My $0.02

LL

Answer 4

Install BIND9 using Homebrew. The current brew install isn't as complete as I'd like, so when I ran into this issue myself, I updated the brew file to generate initial config files (to match the system install in Mountain Lion) as well as include a launchd plist.

Though my changes haven't been merged in yet, you can see the updated file here: github.com/mxcl/homebrew/pull/23598 Use brew edit bind to open the formula for BIND, and copy in my forked version, save, and reinstall with brew using brew install bind.

Answer 5

I used to use a local DNS server running on the MAC until I discovered DNSMasq on DD-WRT

I setup a DD-WRT router for my LAN and WIFI and then used the DNSMasq feature of DD-WRT to list all entires that should map to development machines.

Log into your DD-WRT router:

Under Services, Enable DNSMasq

Under "Additional DNSMasq options" list each entry you want to mask:

address=/[url]/[ip]

Examples:

address=/www.dev.mysite.com/192.168.1.10
address=/photos.dev.mysite.com/192.168.1.11
address=/static.dev.mysite.com/192.168.1.12

This is almost like running your own DNS server on the router just for local addresses but without the overhead.

This way I can connect to local development machines via the LAN and all mobile devices via WIFI without much hassle.

Advantages:

• No DNS server overhead on your MAC
• No DNS configuration required just works via DHCP
• Easily connect mobile devices via WIFI to development machines!
• Easy to maintain & configure via router interface

Answer 6

Men & Mice is offering BIND installers for free at http://support.menandmice.com/download/bind/macosx/10.9-Mavericks/

MacOS X 10.4 (PPC), 10.5/10.6 (x86) and 10.7/10.8 (and new) 10.9 (x86_64)

Here is my recommendation for a basic "/etc/named.conf" file for BIND 9.9.4. Many basic configuration recommendations in the Internet and templates from BIND installations in Linux/BSD distributions have not been updated to recent updates in BIND and are not optimal (although they continue to work)

// BIND named.conf caching only DNS server
// configuration file for 
// BIND 9.7 and up
options {
    // set the DNS servers "home" directory
    // all files with relative path names
    // will be read or written from this
    // directory
    directory "/var/named";
    // disable query-logging on start
    // query-logging can be enabled using
    // "rndc querylog"
    querylog no;
};

// automatic empty zone for the "localhost" name
zone "localhost" IN {
   type master;
   database "_builtin empty . nothing.invalid.";
};

// logging template for a caching DNS server
logging {
   channel syslog { syslog daemon; severity info; };
   channel security { file "security.log" versions 10 size 50M; print-time yes; };
   channel query_log {
     file "query.log" versions 10 size 50M; severity debug; print-time yes;
   };
   category general       { syslog; };
   category security      { security; };
   category queries       { query_log; };
   category dnssec        { security; };
   category default       { syslog; };
   category resolver      { syslog; };
   category client        { syslog; };
   category query-errors  { query_log; };
   category edns-disabled { syslog; };
};

Some comments:

• rndc.key does not need to be imported using an import statement. if no dedicated rndc configuration is present, rndc.key will be read by named on startup by default

• if no "control" block is defined, the defaul control statement is being used. The default control configuration is

  controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; };

• never specify "query-source" with an port number for an caching DNS server (I would prefer not to see it even it commented out, someone might enable it and create a security hole), it is a security risk (it disables UDP port randomization abd therefor enables easy DNS cache spoofing)

• no need to specify an empty zone for "0.0.127.in-addr.arpa.", as it is (among a couple of other empty zones) in the default BIND config since version 9.5.x
• the zone specification for "localhost" shows how to define an empty zone that does not require an extra zonefile on disk
• for caching DNS servers that operate in the Internet DNS, I highly recommend to use the "root.hints" (list of root DNS servers) that is build into the BIND by not specifying a zone of type "hint". The "build-in" root hints are updated every time the BIND program is updated.
• the logging statement gives a list of logging categories that are interesting for a caching DNS server. "query-logging" (logs all queries received by the DNS server) can hurt the performance of a busy DNS server (> 1000 queries per second), it is disabled in the option block but can be enabled (toggled) using "rndc querylog". The status of the querylog function (enabled/disabled) can be looked up using "rndc status"