Installing BIND on OS X 10.11
El Capitan with Homebrew


This is the third installment of a series on BAMP. If you’re coming in the middle, you may want to start at the first in the series where I discuss the benefits of using BIND for local web development. We will be working on OS X 10.11 (El Capitan), at the time this tutorial was written BIND version 9.10.3-P3 was installed using Homebrew 0.9.5. My text editor of choice is TextMate; and it’s command line utility is “mate.” So when you see that command substitute the text editor of your preference.

Installation Dependencies

-Xcode command line tools

First we need Xcode’s command line tools installed. Use this link if you haven’t done this already and return when you have installed them.

-Install Homebrew

Getting started with Homebrew is easy. Open Terminal and enter:

ruby -e "$(curl -fsSL"

It will prompt you for you administrator password so the script can set new ownership and permissions for the /usr/local and /usr/local/bin directories and finish it’s installation.

Install BIND

Now that we have Homebrew on our system getting BIND is trivial. Simply enter the following in terminal:

brew install bind

Now BIND and it’s dependencies (openssl) will install. Keep an eye on Homebrew’s “Caveats” section at the end of the installation. It tells us how to launch BIND now and also at startup. So enter the following to load BIND at startup:

sudo cp -fv /usr/local/opt/bind/*.plist /Library/LaunchDaemons
sudo chown root /Library/LaunchDaemons/homebrew.mxcl.bind.plist

and then this to load it now:

sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.bind.plist

What installed where:

Take a moment to look around /usr/local to see what has changed since Homebrew installed BIND. Here’s a summary:

/usr/local/etc/named.conf       <-the main config file
/usr/local/etc/rndc.key            <- a key to secure the DNS server
/usr/local/var/named/            <- the directory forthe zone files
/usr/local/var/log/named/     <- the log file lives here
/usr/local/sbin/*                         <- BIND's executables
/usr/local/Cellar/bind/9.10.3-P3/ <-BIND is kept here

Note: Check your version number for the /usr/local/Cellar path for BIND and adjust the following Terminal input accordingly.

There’s one utility in /usr/local/sbin/ that we’ll want to use. It is rndc. It will allow us to reload zones. The only problem is that with Homebrew’s installation of BIND, rndc expects the config and key files to be located in the following path:


Let’s symlink the files to that directory so rndc doesn’t throw errors at us.

ln -s /usr/local/etc/named.conf /usr/local/Cellar/bind/9.10.3-P3/etc/named.conf
ln -s /usr/local/etc/rndc.key /usr/local/Cellar/bind/9.10.3-P3/etc/rndc.key

Now you can reload the zone files which will be important soon. Let’s test it. Enter to following in Terminal:

/usr/local/sbin/rndc -p 54 reload

You should get the message: “server reload successful” Now that we know the lay of the land, let’s move onto the next part configuring BIND.

Configure named.conf

Here is a gist of our new named.conf. The file you’ll be overwriting is located here: /usr/local/etc/named.conf.

mate /usr/local/etc/named.conf

Let’s review what’s been added to the file. In the options clause I’ve added OpenDNS as forwarding severs. This will make the DNS server forward queries to OpenDNS’s servers and cache the results. If the query to OpenDNS’s servers fails then our server will make the query itself.

Next I’ve added “listen on” and “allow query” to override the default “any” and restrict use of the server to localhost as a security measure. If you want your development sites to be available to other machines on your LAN then uncomment the localnets statements and add your local ip address in your zone files.

And finally, I’ve added two zones. The first: zone “.” will point to a file where we will provide a list of root servers for the internet at large .com .org .net etc. The second will point to a file where we’ll provide the zone information for our development .dev domain.

Creating our BIND zone files:

Next we will create those two zone files in /usr/local/var/named/. For the first one, we’ll get a current listing of root servers from

curl > /usr/local/var/named/

And for the second we’ll ;use this gist to create a file in /usr/local/var/named/

mate /usr/local/var/named/

Now we can reload the DNS server and dump the cache:

/usr/local/sbin/rndc -p 54 reload
/usr/local/sbin/rndc -p 54 flush

Now lets register as a name server for .dev with OS X’s resolver. This will allow us to use our dev sites even in the absence of a network connection. Think off-line browsing of *.dev.

sudo mkdir -v /etc/resolver
sudo bash -c 'echo "nameserver" > /etc/resolver/dev'

And flush the OS X’s multicast DNS cache in OS X 10.11.3

sudo killall -HUP mDNSResponder

Set Your DNS Server to

And now to the best part, using our shiny new DNS server. W00T!

Open up your System Preferences and select Network. Now choose the network connection that you’re currently using. There will be a button labeled “Advanced” in the lower right hand corner. Click it and then navigate to the “DNS” tab. That will give you the window to set your preferred DNS server. Delete any existing entries. Then add a new one with the entry: Hit the “OK” button and then the “Apply” button to affect the changed setting.

That’s it! We’re done.

Postscript: Open a webpage using your .dev domain and see what happens next. If you get a page with the text “It Works” the Apache is running but you haven’t configured your virtual hosts correctly. If you get a “Forbidden You don’t have permission to access on this server” then the directory might not exist yet or your virtual hosts entry might not be mapping correctly. Here is an Apache tutorial to get you back on track.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>