OS X BIND Config Cleanup

Posted on in System Administration

Before we can start running BIND on OS X, we have to make a few configuration changes. Although BIND is pre-installed in Mac OS X 10.4 (Tiger), it's not ready to run right out of the box. We've already created our Startup Item, but now we need to cleanup a few problems in the BIND configuration before we can start running our caching-only name server.

Update /etc/hostconfig.
You may have noticed in our BIND Startup Item that we referred to a variable called ${DNSSERVER}. This variable is set in the /etc/hostconfig file. Using your favorite text editor, add the the following line to the end of the file.

DNSSERVER=-YES-

That's all there is to that. If you want to disable BIND sometime in the future, simple change that 'YES' to 'NO' and you're done.

Add RNDC Configuration Files.
RNDC is short for "Remote Name Daemon Control". Although we won't enable the "Remote" part of that, it is useful for doing things like flushing the name cache or reloading the configuration of a running name server. We're going to run an application called rndc-confgen to generate the values we need for our two new configuration files: /etc/rndc.conf and /etc/rndc.key. Let's create the files before hand. As always, the '\$' indicates the shell prompt and should not be typed.

$ sudo touch /etc/rndc.conf
$ sudo touch /etc/rndc.key

The file rndc.conf contains information regarding how the rndc application should communicate with the BIND daemon. The rndc.key file contains key information used by rndc and BIND. We'll run rndc-confgen -p 54 from the command line to automatically generate the data we need for these files. Here's an example.

$ rndc-confgen -p 54
# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "Ebd1XQUSxfQxw78FG9HERA==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 54;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "Ebd1XQUSxfQxw78FG9HERA==";
# };
#
# controls {
#       inet 127.0.0.1 port 54
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

Using your favorite text editor, add the key{}; and options{}; stanzas to /etc/rndc.conf. Next, update /etc/rndc.key with just the key{}; stanza. Don't forget to save!

That should be all the changes necessary to the configuration files.

Related Reading:

Slaptijack's Koding Kraken