Using a local nameserver on Mac OS X
If you’ve followed most guides floating around on the Web (such as this one) for configuring a local nameserver on Mac OS X, you’ll more than likely be quite happy: you went into System Preferences and set your DNS server IP to 127.0.0.1 so that your server is used instead of your local network’s or your ISP’s.
What happens if you want to use your old DNS server settings as well as your new local nameserver? You might have tried keeping the old IPs in the ‘DNS servers’ field and simply adding 127.0.0.1 to the end of the list—and discovered that this doesn’t work very well at all (it might work, sometimes, but it won’t be at all reliable).
Or, you might have dug a little deeper, and discovered the forwarders stanza for named.conf. On platforms other than Mac OS X, this is the best way to ‘daisychain’ your DNS server: if the answer isn’t found locally, it goes ahead and asks the servers set as the forwarders.
Mac OS X, however, has a notion of ‘locations’. If you use different locations, or indeed use DHCP-supplied DNS server IPs, then setting the forwarders in your named.conf may not be the right thing to do. This is mostly important on laptops which move between networks frequently, but where you still want to be able to resolve your local names.
This is probably best illustrated with an example. Before changing anything, Mac OS X retrieved its DNS server settings from the DHCP server of whichever network you were on. When you’re in the office, this is the local—internal—DNS server that carries the zone for your intranet (let’s say it’s www.intra), and some other machines (e.g., fileserver.intra, laserjet.intra). When you’re at home, that DNS server isn’t accessible. This doesn’t matter, because your ADSL router at home supplies its own IP as the DNS server.
Next, you configure your local nameserver and change your networking settings so that Mac OS X will use it for name resolution. Although this works fine for most things, you can’t resolve any names within the intra domain, because your local DNS server doesn’t know how.
So you try setting the forwarders stanza to the IP of your internal DNS server in the office: success! You can now resolve names served locally as well as names within intra. Then you take your laptop home, and discover that you can’t do anything: name resolution just times out because your local nameserver is still trying to forward requests onto your office’s internal DNS server, which it can’t reach.
The solution, on Mac OS X, is to not use forwarders at all. Instead, use a facility built in to Mac OS X’s name resolution framework: multiple parallel DNS servers. Mac OS X uses this facility itself to support Bonjour at the same time as normal DNS resolution, and we’re going to use it in the same way. Thankfully, it’s very easy to set up.
Assuming your local DNS server is working properly, doesn’t have a forwarders stanza, and your network settings are reset to their previous state (i.e., they’re just set to whatever your old nameservers were), you just need to create a file in /etc/resolver (you can use sudo nano -w /etc/resolver/localhost, for example), containing the following:
nameserver 127.0.0.1
domain localhost
port 53
timeout 1
Next, you need to tell the name resolution helper process to re-read its configuration and flush its cache: sudo killall -HUP lookupd
Then, because the nameserver on your local machine only needs to serve local names, you can get rid of the zone “.” block in named.conf: this block (called a stub or a hint zone) is responsible for telling named how to pass requests it can’t handle onto the root nameservers. We don’t need that functionality, as Mac OS X will handle that for us. Don’t forget to rndc reload when you’ve finished making changes.
Finally, you can use ping to test it: you should be able to resolve names from your local nameserver, your office’s nameserver and external names without issue. Once you take your machine home, things will just work as you’d expect: all you’ve done is tell Mac OS X to use your local nameserver in parallel to whatever else is set in System Preferences.
(To check that the nameserver on your local machine is working properly, use host dnsname 127.0.0.1, where dnsname is a hostname that you know is served by your local resolver. If this doesn’t return the right response, it means that the local nameserver itself is broken, rather than anything to do with Mac OS X’s resolving architecture).
