The Adventures of Systems Boy!

Confessions of a Mac SysAdmin...

Secondary DNS Configuration

I recently had occasion to do some Mac OS X DNS configuration. Primary DNS setup is pretty straightforward, but I always get stuck on the secondary DNS config, and this week I had the (not so) rare privilege of discovering I'd been doing it wrong all along. I thought I'd post some quickie instructions for next time this comes up.

So, to set up your Mac OS X Server as a secondary DNS server (that is, if the primary goes down, this one will act as a failover), you'll need to open Server Admin and navigate to the DNS section (we'll use the 10.4 version, but the basic gist is the same in 10.5). Next, add a secondary zone under "Secondary Zones." This first one will be for your forward lookups. In the first field add the full name of your zone. In the second field add the IP address of your primary DNS server. It should look like this:

Secondary DNS: Forward Lookups
(click image for larger view)

Now add another secondary zone for the reverse lookups. This is exactly the same except that instead of the zone name in the first field, you'll use the reverse zone information. It looks like this:

Secondary DNS: Reverse Lookups
(click image for larger view)

Note that the reverse IP in the field should cover the zone IP range. That is, if your primary DNS server covers "192.168.1" zone, you'll enter the reverse info for that range. If your primary DNS covers all of "192.168" (notice the truncated IP number) then you should enter that. All together it should look like this:

Secondary DNS: All Together Now
(click image for larger view)

Once this is all set up and saved, you can start the service. You can tell it worked by listing the contents of /var/named. You should see two new files, one called and one called And these should be populated with the same DNS info as your primary.

And that's it! Enter the new secondary DNS server info in your Network System Preferences, just after the primary, and if your main DNS fails you'll be covered.

Oh, almost forgot, thanks to this dude for helping me figure all this out.

Labels: , ,

« Home | Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »
| Next »

1:42 AM

an important contribution to the murky world dns confit on OSX. I recently moved my DNS server from panther to tiger (next up, leopard migration). I spent so much time worrying about it, but it was so painless. I moved 1 folder and 1 file. Done. Server admin in tiger ignores it, but it works great. PS. Finally made a run for the border, and got my iPhone!    

2:47 PM

Yay! iPhone!

Don't you love it?


2:54 PM

I am so loving it. Typing emails and even web forms is great. No problems. I blew up my iMac at home, and couldn't have cared less. I was twiddling on my iPhone... Wheee. Daring Fireball and SysBoy, and all my friends in this tiny little box. Sa-weet.    

1:51 PM

Though some of the novelty has worn off, I'm still crazy 'bout that phone. It stands the test of time.



3:01 AM

Good news. Thanks for clause. I shall go to search for the information on the given theme further    

11:21 AM

No problem.


12:17 AM


My DNS master is a 10.5.2 and my slave is a 10.4.11. The primary zone was transfered without a problem, as soon as i enable "allow zone transfer" on 10.5.2, but the reverse zone doesn't have any option to allow transfers, the result is series of "deny errors" to transfer the reverse zone to my 10.4.11... Any ideas about how to enable reverse zone transfers?


1:14 PM


There should be no need to enable reverse zone transfers separately. Simply enabling zone transfers should do the trick for both forward and reverse lookups (at least in my experience). If it doesn't, I'd suspect that there is a conflict between 10.5.2 and 10.4.11, but I have no good way to confirm this.

Sorry I can't be more helpful.


» Post a Comment