Ready to watch this entire course?
Become a member and get unlimited access to the entire skills library of over 4,900 courses, including more Business and personalized recommendations.Start Your Free Trial Now
- View Offline
- Deploying, troubleshooting, and understanding OS X 10.6 DNS server
- Understanding and configuring OS X and OS X Server-based firewalls
- Fixing server- and client-side firewalls
- Configuring and troubleshooting DHCP
- Setting up and troubleshooting a VPN server
Skill Level Intermediate
BIND stands for Berkeley Internet Name Domain. BIND is software. Clients lookup information in the DNS by calling a resolver library which sends queries to one or more name servers and interprets the responses. The BIND9 software distribution contains a name server and a resolver library. The BIND files that Mac OS X creates for you are not the easiest things to hunt down, but I've a short list of the ones you should care about and where they're located. The first file of DNS importance is located at etc/named.conf, and that's because the service is the name daemon or name-d.
So I'm going to show you this in a couple of different ways. First, I want to go to folder and to show you that you can get into etc just by typing /etc right there and hit Go. That will show you this file right here in the Finder. So for those of you who are Terminal averse you've got this option here. There's named.conf right there. But as this is an advanced title we are going to go down to Utilities. We are going to open up the Terminal and we are going to get in and take a look at this. So, just closing some windows, getting things centered here, and here we are.
Now we are on the server obviously, as indicated here. That's the name of the server and that's who we are logged in as right now. Just so we can move around freely without any errors I am going to type sudo -s and hit Return. And I am going to put in the password on the server, and that returns us into a shell in which we are root. Now, this is going to allow us to move around with utter flexibility, because we are basically operating as root now. So what I want to do is we are going to cd, which is just short for change directory, into at etc, and that's /etc/ and hit Return.
If I type ls -l and hit Return, I get a list of pretty much what we were looking at there in the Finder. Now, let's see here. And let's clear this just to clean up the screen a little bit. Now let's do that in a slightly different way. This time what we are going to do is instead of listing the directory named.conf as in we are going to look inside of it. But I don't want to do that with a text editor, because a text editor will allow me to change the contents of named. conf, and we really don't want to do that. To do this, we are going to type up less named.conf.
This gets us right in here. This file really just adds include statements that tell BIND to look at what are called views elsewhere in the file system. But this file is important for another reason. You see it's fragile in the context of the complete server. If you edit named.conf, named will use that new information. It'll use it if it's written correctly. But the changes won't show up in Server Admin. So you'll have no outward indication of the change. For our purposes here the important part of named.conf is that it points to publicView.conf.apple.
And I am scrolling down here so that you can see this. It's right here at the bottom of the file. This include basically says "I want you to go over here to see the stuff that Server Admin has been putting in, because it's all listed over there." So we say, "All right, fine." I am going to hit the Q key on our keyboard. That gets us out of less and returns us back here to our Terminal window. So other useful files that were referenced there included etc/dns/options.conf.apple.
That is another hands-off file that the system has auto generated for you with options information about DNS. etc/dns/loggingOptions.conf.apple lists the logging options enabled for DNS. Again, you shouldn't edit that. Just check it when troubleshooting to make sure the log level was written correctly by Server Admin. Now, the file we really want to look at is over here. We are going to go cd /etc/dns/. That gets us into the directory. If I type ls all three of those files that I just mentioned are listed here, loggingOptions, options, and publicView all followed by .conf.apple.
If we just type less publicView, and I can just hit Tab here and that will auto complete that name, because after publ that's all unique after that. So I can just hit Tab, it'll auto complete and I'll hit Return. And it warns you in big capital letters right here, please do not manually modify this file. Please make your changes in the named.conf file. But we know that we don't want to make our changes there either. We want to make our changes in Server Admin. At any rate this is a really good place to go to see if all of the stuff that was supposed to be entered in here was entered in.
And this is where we get to see our zone information, where it says type master, and that the file is at db.groundswellgear.com. The transfer and update information there as well. Then here is the zone information for our reverse. So, that all looks good too. So we are going hit Q to get out of that. Again, Q gets us out of less. The include statements told us that we needed to look for our zone information in the /var/named/zones. So that's where we are going to go. We're going to go cd /var/named/zones and so you can see I am sort of taking you on the path here.
There is a long and circuitous route that takes us from the source, that named.conf file all the way through to this directory here. Now that we've changed directories into var/named/zones, if I type ls I can see those two files that it referenced right here, db.groundswellgear.com.zone.apple and db.12.168.192.in-addr. arpa.zone.apple as well. Those are the forward and the reverse zone files. Even though this has a .apple extension, don't let that throw you. Apple didn't provide these files.
The zone files in var/named/zones are the place where your zones and the records they contain are located. So if, once again, we type less and we type db.groundswellgear.com, blah, blah, blah, we just hit Tab to go through that and I hit Return, what I am going to see here is our zone information, which is really great, because now we can check to see if what was entered is correct. So here we can see that we've got our groundswellgear.com IN SOA server.groundswellgear.com.
There is the e-mail address that I was telling you about. So if that was entered in correctly then that's how that appears. By the way, don't be thrown by that not being an @ symbol. That's the way it's supposed to be. Groundswellgear.com is in a name server at server.groundswellgear.com. Server is in an A record at 192.168.12.2. Server is in an HINFO record, and that says Mac Pro and 10.6.x. Remember when we typed that in. And we've also got our TXT information, which says the server was set up by Sean Colins. So all of that information that we entered into Server Admin is here, including down here you see our aliases or our CNAME records.
We have the mail CNAME right there and we have the www CNAME right there. That's how those should look. We also have our MX record down below. Groundswellgear.com has an MX record of a priority 10 that tells it, hey, send mail if it's received for this domain over to server.groundswellgear.com. So this is a properly formatted, properly formulated zone file with the appropriate records within. That's what this looks like. If everything looks fine then you know that the problem is not here. And you can start looking elsewhere, assuming you're having problems and that's why you're troubleshooting DNS.
So I am going to press the Q key again here. The Q button gets us out of that. We've used less several times. We've used the cd command. We've used ls. So those are some of the tools we've used to navigate our way around and to view files so far. Next, I'd just like to take you into the logs directory. When troubleshooting DNS, it can be helpful to check the logs out. So one thing we can do is we can use the Terminal right here to just change directories into Library/Logs. We can see we've got several logs in here, and right there you can see we've a named.log.
If you'd like me to show that to you over here in the Finder, I can do that as well. Library/Logs and there we have it right there, named.log. Same thing listed there, listed there. So if I just type less named.log, it'll load up the log. And I can just keep arrowing through this and you'll see everything. It can feel a little bit difficult to read the logs here though. So what I am going to do is type Q to get out of that.
I'll type exit and exit again. The first exit got us out of our root session and the second one got us out of our Server Admin session. So now I can quit Terminal and I can go to my Utilities folder,and I can open up the Console application. If I do that I can click the Show Log List over here and I can find all of the logs that are in Library/Logs. In there I should be able to find my named log. You can see how this is organized in the same way that it would be found in the Terminal, if you were just changing directories through those directories or in the Finder if you're going through that way.
So here we see the named.log. In here if we had any DNS errors at all we would find them here, and it would tell us what was going on. If the service had quit unexpectedly or if it had shut down because of an error in a configuration somewhere, that would all be listed right here. I want to quit that now. Once you've looked that the files DNS uses to determine if the files were written the way you intended them to be, you should move on to using tools to test DNS to find out why it isn't working.