Pages

Thursday, May 19, 2016

How do I enable rndc on Mac OS X El Capitan (10.11.5)

So I was trying to figure out how to enable rndc on El Capitan so I could dump the DNS cache to check name resolution. I could run the command from the command line, but alas it would indicate that it was not listening on port 953. I tried the alternate port 54, but again to no avail. As it turns out, I needed to modify the named.conf file controls section to get it to work. The named.conf file is located at /Library/Server/named/named.conf. You will need to modify it as the super user using sudo.

Note: I have the Apple Server Application installed

sudo nano /Library/Server/named/named.conf


The existing file should have a controls section that looks similar to the one below.

controls {
        inet ::1 port 54 allow {
                "any";
        } keys {
                "rndc-key";
        };
};

I added the following inet 127.0.0.1 allow {localhost;};. So now the configuration looks like:

controls {
        inet 127.0.0.1 allow {localhost;};
        inet ::1 port 54 allow {
                "any";
        } keys {
                "rndc-key";
        };
};


You will need to restart named service using the following commands.

sudo launchctl stop org.isc.named
sudo launchctl start org.isc.named

You should be able to use rndc. To check, you can issue the following command:

sudo rndc status

version: 9.9.7-P3 
CPUs found: 8
worker threads: 8
UDP listeners per interface: 4
number of zones: 100
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running