Articles October 31, 2007 at 7:51 pm

Leopard DNS – The Gui, The Bad, and The Ugly

One of the biggest complaints I heard from other consultants and support folks about Mac OS X Server 10.4 was about how bad it was to work with the DNS GUI. They pined away for Panther or relegated themselves to hand coding their zone files. With Leopard come some welcome changes and a nasty bug.

Read on for more…

The Changes

One of the changes you find is in the
/etc/named.conf file. It has an include to look in /etc/dns where there
are three files that deal with Server Admins GUI settings for DNS.
Those files are,, and These files must be there for the GUI in Server
Admin to function.

Another change is the way zone files are
being handled. At first glance it would look like the zone files are in
/var/named/ but what server admin does is put an include there pointing
to the GUIs zone file which resides in /var/named/zones. There is the
nice warning in both the named.conf and zone files that say “;THE
right before the include statement. What could be a nice result of this
is you can now make changes to the Zone files and they are reflected in
the GUI. You are no longer chained to the once you go CLI you can’t go

Other assorted changes include PTR records, SRV records,
Forwarder IPs, and Recursion settings. PTR records are created on
automatically for your reverse zones. You can then only assign which A
Record is associated with it. SRV files are new to Mac OS X GUI
configuration and you could configure a Mac OS X Server to provide DNS
that would actually work in an AD environment, not that you necessarily
would want to do that. You can now set your Forwarder IPs from the GUI
and restrict which networks can make recursive queries of your DNS
server. All this bodes well for a richer experience with DNS on Mac OS
X Server. 

The Bad and Ugly

While there is a good deal
of improvement in Leopard DNS, there is a nasty bug in the GUI and it
has bitten a few already. When you first create a zone, DO NOT HIT
SAVE. If so you have condemned this zone to have an SOA of
forever. Make sure you edit your NS and A record for NS before hitting
save. If you miss this it can be the source of much frustration and
cursing Leopard DNS. If you heed this word of caution you should be
well on your way to having a productive DNS server on your network.

Ed. Note:

DNS potentially gets even more frustrating because of the auto setup in the Standard mode. The server will create a DNS domain based on the FQDN that you supply during the initial setup. That's nice, but…. it means that you can't resolve any of your other DNS names for that zone as the server only knows the one entry for itself.

Quick fix is to just remove the DNS entry from your network prefs when this happens.

No Comments

  • Well, you at least get DHCP options in Leopard. Although I can’t say there’s much more than that…

    Read the bootpd manpage for how to do the arbitrary options.

    Changing the world, one server at a time.
    Joel Rennich

  • I was amazed to see that I could update the conf file directly and still have GUI access. Saying that, I wasn’t surprised when I entered my AD DNS entries by hand, ran into issues, and had to enter them into the conf file directly. Only two entries show up because of the “duplicate” entries for kerberos and ldap, but everything works and I can still update additional items without overwriting those settings. Hell, I’m happy.

    • There is a bug in the DNS GUI. The effect is to insert terminal dots at the end of some domain names in the configuration file This can be fixed by editing the file with a tool that can look at hidden files, like TextWrangler.

  • What I would like to test when I get a chance is if Leopard finally had DHCP update the DNS A records ..that would be nice, if not, and if we have to use the dhcpd programm for that, can we still use the DNS GUI.

    Also an another note I am curious to seee the results with Wide Area Bonjour, is that a Zone that will populate a separate file in /var/named/zone ?

  • This problem caught me out – BIG TIME. Damn frustrating! This cost me several hours! I’m cursing Apple for this poor design.

Leave a reply

You must be logged in to post a comment.