Christoph Kania braindump

 

DNS on your desk

19.10.2012 - Christoph Kania

Using a local dns server could make your live faster

Sometimes you are in an environment where DNS requests will thwart you. In these moments a local DNS server is your friend.

A good choice is Unbound, a “validating, recursive, and caching DNS resolver” (for alternatives you might have a look on Wikipedia).

Under Mac OS X and homebrew just enter

$ brew install unbound

Then, as user root, create the relevant user and group:

$ dscl . -create /Groups/_unbound
$ dscl . -create /Groups/_unbound PrimaryGroupID 451
$ dscl . -create /Users/_unbound
$ dscl . -create /Users/_unbound RecordName _unbound unbound
$ dscl . -create /Users/_unbound RealName "Unbound Agent"
$ dscl . -create /Users/_unbound UniqueID 451
$ dscl . -create /Users/_unbound PrimaryGroupID 451
$ dscl . -create /Users/_unbound UserShell /usr/bin/false
$ dscl . -create /Users/_unbound Password '*'
$ dscl . -create /Groups/_unbound GroupMembership _unbound

To start unbound with system startup create the file /Library/LaunchDaemons/net.unbound.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>net.unbound</string>
    <key>ProgramArguments</key>
    <array>
      <string>/usr/local/sbin/unbound</string>
      <string>-d</string>
      <string>-c</string>
      <string>/usr/local/etc/unbound/unbound.conf</string>
    </array>
    <key>KeepAlive</key>
    <true/>
    <key>RunAtLoad</key>
    <true/>
  </dict>
</plist>

And finaly:

$ launchctl load /Library/LaunchDaemons/net.unbound.plist

To use your local DNS as default (attention: I have not tested this):

$ networksetup  -listallnetworkservices | sed '1d' | \
	sed 's/\(.*\)/networksetup -setdnsservers "\1" 127.0.0.1/' | sh
n$ etworksetup  -listallnetworkservices | sed '1d' | \
	sed 's/\(.*\)/networksetup -setsearchdomains "\1" example.com/' | sh

Think about the possibility to use public DNS servers like Google, hukl or other.

Ressources