Instructions   [plain text]

Configuring DNS in a NAT environment on Mac OS X and Mac OS X Server


This article describes how to create a basic DNS (Domain Name System)
configuration using BIND for a typical network behind a Network Address
Translation (NAT) device.


The Apple Mail Server and some configurations of the Web Server (Apache)
require the presence of a correctly configured DNS Server on your network. 
Mac OS X and Mac OS X Server can benefit from the availability of valid
forward and reverse name resolution.

Other Mac OS X Server services including File Sharing (AFP, NFS, SMB/CIFS
and FTP), Print Service, IP Filtering, NetBoot, Macintosh Manager, SLP
Directory Agent, DHCP serving, and NetInfo Domain hosting do not require
the presence of DNS.  However, if DNS is available and not configured
properly, some server services may not function or their performance can be
significantly diminished.

If you have an Internet service provider, or you are in a business or
school with with an information services department, they may already be
able to provide DNS services for your server.  Please contact your internal
support or Internet Service Provider to determine if this service is
available to you.


BIND (Berkeley Internet Name Domain) is an implementation of the Domain
Name System (DNS) protocols.  It is included with Mac OS X and Mac OS X
Server, allowing a Mac to act as a DNS server.  Configuring a complete DNS
using BIND can be a complex process.  If this generic configuration example
does not meet your needs, we recommend that you do not attempt to configure
DNS on your own and seek out a professional consultant or additional


If you are configuring DNS on Mac OS X Server, please see the DNS chapter
of the Mac OS X Server Admininstrator's Guide, "DNS Server" (Chapter 14 at
last check).

How to locate a network consultant to help you implement DNS:

Apple Professional Services

Apple Solutions Experts

External sites with information on BIND:

Official BIND Site
BIND Version 8 Online Documentation
Domain Name System (DNS) Information
How Stuff Works on DNS

Third Party Publications with information on BIND:

DNS and BIND, 4th Edition

The Concise Guide to DNS and BIND

UNIX System Administration Handbook 

There are also commercial and free alternatives for configuring BIND:

QuickDNS Pro
DNS Expert
Webmin (DNS module)


    **** CAUTION ****

Users should be aware that the incorrect configuration of DNS settings can
result in serious system issues. It is recommended that only experienced
users manipulate these settings.

    **** CAUTION ****


In the following example, we assume that your network has a dedicated
router or gateway and that device is using NAT.  The port (Cable
Modem/DSL/Dial-up/etc.) that is connected to your ISP is defined as the WAN
port.  The port that is connected to you internal network is defined as the
LAN port.

* The IP address of the WAN port is determined by your ISP.
* The IP address of the LAN port is
* The IP address of the Mac OS X or Mac OS X Server machine that will be
  used as the DNS server is
* The IP addresses for client computers are through

If IP address assignment is provided by the NAT device via DHCP, it needs
to be configured with the above information.  Please consult your router or
gateway manual for instructions on configuring its DHCP Server.

If your NAT device connects to the Internet, you also need to know the DNS
server addresses provided by your ISP.


The sample files assume a domain name of "" behind the NAT. This
may be changed but must be changed in ALL modified configuration files.
This includes renaming "/var/named/" (from step 7) to the
given domain name, for example, "/var/named/".

 1) Log into the DNS server machine as root.

 2) Choose Go To Folder from the Go menu.

 3) In the "Go to the folder:" sheet, enter "/etc" <no quotes> and click
 	the Go button.

 4) Locate the file "named.conf" and rename it "named.conf.OLD".

 5) Launch the TextEdit application located in /Applications.

 6) Copy the contents of "/usr/share/named/examples/db.10.0.1.sample" into
 	a new file. Save the file as "/var/named/db.10.0.1" (no quotes).

 7) Copy the contents of "/usr/share/named/examples/"
 	into a new file. Save the file as "/var/named/".

 8) Copy the contents of "/usr/share/named/examples/named.conf.sample" into
 	a new file.

 9) Follow the instructions in the sample file to apply edits appropriate
 	to your specific installation, then save the file as

On Mac OS X Server:
10) Log out, and log back in as an administrator user.

11) Using Server Settings, via the Network tab, start the DNS service.

13) In the Network preference pane of the System Preferences, change the
	Domain Name Servers to only list the IP address of the new DNS server,

On Mac OS X:
10) Open "/etc/hostconfig".

11) Add the following line to the end of the file:

12) Save the file.

13) In the Network preference pane of the System Preferences, change the
	Domain Name Servers to only list the IP address of the new DNS server,

14) Reboot the machine.


If the IP addresses of your client computers are statically assigned,
change the Domain Name Servers of their Network preference pane to only
list the new server's IP address,

If you are using Mac OS X Server as your DHCP Server:

1) Using Server Settings, choose Configure DHCP from the Network tab.

2) On the Subnet tab, edit the Built-in Ethernet port (default).

3) In the General tab, enter the following information:

    Subnet Mask:

4) Select the DNS tab and enter the following information:

    Default Domain:
    DNS Servers:

5) Click the Save button and log out of Server Settings.

Note: The client computers may not immediately populate with the new IP
configuration information.  This will depend upon when their DHCP leases
expire.  It may be necessary to restart the client computers for the
changes to populate.


To verify the steps were successful, launch the Terminal application
located in /Applications/Utilities and enter the following commands
(substituting the local domain name for "" if different):

Mention of third-party products, companies and web sites is for
informational purposes only and constitutes neither an endorsement nor a
recommendation. Apple assumes no responsibility with regard to the
selection, performance or use of information or products found at third
party web sites. Apple provides this only as a convenience to our users.
Apple has not tested the information found on these sites and makes no
representations regarding its accuracy or reliability. There are dangers
inherent in the use of any information or products found on the Internet,
and Apple assumes no responsibility in this regard. Please understand that
a third party site is independent from Apple and that Apple has no control
over the content on that web site.