Getting DNS Up and Running on Mac OS X Server
Mac OS X Server comes with BIND 8.2.3 release installed by default. Great; so now what do you do with it?
First of all you can set up a non-authoritative server just by turning on the option in the Server Admin application. This will allow you to lookup domains from the root servers and cache the results. However, if your ISP already provides you with working DNS servers, there probably isn’t much point in hosting this yourself. Your ISP will most likely have faster machines on faster connections. Also, since they get more queries, their name server cache will be larger and reduce your lookup times.
However, if you are behind NAT and want to have your Mac OS X Server run a little smoother, plus make Windows file sharing actually work, you will want to spend a few minutes setting up your DNS records.
There are essentially three files that you need to mess with.
The first one is the domain file. This is a forward map of your fully qualified domain names to IP address. Essentially, this maps www.afp548.com, for instance, to 66.92.146.93. Before you start you will want to sit down for a bit and map out your IP addressing scheme that you wish to use. For example we are going to map out the apf548.com empire in this exercise. So we want records for the router at 10.0.1.1, we are behind an airport NAT (not really, but we’ll pretend), the server at 10.0.1.10, the TiBook at 10.0.1.11, the HP 5MP at 10.0.1.20, and a DHCP range at 10.0.1.100-105. Since we host a number of virtual domains on our webserver, 10.0.1.10, we will also want to include them.
Now that you have your numbering scheme down you have to put that into a file. Apple thoughtfully includes a sample version that we are going to use to make life easier. Drop down to the Terminal.
cp /etc/named.conf ~/Documents/named.conf cp /var/named/db.example.default ~/Documents/db.afp548 cp /var/named/db.192.249.249.default ~/db.10.0.1
Now just so no one gets confused, substitute your domain for afp548.com in the first command and the first three numbers of your IP range for the second one.
This will copy the example databases to your Documents folder in your homefolder. Now you can open the first file, db.afp548.com, in either TextEdit or BBEdit, or even Microsoft Word if you want. First off do a search and replace to change “example.com” with your domain ("afp548.com” in our example).
Now add in your name and the date at the top where Apple has put their little blurb in. Make sure that you are starting any new lines you make with a semicolon, which designates a comment. You will want to make changes to the first uncommented line. After IN SOA put the name of your server that will be running DNS. This sets the authoritative server for your domain. We will be using bigboy.afp548.com. Make sure that you end this name with a period. It sounds strange but its the way it needs to be. The rationale is actually pretty interesting so if you have the desire buy the O'Reilly book on the subject.
Immediately after the period you put in change administrator to and e-mail address that you want any e-mail regarding your domain to be sent to. Since this is just for an internal use only NAT network this doesn’t matter much, but put something in anyway. Now skip past the rest of the numbers, these just designate the time to live for the records, and head on down to the uncommented line after “; Name Servers.” Here you need to change ns1 to the name of your DNS server that you set up in on the first line.
Now comes the repetitive bit. Find the line “localhost.afp548.com IN A 127.0.0.1” This is the first actual host record. Leave the first one alone and change all of the rest of the records to match your network. Follow the same format of host.domain.com., remember the trailing period, then a tab, then “IN A” then the actual IP address of the machine. For instance our first record is “bigboy.afp548.com. IN A 10.0.1.10” Simple enough. Now get to work typing.
When you are done find the line that starts with “red.” This is the beginning of the aliases section. Here is where you can setup your virtual hosts. For instance we are going to alias “mail.afp548.com” to bigboy by writing this line “mail.afp548.com. IN CNAME bigboy.afp548.com.” Now get typing again. You should end up with a file like this:
; ; Default db.example file installed by Apple server admin ; afp548.com. IN SOA bigboy.example.coom. mactroll.afp548.com. ( 1 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day ; ; Name servers ; afp548.com. IN NS bigboy.afp548.com. ; ; Addresses for the canonical names ; localhost.afp548.com. IN A 127.0.0.1 bigboy.afp548.com. IN A 10.0.1.10 tibook.afp548.com. IN A 10.0.1.11 hp5.afp548.com. IN A 10.0.1.20 dhcp1.afp548.com. IN A 10.0.1.101 dhcp2.afp548.com. IN A 10.0.1.102 dhcp3.afp548.com. IN A 10.0.1.103 dhcp4.afp548.com. IN A 10.0.1.104 dhcp5.afp548.com. IN A 10.0.1.105 gateway.afp548.com. IN A 10.0.1.1 ; ; Aliases ; mail.afp548.com. IN CNAME bigboy.afp548.com. www.afp548.com. IN CNAME bigboy.afp548.com. test.afp548.com. IN CNAME bigboy.afp548.com. mylaptop.afp548.com. IN CNAME tibook.afp548.com.
Now save this file and move on to db.10.0.1
This one is much along the same lines as the first. To make things easiest do few search and replaces. Swap “example.com” for “afp548.com” and “ns1” with “bigboy” (the name of our DNS server), then “249.249.192” for “1.0.10". This last one is the first three numbers of your network IP address backwards. Again there is a good reason for this, if you aren’t one to just follow along blindly read a book on DNS, have I recommended O'Reilly’s yet?
Now find the uncommented lines after “; Addresses point to canonical name” and start putting in your own records. This is for the reverse entries which match IP address to names. For example our first line is going to be left like it is since 10.0.1.1 should match our gateway. Don’t forget the periods at the end. You should end up with something like this.
; ; Default db.192.249.249 file installed by Apple server admin ; 1.0.10.in-addr.arpa. IN SOA bigboy.afp548.com. admin.afp548.com. ( 1 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day ; ; Name servers ; 1.0.10.in-addr.arpa. IN NS bigboy.afp548.com. ; ; Addresses point to canonical name ; 1.1.0.10.in-addr.arpa. IN PTR gateway.afp548.com. 10.1.0.10.in-addr.arpa. IN PTR bigboy.afp548.com. 11.1.0.10.in-addr.arpa. IN PTR tibook.afp548.com. 20.1.0.10.in-addr.arpa. IN PTR hp5.afp548.com. 101.1.0.10.in-addr.arpa. IN PTR dhcp1.afp548.com. 102.1.0.10.in-addr.arpa. IN PTR dhcp2.afp548.com. 103.1.0.10.in-addr.arpa. IN PTR dhcp3.afp548.com. 104.1.0.10.in-addr.arpa. IN PTR dhcp4.afp548.com. 105.1.0.10.in-addr.arpa. IN PTR dhcp5.afp548.com.
Looking good. Now you need to point BIND, the DNS software, at these two database files. So open up the named.conf file that we copied over to your documents directory and do a few more search and replaces. Swap “example” for “afp548” our domain name. Then swap “249.249.192” for “1.0.10” the first three numbers of our network backwards. And finally “192.249.249” for “10.0.1” the first three numbers forwards. Save this file and go back to the command line.
cd ~/Documents sudo chown root:wheel db.afp548 sudo chown root:wheel db.10.0.1 sudo chown root:wheel named.conf sudo mv db.afp548 /var/named/db.afp548 sudo mv db.10.0.1 /var/named/db.10.0.1 sudo mv named.conf /etc/named.conf
Now stop, if it is already running, and start your DNS server from the Server Admin application. You’re done. Check out our article on how to use dig to check if everything is working.