Skip to end of metadata
Go to start of metadata

Symptom:

You've installed an DNS Server Controller on Mac OS X Server (10.6.X) and it installs correctly (green checkmark icon) but you can't add the DNS Server to the Management Console, i.e. the DNS Server Controller is not running. 
 

Problem:

Unfortunately Apple brings with the server version of their operating system an very unusual BIND name server configuration. Basically the DNS Server Controllerinstaller is not able to read such a configuration.
 

Solution

 To solve the issue please follow the steps described next.
  1. Open a shell and check the named.conf (the BIND configuration) by running 
    sudo named-checkconf -z
    This will check the named.conf and also the master zone files for potential syntax errors. If this returns without issues, please proceed with step 2 otherwise please fix this errors first.
  2. Open the file 
    /etc/named.conf
    with admin rights with an editor (nano).  It will look similar to this:
    //
// Include keys file
//
include "/etc/rndc.key";
// Declares control channels to be used by the rndc utility.
//

// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.

//
// Default controls
//
controls  {
   inet 127.0.0.1 port 953 allow    {any;   }         keys    { "rndc-key";    };
};

options  {
   include "/etc/dns/options.conf.apple";
};

//
// a caching only nameserver config
//
logging {
   include "/etc/dns/loggingOptions.conf.apple";
};
// Public view read by Server Admin  include "/etc/dns/publicView.conf.apple";
// Server Admin declares all zones in a view. BIND therefore dictates
// that all other zone declarations must be contained in views
  3. Replace the  
    include "/etc/rndc.key";
    by the key statement itself, i.e. copy the contents of the ''rndc.key'' file into the ''named.conf'' and replace with the key statement the include statement.
  4. Replace the include statement include "/etc/dns/options.conf.apple";  in the options section by the content of the included file itself (the content of "/etc/dns/options.conf.apple";)

    Usually the content is: 
    directory "/var/named"; forwarders {}; allow-transfer { none; };
  5. Comment out the thre lines of the logging section by prepending the lines by two slash (//), e.g.: 
    // logging {
//            include "/etc/dns/loggingOptions.conf.apple";
// };
  6. Comment out the include "/etc/dns/publicView.conf.apple"; statement in the named.conf file: 
    // include "/etc/dns/publicView.conf.apple";
  7. Open the file /etc/dns/publicView.conf.apple  and copy the "acl" statement, which is usually the first line into the named.conf file. E.g. right after the key {..}; statement.
    The acl line looks like: 
    acl "com.apple.ServerAdmin.DNS.public" {localnets;localhost;.....};
    Then comment out the acl in the publicView.conf.apple file with two slash, like: 
    // acl "com.apple.ServerAdmin.DNS.public" {localnets;localhost;.....};
  8. Copy the  
    allow-recursion {"com.apple.ServerAdmin.DNS.public";};
    statement from the publicView.conf.apple file into the named.conf options statement. Then comment it out in the publicView.conf.apple
  9. Comment out the first line of the view statement in the publicView.conf.apple: 
    // view "com.apple.ServerAdmin.DNS.public" {
    and the last line that contains the closing curly bracket }; so that it looks like: 
    // };
  10. Concatenate the contents of the file publicView.conf.apple to the named.conf by running the following command:
    sudo cat /etc/dns/publicView.conf.apple >> /etc/named.conf
  11. Run 
    sudo named-checkconf -z
    again to check the configuration. This should return with no errors.
  12. Run the following bash script as root: 
    #!/bin/bash
for i in /var/named/zones/*.zone.apple do
  j=`echo $i | sed -e 's/^\/var\/named\/zones\//\/var\/named\//' -e 's/zone.apple$//'`
  cp -f $i $j
done
    This script will replace the zone data includes by the real zone data. After step 12 please run again a final 
    sudo named-checkconf -z
    Which should denote the same zones with serial number the checkconf run in step 11.
Done. 
The altered named.conf file should look like:
key "rndc-key" {
 algorithm hmac-md5;
 secret "42c/oQADXzD0lYBJPNcZwQ==";
};


// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.
//
// Default controls
//

controls  {
        inet 127.0.0.1 port 953 allow    {any;   }
        keys    { "rndc-key";    };
};

acl "com.apple.ServerAdmin.DNS.public" {localnets;localhost;.....};
options  {
    directory "/var/named";
    forwarders {};
    allow-transfer { none; };
    allow-recursion {"com.apple.ServerAdmin.DNS.public";};

};

// 
// a caching only nameserver config
// 
//logging {
//        include "/etc/dns/loggingOptions.conf.apple";
//};


// Public view read by Server Admin        
//include "/etc/dns/publicView.conf.apple";
// Server Admin declares all zones in a view. BIND therefore dictates
// that all other zone declarations must be contained in views.
<followed by the content of the altered file publicView.conf.apple which was appended in step 10>
Now you can run the DNS Server Controller installer and it should work
fine.