Skip to end of metadata
Go to start of metadata

Symptom:

You've installed an DNS Server Controller on Mac OS X Server (10.6.X) and it installs correctly (green checkmark icon) but you can't add the DNS Server to the Management Console, i.e. the DNS Server Controller is not running. 
 

Problem:

Unfortunately Apple brings with the server version of their operating system an very unusual BIND name server configuration. Basically the DNS Server Controllerinstaller is not able to read such a configuration.
 

Solution

 To solve the issue please follow the steps described next.
  1. Open a shell and check the named.conf (the BIND configuration) by running
    sudo named-checkconf -z
    This will check the named.conf and also the master zone files for potential syntax errors. If this returns without issues, please proceed with step 2 otherwise please fix this errors first.
  2. Open the file
    /etc/named.conf
    with admin rights with an editor (nano).  It will look similar to this:
    //
    // Include keys file
    //
    include "/etc/rndc.key";
    // Declares control channels to be used by the rndc utility.
    //
    
    // It is recommended that 127.0.0.1 be the only address used.
    // This also allows non-privileged users on the local host to manage
    // your name server.
    
    //
    // Default controls
    //
    controls  {
       inet 127.0.0.1 port 953 allow    {any;   }         keys    { "rndc-key";    };
    };
    
    options  {
       include "/etc/dns/options.conf.apple";
    };
    
    //
    // a caching only nameserver config
    //
    logging {
       include "/etc/dns/loggingOptions.conf.apple";
    };
    // Public view read by Server Admin  include "/etc/dns/publicView.conf.apple";
    // Server Admin declares all zones in a view. BIND therefore dictates
    // that all other zone declarations must be contained in views
  3. Replace the 
    include "/etc/rndc.key";
    by the key statement itself, i.e. copy the contents of the ''rndc.key'' file into the ''named.conf'' and replace with the key statement the include statement.
  4. Replace the include statement include "/etc/dns/options.conf.apple";  in the options section by the content of the included file itself (the content of "/etc/dns/options.conf.apple";)

    Usually the content is:
    directory "/var/named"; forwarders {}; allow-transfer { none; };
  5. Comment out the thre lines of the logging section by prepending the lines by two slash (//), e.g.:
    // logging {
    //            include "/etc/dns/loggingOptions.conf.apple";
    // };
  6. Comment out the include "/etc/dns/publicView.conf.apple"; statement in the named.conf file:
    // include "/etc/dns/publicView.conf.apple"; 
  7. Open the file /etc/dns/publicView.conf.apple  and copy the "acl" statement, which is usually the first line into the named.conf file. E.g. right after the key {..}; statement.
    The acl line looks like:
    acl "com.apple.ServerAdmin.DNS.public" {localnets;localhost;.....};
    Then comment out the acl in the publicView.conf.apple file with two slash, like:
    // acl "com.apple.ServerAdmin.DNS.public" {localnets;localhost;.....};
  8. Copy the 
    allow-recursion {"com.apple.ServerAdmin.DNS.public";};
    statement from the publicView.conf.apple file into the named.conf options statement. Then comment it out in the publicView.conf.apple
  9. Comment out the first line of the view statement in the publicView.conf.apple:
    // view "com.apple.ServerAdmin.DNS.public" {
    and the last line that contains the closing curly bracket }; so that it looks like:
    // };
  10. Concatenate the contents of the file publicView.conf.apple to the named.conf by running the following command:
    sudo cat /etc/dns/publicView.conf.apple >> /etc/named.conf
  11. Run
    sudo named-checkconf -z 
    again to check the configuration. This should return with no errors.
  12. Run the following bash script as root:
    #!/bin/bash
    for i in /var/named/zones/*.zone.apple do
      j=`echo $i | sed -e 's/^\/var\/named\/zones\//\/var\/named\//' -e 's/zone.apple$//'`
      cp -f $i $j
    done
    This script will replace the zone data includes by the real zone data. After step 12 please run again a final 
    sudo named-checkconf -z
    Which should denote the same zones with serial number the checkconf run in step 11.
Done. 
The altered named.conf file should look like:
key "rndc-key" {
 algorithm hmac-md5;
 secret "42c/oQADXzD0lYBJPNcZwQ==";
};


// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.
//
// Default controls
//

controls  {
        inet 127.0.0.1 port 953 allow    {any;   }
        keys    { "rndc-key";    };
};

acl "com.apple.ServerAdmin.DNS.public" {localnets;localhost;.....};
options  {
    directory "/var/named";
    forwarders {};
    allow-transfer { none; };
    allow-recursion {"com.apple.ServerAdmin.DNS.public";};

};

// 
// a caching only nameserver config
// 
//logging {
//        include "/etc/dns/loggingOptions.conf.apple";
//};


// Public view read by Server Admin        
//include "/etc/dns/publicView.conf.apple";
// Server Admin declares all zones in a view. BIND therefore dictates
// that all other zone declarations must be contained in views.
<followed by the content of the altered file publicView.conf.apple which was appended in step 10>
Now you can run the DNS Server Controller installer and it should work
fine.