DNS Enabler for Tiger
What is DNS Enabler?
DNS Enabler allows Mac users to turn on a fully-functional Domain Name Server on a plain Mac OS X machine with just one click.
Leopard Update : I've developed a new version, a new DNS Enabler for Leopard, which you can buy.
The following screenshot shows DNS Enabler handling the data entry for the domain described in Paul Albitz and Cricket Liu's DNS and BIND book. It shows computers on two networks, 192.249.249.x and 192.253.253.x, for the domain movie.edu, with the router between the two networks at 220.127.116.11 and 18.104.22.168. The router is given the name wormhole.movie.edu, alias wh.movie.edu and serves as a backup for the primary name server terminator.movie.edu while providing the name service for the 192.253.253.x network. [Download the configuration, here, and open it in DNS Enabler].
Two other computers have aliases - terminator.movie.edu, which is known as bigt.movie.edu, and diehard.movie.edu, also known as dh.movie.edu.
DNS Enabler provides the interface to allow users to specify these name-to-address mappings, as well as their aliases, across the three columns shown above. Additionally, it allows users to set the domain and zone information, like the Domain Name, Host Master's email address, and the Time-To-Live intervals that determine the validity periods for the domain information.
In the example above, DNS Enabler should be installed on the machine named terminator.movie.edu, which is the primary name server for the domain movie.edu. When you hit the Run DNS button, DNS Enabler will read in the name-address mappings, start up name services so that other computers can get answers to these name-address queries, and keep these running across reboots.
DNS Zone Files
This is the zone file created by DNS Enabler for the above configuration:
DNS Enabler will also create the reverse pointer records.
You can remove and de-install DNS Enabler safely, and stop the name server, from a command in the application's Help Menu. DNS Enabler will return your system to the state it was in before you started DNS Enabler.
In a Nutshell
This, then, is what DNS Enabler does. It tries to be as buzzword-compliant as possible - it handles multiple virtual domains, multiple subnets, aliases, MX records (including specifying back-up servers on other networks), and creating the right number of reverse pointer and CNAME records - while doing it all using a single window, the Mac way.
What about MX Records, TXT Records, and Forwarders?
The following picture shows how you would handle MX and TXT records and Forwarders for the domain movie.edu :
misery.movie.edu and shining.movie.edu are the mail servers for the domain movie.edu, with misery.movie.edu ranking higher in priority as the target to receive mail for the domain. The mail exchanger role that both of these machine perform are denoted by the MX[xx] notation.
You can leave a note that shining.movie.edu, the backup mail server, is located at the math lab by adding a TXT[string containing a description] label to the shining.movie.edu record.
Forwarders are useful if you need to shunt name resolution to a particular name server. e.g., to keep off-site search for domain name resolution to a minimum to improve network traffic. In the example above, 22.214.171.124 and 126.96.36.199 are the site's forwarders, and you list them in the Forwarders field, separated by commas.
The configuration, above, can be downloaded from here. The zone file that DNS Enabler produces from that configuration is shown below :
You can use DNS Enabler to set up additional domains in the same window as the primary domain, by filling in the Virtual Domains field :
Using domain1.com as the example, this is the zone file DNS Enabler creates :
To denote that misery.movie.edu, besides being the mail server for movie.edu, will also receive mail for domain1.com and domain2.com, we use the extended MX record notation - MX[xx]domain.name. If the domain name component is left out, the primary domain is implied.
So, actually, DNS Enabler can do the simple things, and yet express quite intricate concepts, too.
Setting up a Secondary Name Server
DNS Enabler also allows you to set up a secondary slave name server. In the example below, besides running DNS Enabler on the Primary Name server, terminator.movie.edu, you can also install it on a Secondary Name Server, wormhole.movie.edu.
First, use the Save menu item in the File Menu on the Primary Name server, to make a copy of the configuration. Then copy this to the machine that will act as the Secondary Name Server (in our case, wormhole.movie.edu).
Run DNS Enabler on this secondary machine, and use it to open the configuration you've just copied over.
Then click on the radio button next to the label "Secondary Name Server" :
When you hit the Run DNS button, wormhole.movie.edu will now run in slave mode. Make a change to the primary server (terminator.movie.edu in our example) and you will see the change propagate to the slave when you hit its Reload Current Data button. (The Run DNS button is then disabled in the slave to prevent you hitting it again.)
Use the Reload button in the slave to always see the latest state of the master.
You can activate the Run DNS button again, if you decide to set this server up as a master some other time, by clicking on radio button next to the "Primary Name Server" label.
NEW in version 2.0.7 - DNS Enabler can now set up multiple secondary slave name servers. Just create a list of the slave servers' host names, in the Secondary Name Server field, and separate them by commas.
To begin exploring DNS Enabler, start with a Simple Configuration
A Basic Configuration
Scenario : DNS Enabler on a private network.
You've set up a local network behind a router or a base station for testing or for doing web development.
Let's say that the local network is on subnet 10.0.1.x and you've decided to have a web server and mail server on a static IP address 10.0.1.206. To simulate real world conditions and not have to change your code when you move it to a production environment, you want to access the web and mail servers via domain names, say cutedgesystems.com.
So this is what you do. You run DNS Enabler on the 10.0.1.206 machine and set it up like this :
You can now point all the other machines on the local network to use 10.0.1.206 as their name server. This way, all the local machines can access the web and mail server through its domain name. If you've set up an alias, like above, you can also hit the web server by typing www.cutedgesystems.com in the browser.
This is a simple thing to do and it takes only a couple of minutes to set up, but it can be made even more useful. E.g., you may have a few other machines containing projects at various stages of development. You can switch your machines around and test each machine in turn as www.cutedgesystems.com, say, just by changing the name-address assignments in DNS Enabler.
Or, since this is a private local network, you can simulate more than one domain, e.g., to test the effect of sending mail from one server to another, from roadstead.com to cutedgesystems.com, say. So you can set up DNS Enabler as shown below :
Another Scenario : This is important because it happens quite often - you may have set up a web or mail server behind a router, broadband modem, or wireless base station when you noticed that machines on the local network cannot "see" the server via its domain name, while machines outside the network can (e.g., you've used dyndns.org or some such service to obtain your own domain name).
In this case, you can use DNS Enabler to broadcast the domain name to all the local machines (using the simple configuration outlined above) and help them find their way to your server. This has helped many Postfix Enabler and MailServe users who are behind routers that are hard to configure or those using the first model of the Airport Base Station.
A More Advanced Configuration
Scenario : DNS Enabler on a public network.
An example company, Kemper, has been given a range of 64 public IP addresses from 188.8.131.52 to 184.108.40.206. It sets its DNS server at 220.127.116.11 and gives it a name, pridns.kemper.com.sg. Its backup secondary name server is at the ISP, secdns.cyberway.com.sg.
The machine that runs the name server is also the mail server and ftp server. Therefore, we give it the appropriate aliases, mail and ftp. We also add the label MX to indicate that pridns.kemper.com.sg, alias mail.kemper.com.sg, is providing the mail service for the domain kemper.com.sg.
If we have a secondary backup mail server among our machines, say at backup.kemper.com.sg, we can denote it by adding the MX label to that machine. The number in the bracket, as in MX and MX, denotes the precedence (and is therefore required).
Across the firewall from the public network, the company runs a private local network (in the 192.168.0.x range). DNS Enabler can handle the setup of the name service for this local network within the same window. Because it is a private network, it can be given any domain name, which we enter into the Virtual Domains field. In our case, we use local.com, and we have two servers, accounting.local.com and keystone.local.com, that are used (and seen) only by the local users.
MX records :
If our ISP provides us with a backup mail server in case our whole domain is down, we can specify this backup mail server, as in the example above (with its IP number denoted by a dash - since we probably wouldn't know its physical address) :
This is how our MX records will be ordered :
kemper.com.sg IN MX 10 pridns.kemper.com.sg.
kemper.com.sg IN MX 20 backup.kemper.com.sg.
kemper.com.sg IN MX 30 mailHost.cyberway.com.sg.
DNS Enabler is designed to allow a user to set up domain name information quickly using a single window in the least amount of time.
It will generate the appropriate named.conf file, the forward mapping files for each domain, the reverse mapping files for each network, and all the resource and reverse pointer records for the user automatically from the specifications entered.
Together with Postfix Enabler and WebMon, DNS Enabler could help make the Mac an even more useful machine to run mission-critical applications on and hopefully encourage more people to use the Mac for running their businesses.
(Note : This is left as an exercise for the reader - you can use DNS Enabler and WebMon's ability to set up a WebDAV server to simulate your own .Mac).
1.0. 2nd November 2004. This was the AppleScript Studio version. Started handling multiple domain names, multiple host names, and aliases.
1.1 2nd June 2005. Re-written in Objective-C. Works with Tiger.
1.1.1 3rd June 2005. On Tiger, the name daemon didn't launch correctly on reboot. This version was supposed to have fixed it, but unfortunately it didn't.
1.1.2 7th June 2005. The previous fix created a side effect where changes to the configuration were no longer accepted after a Restart DNS. This version reversed the changes so that the program can at least work again.
1.1.3 10th June 2005. The name server now listens correctly to all its network interfaces on re-boot, at the expense of scanning more frequently for changes to the network interface (at least until a better solution can be found).
1.1.4 28th July 2005. Added the ability to edit the domain's SOA (Start of Authority) information including the zone's default TTL (Time to Live). The serial number now increments with each modification to the zone files. The Help menu also includes a way to revert these SOA values to the default recommended settings.
1.1.5 4th August 2005. DNS Enabler is now able to handle multiple virtual domains, multiple sub-nets, aliases, MX records (including specifying back-up servers on other networks), multi-homing (one IP address shared by many hosts from different domains or each host on its own IP address or one host name spread across many IP addresses), and creating the right number of reverse pointer and CNAME records.
1.1.6 16th August 2005. Supports drag and drop which allows the DNS entries to be re-ordered in any way.
1.1.7 7th September 2005. Added support for setting up a Slave (Secondary) Name Server. Important Notice : In order to read the zone files created automatically by BIND when it acts as a secondary name server, I have to make DNS Enabler know how to parse the format used by BIND (which is in the shorter $ORIGIN notation). To keep things simple, I have now also standardised on this format when I write out the BIND files for a primary name server. Therefore, this version of DNS Enabler will not be able to read back the files created by the previous versions of DNS Enabler. You will need to re-enter your DNS data. I'm really sorry but I need to make this change now. This gets me closer to being able to read other people's generic (pre-existing) BIND files in the future.
2.0 23rd September 2005. This is the first commercial release of DNS Enabler.
2.0.1 15th November 2005. Enhanced compatibility checks while running on Panther, specifically to make sure that there is a DNSSERVER=-YES- line in /etc/hostconfig.
2.0.2 13th January 2006. This version is able to store the admin password in the Keychain. Includes a Danish localisation by Sebastian Adorján Dyhr. Also, in Panther, DNS Enabler may not notice that there is a DNSSERVER=-YES- line in the /etc/hostconfig file, if there are extraneous spaces in the line. This has now been fixed.
2.0.3 19th January 2006. The application couldn't retrieve a password that is longer than eight characters from the Keychain. This bug has been fixed.
2.0.4 3rd February 2006. Added a Forwarders field, and the ability to create a TXT record, e.g., TXT[location: math lab], and the ability to create MX records for secondary domains, e.g., MXsec.domainOrHost.name. This is also the first Universal Binary release of DNS Enabler.
2.0.5 5th February 2006. There was a bug introduced by the Forwarders field, causing the name server to refuse to start up when the Forwarders field is empty. This has now been fixed. Also, on some installations of Panther, notably those for which the optional BSD sub-system has not been installed (Tiger does not have an optional BSD install), a couple of files needed by BIND (namely, rndc and rndc-confgen) cannnot be found. DNS Enabler will now check for these files, and install them if they are not there.
2.0.6 7th February 2006. Added the ability to save the configuration to a .dns file, which can be copied over to another user or machine, and which can be double-clicked on to launch DNS Enabler.
2.0.7 28th February 2006. DNS Enabler can now set up multiple secondary slave name servers.
2.0.8 21st April 2006. This latest release just adds a French localisation from Joselyne Rochaud and Corentin Cras-Méneur, as well as a Chinese translation from Hai Hwee.
2.0.9 20th July 2006. Updated the application to handle a bug introduced by the OS X 10.4.7 update (that "Workaround Bonjour" thing) whereby the system would stall for about 30 to 60 seconds whenever a launchdaemon (like BIND, Fetchmail, etc) is launched by a call to /bin/launchctl.
I've updated DNS Enabler so that the Restart DNS button avoids calling launchctl, so that the only time you see the stall is when you start the DNS service (be patient - it'll clear - and the DNS Server will still work correctly), and not when you stop the service, and especially not when you restart the service to make a change to your DNS data, which is pretty much what we do most of the time.
It's important to note that this happens only on 10.4.7, and that the DNS service is still launched correctly - this stall only happens when an application makes a call to the Unix command /bin/launchctl. This is probably an unfortunate side effect of the security-related changes Apple made to patch up the launchdaemon mechanism (launchd) in the 10.4.7 update.
2.1 9th August 2006. Added a button so that DNS Enabler can auto-populate the Forwarders field based on the DNS Servers list that the user has set up in his Network Preferences.
Also added a Bonjour panel so that DNS Enabler can also be used to broadcast Bonjour services over a wide-area network :
(see the extra notes on my weblog).
2.1.1 10th August 2006. Fixed a bug which occurred when there is a domain, e.g. called ABC.com, and another, say, xyzABC.com which contains the same letters as the first domain. DNS Enabler got confused when it had to process both these domains in the same list. This has been sorted out and DNS Enabler is smarter now about these things.