oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

Implementing BIND on Mac OS X

by Jason Deraleau

Editor's note: The Berkeley Internet Name Domain distribution, or BIND, is a suite of Unix utilities that works with the Domain Name System. The nslookup and dig utilities are a part of the BIND distribution, but the named DNS server is what people most often refer to as BIND. The DNS server portion is what Jason will be focusing on in this article.

If you are new to DNS, then you might want to wait for Dan Benjamin's article in which he'll introduce you to the concepts behind DNS, especially as it applies to Mac OS X system administrators. (It should run within a week or two.) After having absorbed that information, you can then return here to read about BIND. If you'd like to do a little background reading right now, take a look at Alan Graham's Homemade Dot-Mac with OS X and James Duncan Davidson's Setting Up a Site Server with Jaguar.

Getting BIND

Mac OS X 10.2 "Jaguar" includes the BIND suite. The current release of Mac OS X (10.2.5) includes version 8.3.4-REL of BIND. The named daemon is located in the /usr/sbin folder by default. Apple has also provided a SystemStarter bundle for BIND, which is located in /System/Library/StartupItems/BIND. If you are not running Jaguar or would like to run the latest version of BIND, you can download the source distribution of BIND from the Internet Software Consortium's web site. The instructions below will help you get the most recent release of BIND (9.2.2-REL). If you wish to use the version of BIND that is included with Jaguar, you can skip ahead to the "Launching BIND at Startup" section.

Installing BIND 9

Compiling BIND requires the Mac OS X Developer Tools. If you do not have the Developer Tools, you can download them from Apple's Developer Connection. The commands below will help you download and install BIND 9.2.2-REL on your system:

% cd ~/Desktop
% curl -O
% tar zxvf bind-9.2.2.tar.gz
% cd bind-9.2.2
% ./configure --prefix=/usr/local/bind9
% make
% sudo make install

Now that you have installed the BIND distribution, you must modify (or create) the necessary SystemStarter bundle. The bundle is located in /System/Library/StartupItems/BIND. The file that you need to change is called BIND. Below is what you will need to make the file contain. To edit the file, use the command sudo pico /System/Library/StartupItems/BIND/BIND:


# BIND name service.

. /etc/rc.common

if [ "${DNSSERVER:=-NO-}" = "-YES-" ]; then
        ConsoleMessage "Starting named"

        /usr/local/bind9/sbin/named -c /etc/named.conf

For those of you who are not using Jaguar, you will first need to create the BIND folder in /Library/StartupItems by using the commands below. You will also need a parameters file, which you can download here. Place the file in the /Library/StartupItems/BIND folder and name it StartupParameters.plist.

% sudo mkdir /Library/StartupItems
% sudo mkdir /Library/StartupItems/BIND

The last step is to give your BIND script executable permissions by using the command sudo chmod 0755 /Library/StartupItems/BIND/BIND.

Launching BIND at Startup

After installing BIND and creating the necessary SystemStarter bundle, edit (or add) the line below in your /etc/hostconfig file. To edit the file, use the command sudo pico /etc/hostconfig.


During your next reboot, SystemStarter will start named automatically. If you are having trouble loading named, be sure to use the Console utility to check your /var/log/system.log file for messages to help you (or others) troubleshoot.


Related Reading

By Paul Albitz, Cricket Liu

Creating DNS Zones

The BIND DNS Server, named, uses flat files to store DNS zone information. Each zone has its own file, which is located in /var/named by default. Within a zone, resource records are used to differentiate the various types of DNS information. The most common resource records are SOA, NS, A, CNAME, and PTR, all of which I will discuss below.

BIND zone files often follow a file-naming convention. Forward lookup zones are named db.domain.ext, such as, while reverse lookup zones are named db.addr, such as db.216.194.67. A semicolon prefaces commenting in zone files and white space is ignored. In the following sections, I will also discuss four different files. Two of the files contain reverse lookup zones, while one other contains a forward lookup zone. The remaining file is what is known as a hint zone.

Hint Zones

The hint zone is kept in a file most often called It contains a list of the root DNS name servers. These servers don't change very often, but a good rule of thumb is to download a new version of the file once a month. You can automate this process by adding the following to your /etc/crontab file:

0 0 1 * * root /usr/bin/curl \ > /var/named/

To load a hint zone, place the entry below in your named.conf file. The zone is declared as ".", which indicates it is the root zone. The type is specified as hint, and the file is the name of the file within the /var/named folder.

zone "." in
    type    hint;
    file    "";

Forward Lookup Zones

Forward lookup zones contain hostname to address DNS mappings. If you want to resolve, your query will end up getting information from a forward lookup zone. The most used resource record in a forward lookup zone is the A record. A records represent a mapping between a hostname and an IP address. For example:     IN  A

This entry would indicate to BIND that the www host within the domain has an IP address of Notice that this entry is broken up into three primary sections: the record name, the resource record type, and the value of the record. Notice also that there is a trailing period at the end of the host portion. Be sure to specify a fully qualified domain name (including the trailing period) in the record name.

Another common record found in forward lookup zones is the CNAME record. CNAME records are used to alias one name to another. You can alias two names that are within the same name space or even to another name space. The example below declares as an alias of and as an alias of            IN  A            IN  CNAME           IN  CNAME

Before you can start entering your various resource records, your zone needs to contain a default TTL and a section called the Start of Authority or SOA record. The default TTL is declared at the beginning of the file and is used for any records that do not specify their own TTL. SOA records contain general information about a zone, such as the name of the zone in question, the administrator's email address, a serial number, and caching information. Below is an example of an SOA record:

$TTL 86400     IN  SOA (
                     2003040101      ; Serial
                     10800           ; Refresh after 3 hours
                     3600            ; Retry after 1 hour
                     604800          ; Expire after 1 week
                     86400 )         ; Minimum TTL of 1 day

The first entry ( represents the zone in question. You can tell it is a forward lookup zone because this contains a domain name instead of an IP network. There is the declaration of the record type (SOA) and then the entry This entry indicates the primary master name server for the zone. The entry tells us the email address of the contact for the zone. In this case, it is It can be any valid email address, just replace the at (@) with a period (.) and put it in your zone file.

The next section of the SOA record contains caching data for the zone. The values given are good for most DNS setups. One important field to note is the serial number. The serial number should be incremented every time a change is made to your zone. If you do not increment it, DNS servers that are caching your entry will not realize that there is new data being used. You can number the zone any way you like, but a common practice is to use the format YYYYMMDDNN. Where NN is a daily version number. In the example SOA, the serial is 2003040101, which would indicate this is the first revision of the zone file on 04/01/03.

Following the SOA record, your zone must contain a listing of name servers that are authoritative for the zone. The example below indicates that the name servers and are authoritative for the domain:          IN  NS          IN  NS

Once your zone contains an SOA record as well as the appropriate NS records, you can start to enter your A records. Below is an example zone for that contains the information we've covered thus far:

; /var/named/ - Zone file for domain
$TTL 86400  ; 1 day          IN  SOA (
                          2003040101      ; Serial
                          10800           ; Refresh after 3 hours
                          3600            ; Retry after 1 hour
                          604800          ; Expire after 1 week
                          86400 )         ; Minimum TTL of 1 day

; name servers          IN  NS          IN  NS

; host to address mappings      IN  A      IN  A      IN  A

To load a forward lookup zone, place the entry below in your named.conf file. The name of the zone is declared as "" The type here is master, which means that the server is a master server for the zone in question. The notify field is used to tell BIND to notify any slave servers of changes to the zone data. Finally, the file indicates which file contains the zone.

zone "" in
    type    master;
    file    "";

Pages: 1, 2

Next Pagearrow