This is the third installment of a series on BAMP. If you’re coming in the middle, you may want to start at the first in the series where I discuss the benefits of using BIND for local web development. We will be working on OS X 10.11 (El Capitan), at the time this tutorial was written BIND version 9.10.3-P3 was installed using Homebrew 0.9.5. My text editor of choice is TextMate; and it’s command line utility is “mate.” So when you see that command substitute the text editor of your preference.
-Xcode command line tools
First we need Xcode’s command line tools installed. Use this link if you haven’t done this already and return when you have installed them.
Getting started with Homebrew is easy. Open Terminal and enter:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
It will prompt you for you administrator password so the script can set new ownership and permissions for the /usr/local and /usr/local/bin directories and finish it’s installation.
Now that we have Homebrew on our system getting BIND is trivial. Simply enter the following in terminal:
brew install bind
Now BIND and it’s dependencies (openssl) will install. Keep an eye on Homebrew’s “Caveats” section at the end of the installation. It tells us how to launch BIND now and also at startup. So enter the following to load BIND at startup:
sudo cp -fv /usr/local/opt/bind/*.plist /Library/LaunchDaemons sudo chown root /Library/LaunchDaemons/homebrew.mxcl.bind.plist
and then this to load it now:
sudo launchctl load /Library/LaunchDaemons/homebrew.mxcl.bind.plist
What installed where:
Take a moment to look around /usr/local to see what has changed since Homebrew installed BIND. Here’s a summary:
/usr/local/etc/named.conf <-the main config file
/usr/local/etc/rndc.key <- a key to secure the DNS server
/usr/local/var/named/ <- the directory forthe zone files
/usr/local/var/log/named/ <- the log file lives here
/usr/local/sbin/* <- BIND's executables
/usr/local/Cellar/bind/9.10.3-P3/ <-BIND is kept here
Note: Check your version number for the /usr/local/Cellar path for BIND and adjust the following Terminal input accordingly.
There’s one utility in /usr/local/sbin/ that we’ll want to use. It is rndc. It will allow us to reload zones. The only problem is that with Homebrew’s installation of BIND, rndc expects the config and key files to be located in the following path:
Let’s symlink the files to that directory so rndc doesn’t throw errors at us.
ln -s /usr/local/etc/named.conf /usr/local/Cellar/bind/9.10.3-P3/etc/named.conf ln -s /usr/local/etc/rndc.key /usr/local/Cellar/bind/9.10.3-P3/etc/rndc.key
Now you can reload the zone files which will be important soon. Let’s test it. Enter to following in Terminal:
/usr/local/sbin/rndc -p 54 reload
You should get the message: “server reload successful” Now that we know the lay of the land, let’s move onto the next part configuring BIND.
Here is a gist of our new named.conf. The file you’ll be overwriting is located here: /usr/local/etc/named.conf.
Let’s review what’s been added to the file. In the options clause I’ve added OpenDNS as forwarding severs. This will make the DNS server forward queries to OpenDNS’s servers and cache the results. If the query to OpenDNS’s servers fails then our server will make the query itself.
Next I’ve added “listen on” and “allow query” to override the default “any” and restrict use of the server to localhost as a security measure. If you want your development sites to be available to other machines on your LAN then uncomment the localnets statements and add your local ip address in your zone files.
And finally, I’ve added two zones. The first: zone “.” will point to a file where we will provide a list of root servers for the internet at large .com .org .net etc. The second will point to a file where we’ll provide the zone information for our development .dev domain.
Creating our BIND zone files:
Next we will create those two zone files in /usr/local/var/named/. For the first one, we’ll get a current listing of root servers from internic.net.
curl http://www.internic.net/domain/named.root > /usr/local/var/named/named.ca
And for the second we’ll ;use this gist to create a file in /usr/local/var/named/dev.zone.
Now we can reload the DNS server and dump the cache:
/usr/local/sbin/rndc -p 54 reload /usr/local/sbin/rndc -p 54 flush
Now lets register 127.0.0.1 as a name server for .dev with OS X’s resolver. This will allow us to use our dev sites even in the absence of a network connection. Think off-line browsing of *.dev.
sudo mkdir -v /etc/resolver sudo bash -c 'echo "nameserver 127.0.0.1" > /etc/resolver/dev'
And flush the OS X’s multicast DNS cache in OS X 10.11.3
sudo killall -HUP mDNSResponder
Set Your DNS Server to 127.0.0.1
And now to the best part, using our shiny new DNS server. W00T!
Open up your System Preferences and select Network. Now choose the network connection that you’re currently using. There will be a button labeled “Advanced” in the lower right hand corner. Click it and then navigate to the “DNS” tab. That will give you the window to set your preferred DNS server. Delete any existing entries. Then add a new one with the entry: 127.0.0.1. Hit the “OK” button and then the “Apply” button to affect the changed setting.
That’s it! We’re done.
Postscript: Open a webpage using your .dev domain and see what happens next. If you get a page with the text “It Works” the Apache is running but you haven’t configured your virtual hosts correctly. If you get a “Forbidden You don’t have permission to access on this server” then the directory might not exist yet or your virtual hosts entry might not be mapping correctly. Here is an Apache tutorial to get you back on track.