Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Run a caching-only name server UNIX
This one is for you hacking nuts that do absolutely everything possible to optimize your OS X machine.

If you are on a broadband network, then you can slightly optimize your internet access by installing bind, the Berkeley Internet Name Domain server name server as a caching server.

Using this caching nameserver setup should give you instant dns lookups on (pretty much) any hostname that has been used by any application on your machine at any time since the last reboot. Thus, if you access using Fetch, the nameserver will look up the hostname and store it, so that tomorrow when you access it with Internet Explorer the caching nameserver will return the lookup information instantly.

If you'd like to set this up on your machine, read the rest of the article.

[Editor's note: I have not tried this myself yet, and it's a relatively complex hint. I believe I didn't lose anything in the formatting process, but please post if you notice any errors.]

Start by downloading bind (since you won't be migrating, you might as well use the latest version, 9.2) from this link. Unpack it by typing the following:
tar -xzvpf bind-9.2.0.tar.gz
Then, change directories to the bind source directory that you just unstuffed:
cd bind-9.2.0
Next, su to root and type the root password ("su" then enter).

We are going to do the install under /usr/local/. If you do not already have a /usr/local directory, then make one:
mkdir /usr/local
bind uses autoconf, so that compilation is easy. Type the following:
./configure --prefix=/usr/local --mandir=/usr/local/share/man
After several minutes, it will have configured all the appropriate files.
Then type the following:
After about 45 minutes to an hour, the compilation will finish. All that is left to do is install. To install, type the following:
make install
This should only take a few minutes.

When installation is finished, bind will not start, because it does not have any of the configuration files. We are going to use configuration files that simply use localhost and the loopback address ( We will leave everything else to the default values.

In a standard installation, there is a named.conf file, an rndc.conf file, and a namedb directory that contains localhost.rev file. We are going to install these into /usr/local/etc. If you do not already have a /usr/local/etc directory, create one now:
mkdir /usr/local/etc
You will also want to create the namedb directory at this point:
mkdir /usr/local/etc/namedb
Now, we will make the named.conf file. We will add more to it later, but for
now it should look like this:
options {
directory "/usr/local/etc/namedb"; // Working directory
pid-file ""; // Put pid file in working dir

// Provide a reverse mapping for the loopback address
zone "" {
type master;
file "localhost.rev";
notify no;
If you are not comfortable typing this file into your favorite console based text editor, then you can download a copy of this file, cd to the directory into which you've downloaded it, and move it into /usr/local/etc:
mv named.conf /usr/local/etc
Next, we will create the localhost.rev file. This file should look like this:
$TTL 86400
@ IN SOA localhost.localdomain. (
12 ; Serial number
172800 ; Refresh every 2 days
3600 ; Retry every hour
1728000 ; Expire every 20 days
172800 ; Minimum 2 days
IN NS localhost.
0 IN PTR loopback-net.
1 IN PTR localhost.
If you are not comfortable typing this file into your favorite console based text editor, then you can download a copy of this file, cd to the directory into which you've downloaded it, and move it into /usr/local/etc/namedb:
mv localhost.rev /usr/local/etc/namedb
Next we will create the rndc.conf file, and use it to suppliment the named.conf file. The rndc.conf file gets created automatically. You will change to the /usr/local/etc directory:
cd /usr/local/etc
Next, you will use rndc-confgen to generate the configuration. Because of a bug in the openBSD random device that Darwin uses, you'll need to type a bunch of nonsense to generate a key that rndc uses to connect to bind. Issue the following command:
/usr/local/sbin/rndc-confgen > rndc.conf
Now just type away until the console says "stop typing."

This will automatically generate the rndc.conf file. This rndc.conf file also contains some lines that must be added to your named.conf file. We can add them automatically with the following command (which illustrates at the same time what is very cool and what is kind of creepy about Unix):
tail -n10 rndc.conf | head -n9 | sed -e s/#\ //g >> named.conf
Now, you should be ready to start. First, we'll run in console mode. Type the following:
/usr/local/sbin/named -gc /usr/local/etc/named.conf
After spitting out some messages, it should end up with a line that ends simply "running."

Open another terminal and type the following:
/usr/local/sbin/rndc status
This should end by telling you that your server is up and running.

Now, we want to set your server to start at boot time, so that you don't need to open a terminal to run your dns server. Rather than explain how this is done, download and unstuff this file.

Open the terminal, su to root, and cd to the directory into which you downloaded the file (the directory above the unstuffed directory called "Bind") and type the following:
cp -r Bind /System/Library/StartupItems
Last, change the DNS entry in the Network panel of your System Preferences to and reboot. You can test this by simply opening your web browser. If pages come up, then it works.
  • Currently 5.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)

Run a caching-only name server | 30 comments | Create New Account
Click here to return to the 'Run a caching-only name server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Error on one line
Authored by: SCID on Dec 20, '01 11:09:02PM
on this line
tail -n10 rndc.conf | head -n9 | sed -e s/# //g >> named.conf
I get the following error
sed: 1: "s/#": unterminated substitute pattern
any ideas sam d

[ Reply to This | # ]
Error on one line
Authored by: dlandrith on Dec 20, '01 11:36:08PM
There should be a backslach immediately following the poundsign. This will escape the space that follows. Escaping the space causes the space to be part of the pattern rather than a string terminator. The backslash was in the original, but for some reason it fails to show up on the page (it also wouldn't show up on the preview of this comment). At any rate, I've inserted the HTML entity for the backslash in the following command (this does show up in the preview):

tail -n10 rndc.conf | head -n9 | sed -e s/#\ //g >> named.conf

If it still doesn't show up above, just insert the backslash immediately after the pound sign.

The purpose of sed portion of the above command is to remove the comments from the part that we are adding to the end of named.conf. Thus, another workaround is leave out the sed portion as follows:

tail -n10 rndc.conf | head -n9 >> named.conf

And then remove the comment marks (the pound sign and space at the start of each of the last 9 lines of the named.conf file using your favorite console editor.

I hope this helps.

[ Reply to This | # ]

Error on one line
Authored by: SCID on Dec 21, '01 12:19:03AM

Worked great thanks. Definately speeds up my broadband (sprint fixed wireless) addresses some of the latency issues that seem to be in this method of connection. After the first hit things are much snappier

[ Reply to This | # ]
Fixed in main story...
Authored by: robg on Dec 21, '01 09:23:06AM

Thanks for the find; I've now added the backslash to the main article. Geeklog (the site engine) loves to eat backslashes (and less-than and greater-than signs as well).

The only way to post them is to use HTML entities, but even then, they get converted to the real character in the preview, so after one preview, you have to re-do the entities.

I'm hoping this gets fixed in the new Geeklog, due out shortly.


[ Reply to This | # ]
Can't start Bind!
Authored by: theNonsuch on Dec 21, '01 01:50:24AM

Hi - hopefully someone can help...

I got through the procedure and believe I followed the directions carefully. However, when I run the last command to start Bind I get the following:

Dec 21 00:44:47.539 starting BIND 9.2.0 -gc /usr/local/etc/named.conf
Dec 21 00:44:47.541 using 1 CPU
Dec 21 00:44:47.549 loading configuration from '/usr/local/etc/named.conf'
Dec 21 00:44:47.552 no IPv6 interfaces found
Dec 21 00:44:47.553 listening on IPv4 interface lo0,
Dec 21 00:44:47.557 could not listen on UDP socket: address in use
Dec 21 00:44:47.558 creating IPv4 interface lo0 failed; interface ignored
Dec 21 00:44:47.559 listening on IPv4 interface en0,
Dec 21 00:44:47.559 could not listen on UDP socket: address in use
Dec 21 00:44:47.559 creating IPv4 interface en0 failed; interface ignored
Dec 21 00:44:47.559 not listening on any interfaces
Dec 21 00:44:47.563 none:0: open: /usr/local/etc/rndc.key: file not found
Dec 21 00:44:47.564 couldn't add command channel file not found
Dec 21 00:44:47.565 entropy.c:279: unexpected error:
Dec 21 00:44:47.565 fcntl(5, F_SETFL, 4): Operation not supported by device
Dec 21 00:44:47.565 could not open entropy source /dev/random: unexpected error
Dec 21 00:44:47.565 ignoring config file logging statement due to -g option
Dec 21 00:44:47.603 zone loaded serial 12
Dec 21 00:44:47.604 running

Sorry this is so long!

Can anyone help here? My Internet connection is routed through a SMC 7004AWBR router, but I've opened up port 53 on it - shouldn't that do the trick?

reply to: thenonsuch at

[ Reply to This | # ]
Can't start Bind!
Authored by: dlandrith on Dec 21, '01 09:00:07AM

Make sure and run it as root.

[ Reply to This | # ]
Not starting on boot
Authored by: Anonymous on Dec 21, '01 01:52:14AM

These directions worked just fine for me, except that Bind isn't starting on boot. There were no errors when I performed the commands. I checked the console, and there doesn't appear to be any information there on what could be going wrong. Any tips for retracing my steps?

[ Reply to This | # ]
Not starting on boot
Authored by: dlandrith on Dec 21, '01 09:06:24AM

Try starting in Verbose Mode by holding down Command-V at boot (while the small, happy Classic Mac is still on the screen). Then watch what appears after it says "Starting Network." This will show stuff in the screen that doesn't end up in the system log.

Also, there should a file called named.log in the /var/log directory. The /var/log directory contains all of the system logs (in fact, the console is just a GUI for tail -f /var/log/system.log). Also, you can open and monitor the /var/log/named.log using the console. There is a command to monitor another log file in the file menu.

At any rate, this should help you figure out what the error is.

[ Reply to This | # ]
Local (Privete) domain?
Authored by: macmedics_josh on Dec 21, '01 07:08:29AM

I have always wanted to do this sort of thing, and infact back in my days of linux and NatD, I ran a Chach only server... what I would like to do, is run such a DNS server, for my entire private network, (Behind a Hardware router) and have it also serve a .local domain for my local 192.168.1.x domain... this would decrease my relience on charters overburdened DNS Servers, AND let my local macs use names not just numbers to find servers, etc.

Is thare a way to do this?


[ Reply to This | # ]
Local (Privete) domain?
Authored by: dlandrith on Dec 21, '01 09:11:17AM

Any machine on your private network should be able to use the IP address of your machine as a DNS server. There shouldn't be any need to change the configuration or set up any 192.x.x.x specific information for your private network.

You may want to change the controls part of the named.conf file so that you can run rndc on it from a different machine from the one that you are running bind on.

[ Reply to This | # ]
Local (Privete) domain?
Authored by: macmedics_josh on Dec 21, '01 10:29:41AM

I know that it's not nessary for normal internet use.. I have been doing this for YEARS... but thare are some things that really would work a LOT better with a Local DNS information system. Appleshare (or other) servers that do a reverse lookup to find thare own address and name... being able t o tell users, "log on to myserver.local" is a lot easer than telling users..."Logon to teh server at 168... dot... 1... dot... "

[ Reply to This | # ]
Local (Privete) domain?
Authored by: dlandrith on Dec 29, '01 11:50:40AM
What you want to do is setup pointer records for your virtual IP blocks. I haven't tested this, and I'm writing this off the top of my head.

You will want to add a reference to your zone in /usr/local/etc/named.conf. Insert the following lines into your /usr/local/etc/named.conf file.

// Provide a reverse mapping for the 192.168.1.*
zone "" {
type master;
file "virtual.rev";
notify no;

Next, you will want to create your virtual.rev file in the /usr/local/etc/namedb directory. Create this with your favorite text editor, and make it look like this:

$TTL 86400
@ IN SOA (
12 ; Serial number
172800 ; Refresh every 2 days
3600 ; Retry every hour
1728000 ; Expire every 20 days
172800 ; Minimum 2 days
IN NS localhost.localdomain.
x IN PTR namex
y IN PTR namey
z IN PTR namez

Here, x, y, and z are the last octet in the ip address for each machine; e.g., if the address is, then x would be 12. namex is whatever name you want to give to return for reverse lookup of the ip address.

This should do it.

You probably don't need to setup normal lookup tables (i.e., ones that contain A records) since you will probably not need to get these resolved. If you do, post a reply, and I'll add the instructions.

At some point, you should spring for O'Reilly's DNS and Bind, since its a damned useful reference even if you don't wish to become a DNS expert.

[ Reply to This | # ]
Local (Privete) domain?
Authored by: darrendavid on Jan 13, '02 02:33:41PM
this is exactly what i'm trying to do. i basically ported over my named.conf and namedb files from my linux box, but no luck... yet. dig shows correct responses for my local domain, "27":
%dig dev.27 +pfmin

;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59568
;;      dev.27, type = A, class = IN

dev.27.                 3D IN CNAME     ns.27.
ns.27.                  3D IN A

even reverse lookups work fine with dig. no errors in the system.log on starting named. HOWEVER, if i try to 'ping dev.27' i get:
ping: unknown host dev.27
what have i missed?

[ Reply to This | # ]
Authored by: metafeather on Dec 21, '01 08:48:44AM

I have achieved this to work on my LAN (PC, iMac and Pismo) using the following resources.

One note - BIND is already installed as part of OSX so you don't need to download and compile it.


Generic DNS HOWTO -

Mac OS X specific HOWTO

I would also recommend using Webmin (free mature web based interface to config files similar to iTools/Mac OS X Server) to manage/configure the DNS records ( as it also manages Apache, PHP and MySQL and supports Mac OS X.

[ Reply to This | # ]
Authored by: dlandrith on Dec 21, '01 08:58:36AM

The bind that comes with MacOS X is bind 8. The reason to download and install bind is to use bind 9.

[ Reply to This | # ]
Authored by: eldenf on Jul 04, '02 10:28:07PM

Good point... it seems pretty ridiculous to me that there is this elaborately done how-to on installing bind, when OS X COMES WITH IT PREINSTALLED!!!! Sheesh!!

Somebody needs to get a clue.

I went through the whole dang process and then noticed that there were TWO versions of bind installed on my box. Ok, so maybe I need to get a clue as well, because I should have known that... but this DNS HOWTO should definitely be revised.

[ Reply to This | # ]
Authored by: eldenf on Jul 04, '02 10:46:00PM

Hmm, would also be nice if mac os x hints allowed stupid people like me to delete comments after they post them. Didn't see the author's comment on this until after I'd posted. DOH!!!!

[ Reply to This | # ]
Authored by: bhines on Dec 21, '01 09:56:48AM
In case you were curious, my dual 800 G4 compiled in all of 6 minutes. Anyway, unfortunate that it builds without threads support. Probably due to the lackluster pthreads implementation in darwin. Fortunately, it is coming, but probably not for 6 months. One error, though - your startup item should NOT go in /System/StartupItems, everything in the System/ folder is for apple. It should be in /Library/StartupItems. From here:
"The system startup items (that is, those provided by Apple) are located in /System/Library/StartupItems. You should not modify the items in this directory. However, you can also define your own startup items; these custom startup items are stored in /Library/StartupItems. See "Customizing Booting Behavior" for instructions on how to create your own startup items."
Also, i understand lookupd also has its own cache. How much advantage will bind offer over lookupd's own cache? -B

[ Reply to This | # ]
Authored by: flumignan on Dec 21, '01 11:27:47AM
Now that my eyes have rolled back into their sockets... I find it amusing when people whip out complex and time consuming solutions for problems that don't really exist -- just because they existed in UNIX-world and they know a few tricks. lookupd has its own sophisticated caching mechanism. Here's the first two paragraphs from the man pages:
The lookupd daemon acts as an information broker and cache. It is called by various routines in the System framework to find information about user accounts, groups, printers, e-mail aliases and distribution lists, computer names, Internet addresses, and several other kinds of information. lookupd keeps a cache of recently located items to improve system performance. It also implements a search strategy used to find information from the many information sources that are potentially available to a computer. These include the Domain Name System (DNS), Sun Microsystem's Network Information Services (NIS), Apple's NetInfo system, and a set of files found in the /etc directory. X.500-style databases that implement the schema described in RFC 2307 may be accessed using the LDAP protocol.

[ Reply to This | # ]
lookupd cache vs caching
Authored by: dlandrith on Dec 21, '01 06:51:23PM
For the record: I'm very envious of your dual 800 G4....

There are basically four key differences between Caching DNS and lookupd (there are actually more, but you'd have to read DNS and BIND to understand them). They basically add up to the fact that lookupd's caching mechanism is rather rudimentary compared to bind's. At any rate, the key differences are as follows:

  1. lookupd arbitrarily caches DNS entries for 12 hours (unless you set it to go longer). A caching DNS will store a cached entry as long as the SOA record allows. This will be at least 24 hours (the default value) in 99.9% of entries (admins typically make it shorter only when a key change is imminent, in which case you don't want the cache to be held longer). In practice, many admins set this to about 2 weeks. If your uptime is greater than 12 hours, you will experience some speed increase, albeit slight.
  2. lookupd has no cache validation for DNS queries. This means that if the entry expires and is changed in the meantime, you'll have to issue do a lookupd -flushcache to get a correct resolution. The configuration that I have given doesn't solve this problem, because it leaves the lookupd cache setting alone. However, it does allow you to configure lookupd so that the DNS entries are not cached at all and thereby overcome this problem.
  3. lookupd flushes its cache whenever it is gets a SIGHUP, which is to say, whenever any part of the network is reconfigured. Bind runs independently of the system and so resetting the network has no direct effect on it.
  4. As a matter of practice, lookupd often does not communicate its information across applications correctly. For example, you may find that Fetch and Internet Explorer both spend time looking up the same address within minutes of each other. I am not sure why this happens on MacOS X (it happens on AIX, Solaris, and Linux as well). Theoretically, it shouldn't . At any rate, it doesn't happen with bind.

Granted, these are not large differences, but this is why I stated at the outset that this is a slight optimization. I did it on my machine because I was interested in tooling around with the new version (v. 9) of bind. Once I completed it, I figured it would be fun to share.

As for flumingan and his rolling eyes (see previous reply): The pedantic tone of his email is more consistent with one who "existed in the UNIX[sic]-world and ... know[s] a few tricks" than he realizes. If he had read more than the first paragraphs of the man page for lookupd, then he'd have known at least the first three of the above four items. At any rate, he'll do well not to openly flaunt run-of-the-mill Unix knowledge as though it were proof that he knows the secrets of the universe; it makes him look silly.

[ Reply to This | # ]
breaks DNS in classic
Authored by: bhines on Dec 21, '01 09:23:31PM

I believe this breaks DNS in classic, because classic cannot see UNIX servers running on (sendmail also doesn't work) The workaround is to list your ISP's DNS servers after in the TCP/IP control panel of OS X.

For verizon/gte/half of the world they are,,


[ Reply to This | # ]
problem after restart
Authored by: SCID on Dec 23, '01 10:32:49PM
After restarting into 9.2.2 then restarting into X i get the following error
rndc: connect failed: connection refused
Any ideas.

[ Reply to This | # ]
problem after restart
Authored by: SCID on Dec 24, '01 01:41:15PM

reinstalled from scratch and all seems well again.

[ Reply to This | # ]
problem after restart
Authored by: SCID on Dec 23, '01 10:33:25PM
After restarting into 9.2.2 then restarting into X i get the following error
rndc: connect failed: connection refused
Any ideas.

[ Reply to This | # ]
A bug with classic while this is turned on
Authored by: usermilk on Dec 25, '01 10:35:32AM

It seems Classic applications cannot access the internet while your DNS is set to, when I removed the DNS entry I restarted Classic and everything was fine.

[ Reply to This | # ]
Info on and fix for the Classic Bug
Authored by: dlandrith on Dec 29, '01 03:33:13PM

It's taken me a while to get around to this since I don't run Classic, and I had to install it in order to test.

This is an interesting problem, that does not seem related to OpenTransport's screwy implementation of loopback addresses. Even if you put your IP address into the DNS list instead of (which works in OS X), Classic will not resolve names. Moreover, endless fiddling the the IP Secondary Addresses and Hosts file do not solve the problem, though I'm not even sure that these are used in Classic mode. Any info that you can provide on this would be useful.

At any rate, the following solution does work:

Place your normal name server as the second name server in your list, and Classic will use this name server. I haven't noticed any delay caused by this.

[ Reply to This | # ]
No go after OS X reinstall
Authored by: vertigo on Jan 03, '02 12:06:24AM

I have the oddest problem. I recently installed bind-9.2.0 per the instructions and set up the dns cache. Everything went as expected. Due to unrelated problems I had to reinstall OS X (10.1.2 w/ Developer Tools) and tried to install bind again. No go. I get this when trying to compile:

[localhost:Desktop/DNS/bind-9.2.0] root# ./configure --prefix=/usr/local --mandir=/usr/local/share/man
creating cache ./config.cache
checking host system type... powerpc-apple-darwin5.2
checking whether make sets ${MAKE}... yes
checking for ranlib... ranlib
checking for a BSD compatible install... /usr/bin/install -c
checking for ar... /usr/bin/ar
checking for etags... /usr/bin/etags
checking for Exuberant Ctags etags... no
checking for perl5... no
checking for perl... /usr/bin/perl
checking for gcc... no
checking for cc... cc
checking whether the C compiler (cc ) works... yes
checking whether the C compiler (cc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether cc accepts -g... yes
checking how to run the C preprocessor... cc -E -traditional-cpp
checking for ANSI C header files... no
checking for fcntl.h... no
checking for sys/time.h... no
checking for unistd.h... no
checking for sys/sockio.h... no
checking for sys/select.h... no
checking for sys/sysctl.h... no
checking for working const... yes
checking for inline... inline
checking for sysctlbyname... yes
checking for static inline breakage... no
checking for size_t... no
checking for ssize_t... no
checking whether time.h and sys/time.h may both be included... no
checking for long long... yes
configure: error: need either unistd.h or sys/select.h
[localhost:Desktop/DNS/bind-9.2.0] root#

It seems to be getting caught on the 'unistd.h' and 'sys/select.h' files. I am unable to find them on my system either. I'm a UNIX newbie and this has me stumped. I can't figure out why it worked before and chokes now. Anyone else having this problem? Any suggestions?

[ Reply to This | # ]
No go after OS X reinstall
Authored by: cookiemonsta on Jan 07, '02 11:57:37AM

Same thing happened to me, all you need to do is reinstall or Install in the frist place , Mac Os X SDK.pkg (on the DevTools Dec2001 CD)


1. d/l DevTools 2001, from (sign up if u need to, it is free)

2. install dev tools, dont worry about the documentation you must install the first 3 options, Dev Tools.pkg, Dev toolsExtra2001.pkg, and Mac OS X SDK.pkg

3. you can run the installers separately if u need to.

then once it has installed and done its stuff, try the ./configure command again and watch it fly!!!

happy new year and now over to MacWorld, ; )

[ Reply to This | # ]
No go after OS X reinstall
Authored by: vertigo on Jan 07, '02 05:31:49PM

D'oh! I feel so stupid. That was it! I had neglected to install the SDK.pkg when I did a custom install of the Dev Tools. Thanks, I would have never figured that out on my own! Much appreciated...


[ Reply to This | # ]
terminal name back to localhost...
Authored by: stmoddell on Mar 17, '02 11:00:59PM

Okay, so I have been running a DNS server on my old mkLinux box (7100) for a number of years, and had succeeded in getting reverse lookup to work such that my local machines got localhost name through reverse lookup. Now that I have brought up a second DNS box (currently internal), its name is defaulted back to local host. The namedb files for it are slaves to the master 7100, but for some reason it is still thinkiing it is local host. Any thoughts. I hesitate to edit the named.rev file to state the new machines hostname, and the local domain name and reverse for it are correct.

hmmmm, any thoughts

[ Reply to This | # ]