How to add a wildcard host entry to Mac OS X Server's DNS
I have set up a Mavericks Mac OS X Server machine for my lab, and I am using the DNS service for my own domain. Without getting into too many complicated details, I need to populate this local DNS service with a wildcard host entry, and the Server admin GUI doesn't let you do that.
I've read through a couple of threads on Apple's own support forums, but they just conclude with "edit the bind configuration files manually." And worse, there was no follow-up on how that worked out for the original poster. Was it an easy fix? Or did the GUI fight back against having files edited underneath it?
Solution 1:
You can add the wild card domain much easier than that!
- create the primary zone "test.dev"
- create machine record "test.dev"
- add ip
http://www.howdididothat.info/2012/11/15/wildcard-dns-on-mac-osx-server-10-8/
Solution 2:
It took a lot of interpolating older blog posts and poking through the filesystem, but this recipe seems to be working now for me:
Mavericks OS X Server's DNS service stores its zone files in /Library/Server/named:
sh-3.2# ls -lF /Library/Server/named
total 64
-rw-r--r-- 1 root wheel 14 Sep 15 17:29 .version
-rw-r--r-- 1 root wheel 327 Sep 18 16:57 db.19.0.10.in-addr.arpa
-rw-r--r-- 1 root wheel 362 Sep 18 16:57 db.example.com
-rw-r--r--@ 1 root wheel 195 Sep 15 17:29 localhost.zone
-rw-r--r--@ 1 root wheel 2994 Sep 15 17:29 named.ca
-rw-r--r--@ 1 root wheel 1164 Sep 18 16:57 named.conf
-rw-r--r--@ 1 root wheel 433 Sep 15 17:29 named.local
-rw------- 1 root wheel 77 Feb 14 2012 rndc.key
Note that I'm in a root shell here… All these files are owned by root, so this is the simplest way to edit them without accidentally screwing up their ownership or permissions.
All we need do is edit the db.* file that corresponds to the zone we want to add a wildcard to… Here db.example.com. First, of course, back up the file to your home directory or some other safe location.
Then open the file with your favorite command-line editor and add these three lines to the end of the file (of course substituting the IP address of your server):
@ 300 IN A 4.3.2.1
* 300 IN CNAME @
NO-EDITING-IN-GUI 300 IN A 1.2.3.4
The last line serves as a reminder of the following important warning:
Beware of editing any records subsequently with the GUI! If you bring up the dialog to edit it, the hostname shows as example.com, and clicking OK will overwrite your wildcard with an invalid address record! Caveat emptor.
I then went to the Server app and used the slide switch to stop and restart the DNS service. In the flash before it restarted I noticed that the GUI was already showing my new example.com host record, but don't be fooled by this… The GUI display is based on what's in the zone files, not what the running server has loaded.
After restarting, you can us dig to verify that the wildcard host is working:
aoide:~ kaelin$ dig nonexistant.example.com
; <<>> DiG 9.8.3-P1 <<>> nonexistant.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56808
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;nonexistant.example.com. IN A
;; ANSWER SECTION:
nonexistant.example.com. 300 IN CNAME example.com.
example.com. 300 IN A 4.3.2.1
;; AUTHORITY SECTION:
example.com. 10800 IN NS ns1.example.com.
example.com. 10800 IN NS ns2.example.com.
;; ADDITIONAL SECTION:
ns1.example.com. 300 IN A 10.0.19.63
ns2.example.com. 300 IN A 10.0.19.62
;; Query time: 5 msec
;; SERVER: 10.0.19.63#53(10.0.19.63)
;; WHEN: Thu Sep 18 22:13:32 2014
;; MSG SIZE rcvd: 141