22

I have always used BIND on OSX to provide a local DNS resolver for my local development machines, particularly to facilitate virtual machines accessing my local dev environment.

Foolishly I decided to upgrade to OSX Mavericks overnight and it appears BIND is no longer installed - even when the command line developer tools are added.

Anyone have a suggestion of how to restore this functionality, or if the latest OSX has an alternative DNS solution in place?

Thanks, Steve

steve
  • 2,469
  • 1
  • 23
  • 30
  • Thanks for posting this! I use it for the exact same reason and found myself in the exact predicament. – Camden S. Oct 23 '13 at 15:04
  • Happy to help out - homebrew was my choice in the end (after trial and error) but could always do the legwork of all the compile / make / make install antics from source too I'm sure (basically what Homebrew is doing...) – steve Oct 23 '13 at 15:07
  • I had some "trial and error" as well, so I just put together a little script to boil it down to a single command -- and has worked on all the Macs I've tried thus far. I'll post it as an answer here in case it's helpful to anyone else. – Camden S. Oct 28 '13 at 16:30

7 Answers7

11

Installing Homebrew and using it to installing bind seems the best route.

There are few little "gotcha's", so I put together this bash script to simplify it all.

1) Install Homebrew.

2) Save this file to your Mac as "ConfigureBrewBindOnOSX10_9.sh" and run it (sh ./ConfigureBrewBindOnOSX10_9.sh) , or run it's commands line-by-line by hand (if you want to see more detail as you go.

Contents of ConfigureBrewBindOnOSX10_9.sh

#!/bin/bash

# Last Updated: Jun 17, 2014
# camden@arrowtech.net
#
# Run as root or sudo the commands that need it as you go.

# 1) USE HOMEBREW TO INSTALL BIND

brew install bind

# 2) CONFIGURE BIND

# Create a custom launch key for BIND

/usr/local/sbin/rndc-confgen > /etc/rndc.conf
head -n 6 /etc/rndc.conf > /etc/rndc.key

# Set up a basic named.conf file.
# You may need to replace 9.10.0-P2 with the current version number if it is out of date.

cat > /usr/local/homebrew/Cellar/bind/9.10.0-P2/etc/named.conf  <<END
//
// Include keys file
//
include "/etc/rndc.key";

// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.

//
// Default controls
//
controls {
        inet 127.0.0.1 port 54 allow {any;}
        keys { "rndc-key"; };
};

options {
        directory "/var/named";
};

// 
// a caching only nameserver config
// 
zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
    allow-update { none; };
};

logging {
        category default {
                _default_log;
        };

        channel _default_log  {
                file "/Library/Logs/named.log";
                severity info;
                print-time yes;
        };
};

END

# Symlink Homebrew's named.conf to the typical /etc/ location. 
ln -s /usr/local/homebrew/Cellar/bind/9.10.0-P2/etc/named.conf /etc/named.conf 


# Create directory that bind expects to store zone files

mkdir /var/named

curl http://www.internic.net/domain/named.root > /var/named/named.ca


# 3) CREATE A LuanchDaemon FILE: 

cat > /System/Library/LaunchDaemons/org.isc.named.plist <<END
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Disabled</key>
        <false/>
        <key>EnableTransactions</key>
        <true/>
        <key>Label</key>
        <string>org.isc.named</string>
        <key>OnDemand</key>
        <false/>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/sbin/named</string>
                <string>-f</string>
        </array>
        <key>ServiceIPC</key>
        <false/>
</dict>
</plist>
END

chown root:wheel /System/Library/LaunchDaemons/org.isc.named.plist 
chmod 644 /System/Library/LaunchDaemons/org.isc.named.plist 

# Shutdown bind (if it was running)
#launchctl unload /System/Library/LaunchDaemons/org.isc.named.plist


# Launch BIND and set it to start automatically on system reboot.
launchctl load -wF /System/Library/LaunchDaemons/org.isc.named.plist

Let me know if you need any help, I've successfully configured this on quiet a few machines.

Camden S.
  • 2,185
  • 1
  • 22
  • 27
9

You can install bind with Homebrew: http://brew.sh/

Tony Legrone
  • 116
  • 2
  • Accepting this as I used Homebrew in the end. See my comments above for an idea how I used it, symlinking seemed better than the named and rndc files being overwritten (potentially) with future OS updates. – steve Oct 23 '13 at 14:54
  • 2
    I've updated the brew file to generate initial config files (to match the system install in Mountain Lion) as well as include a launchd plist. Though it's not merged in yet, you can see the updated file here: https://github.com/mxcl/homebrew/pull/23598 Use `brew edit bind` to open the formula for BIND, and copy in my forked version, and reinstall with brew. – jcoleman Oct 25 '13 at 19:22
  • @jcoleman I wish your comment was an answer I could vote up and star – digitalextremist Oct 27 '13 at 14:54
  • @digitalextremist: Thanks! I've added it as an answer. – jcoleman Oct 27 '13 at 20:30
7

Install BIND9 using Homebrew. The current brew install isn't as complete as I'd like, so when I ran into this issue myself, I updated the brew file to generate initial config files (to match the system install in Mountain Lion) as well as include a launchd plist.

Though my changes haven't been merged in yet, you can see the updated file here: github.com/mxcl/homebrew/pull/23598 Use brew edit bind to open the formula for BIND, and copy in my forked version, save, and reinstall with brew using brew install bind.

jcoleman
  • 503
  • 3
  • 14
2

Men & Mice is offering BIND installers for free at http://support.menandmice.com/download/bind/macosx/10.9-Mavericks/

MacOS X 10.4 (PPC), 10.5/10.6 (x86) and 10.7/10.8 (and new) 10.9 (x86_64)

Here is my recommendation for a basic "/etc/named.conf" file for BIND 9.9.4. Many basic configuration recommendations in the Internet and templates from BIND installations in Linux/BSD distributions have not been updated to recent updates in BIND and are not optimal (although they continue to work)

// BIND named.conf caching only DNS server
// configuration file for 
// BIND 9.7 and up
options {
    // set the DNS servers "home" directory
    // all files with relative path names
    // will be read or written from this
    // directory
    directory "/var/named";
    // disable query-logging on start
    // query-logging can be enabled using
    // "rndc querylog"
    querylog no;
};

// automatic empty zone for the "localhost" name
zone "localhost" IN {
   type master;
   database "_builtin empty . nothing.invalid.";
};

// logging template for a caching DNS server
logging {
   channel syslog { syslog daemon; severity info; };
   channel security { file "security.log" versions 10 size 50M; print-time yes; };
   channel query_log {
     file "query.log" versions 10 size 50M; severity debug; print-time yes;
   };
   category general       { syslog; };
   category security      { security; };
   category queries       { query_log; };
   category dnssec        { security; };
   category default       { syslog; };
   category resolver      { syslog; };
   category client        { syslog; };
   category query-errors  { query_log; };
   category edns-disabled { syslog; };
};

Some comments:

  • rndc.key does not need to be imported using an import statement. if no dedicated rndc configuration is present, rndc.key will be read by named on startup by default

  • if no "control" block is defined, the defaul control statement is being used. The default control configuration is

    controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; };

  • never specify "query-source" with an port number for an caching DNS server (I would prefer not to see it even it commented out, someone might enable it and create a security hole), it is a security risk (it disables UDP port randomization abd therefor enables easy DNS cache spoofing)

  • no need to specify an empty zone for "0.0.127.in-addr.arpa.", as it is (among a couple of other empty zones) in the default BIND config since version 9.5.x
  • the zone specification for "localhost" shows how to define an empty zone that does not require an extra zonefile on disk
  • for caching DNS servers that operate in the Internet DNS, I highly recommend to use the "root.hints" (list of root DNS servers) that is build into the BIND by not specifying a zone of type "hint". The "build-in" root hints are updated every time the BIND program is updated.
  • the logging statement gives a list of logging categories that are interesting for a caching DNS server. "query-logging" (logs all queries received by the DNS server) can hurt the performance of a busy DNS server (> 1000 queries per second), it is disabled in the option block but can be enabled (toggled) using "rndc querylog". The status of the querylog function (enabled/disabled) can be looked up using "rndc status"
Carsten Strotmann
  • 21
  • 3
1

Try this http://blakeembrey.com/articles/local-development-with-dnsmasq/

It worked well for me after installed mavericks.

Azadious
  • 162
  • 2
  • 10
1

Bind is installed in Mavericks. Just files have moved. You can find all the zone files in /Library/Server/named/.

Apple actually have done a good job going for a more compliant implementation compared to 10.6.8.

It's easy to modify the files by hand.

My $0.02

LL

Long Lane
  • 19
  • 1
  • 5
    That server folder only appears once you've installed the OSX Server app (or if you have it from a previous OSX install). If you do use the server.app it overwrites any manual changes to the config files. – steve Dec 05 '13 at 22:31
1

I used to use a local DNS server running on the MAC until I discovered DNSMasq on DD-WRT

I setup a DD-WRT router for my LAN and WIFI and then used the DNSMasq feature of DD-WRT to list all entires that should map to development machines.

Log into your DD-WRT router:

Under Services, Enable DNSMasq

Under "Additional DNSMasq options" list each entry you want to mask:

address=/[url]/[ip]

Examples:

address=/www.dev.mysite.com/192.168.1.10
address=/photos.dev.mysite.com/192.168.1.11
address=/static.dev.mysite.com/192.168.1.12

This is almost like running your own DNS server on the router just for local addresses but without the overhead.

This way I can connect to local development machines via the LAN and all mobile devices via WIFI without much hassle.

Advantages:

  • No DNS server overhead on your MAC
  • No DNS configuration required just works via DHCP
  • Easily connect mobile devices via WIFI to development machines!
  • Easy to maintain & configure via router interface
George Filippakos
  • 16,359
  • 15
  • 81
  • 92
  • I also use dnsmasq (install with brew) since the configuration is extremely simple. The only downside of running it on your machine is other computers on your network won't benefit from it (possibly open the ports up? but if your IP is dynamic...). This router is a rockstar for having it on board. DNSMasq is a very good tool when you don't need the monstrosity of BIND. – Tom Mar 18 '14 at 15:51