Setting up DNS Server on macOS

[oppalla]

I'm trying to set DNS SERVER up and running into my iMac which runs High Sierra 10.13.6. This iMac shares my WiFi connection via cable to my Windows computer. So I'm planning to install and run DNS Server to block some hosts in my Windows machine.

I could not install via curl -sSL https://download.technitium.com/dns/install.sh | sudo bash because it says:

=============================== Technitium DNS Server Installer

.NET 5 Runtime is already installed. Downloading Technitium DNS Server... Updating Technitium DNS Server... ps: illegal option -- - usage: ps [-AaCcEefhjlMmrSTvwXx] [-O fmt | -o fmt] [-G gid[,gid...]] [-g grp[,grp...]] [-u [uid,uid...]] [-p pid[,pid...]] [-t tty[,tty...]] [-U user[,user...]] ps [-L] Failed to install Technitium DNS Server: systemd was not detected.

So I downloaded the "DnsServerPortable.tar.gz" and run the terminal into it with the command: sudo ./start.sh and it loads the DNS Server, and I'm able to access 127.0.0.1:5380.

I set the forwarders for Cloudflare DNS-OVER-UDP or any forwarder preset, and try to test it under DNS CLIENT, with {this-server} but it always returns operation time out.

Even if I set my DNS as 127.0.0.1 on network settings, it never loads pages or logs queries on the Dashboard.

I feel I'm just a small step close to make it up and running.

Can you help me with this? I really appreciate any help you can provide.

[ShreyasZare]

Thanks for the post. There is no official installer for macOS since I don't have one to create it. The installer script is designed to work only on Linux so it would fail on macOS.

So, you tried running the DNS server directly using the start.sh from the portable tar.gz file which will work but the only limitation is that the server wont start when the system reboots. So you will need to configure something to make it start on reboot.

For debugging the other issue, I would suggest that you check the logs once from the web panel itself. Look for any errors which says that the DNS server failed to bind on udp/tcp port 53. It could be that there is some other service running on your laptop that is using the same port so you will need to stop that to allow the DNS server to use the port. Or the other option is to configure the DNS server local endpoints in settings to a specific IP address that you have on your LAN which will make it work without any conflict.

If you find any errors in the logs that you need help with then do post them here.

[ShreyasZare]

If you are familiar with docker then you can pull technitium/dns-server from docker hub.

[oppalla]

I'm not using docker since it is a little bit too heavy for my old iMac build, so I'm just using the Portable version which is extremely lightweight.

Troubleshooting with @ShreyasZare I found out that the port 53 udp/tc is being used by some process on my iMac.

Without acknowledging yet which is running under port 53, @ShreyasZare suggested I substitute any IP addresses used on "DNS Server Local End Points" setting to my LAN adapter IP.

Then I tried with my WiFi IP, and it did not work. As I use this iMac to share the 5g connection with my PC via cable, I tried also the Ethernet IP, and then, it responded under "DNS CLient" the queries I do manually.

Even appearing that the DNS Server now has a connection and can resolve addresses, using the same IP of my Ethernet Adapter as DNS of my WiFi connection leads to no connection at all, without anything being resolved.

Now, I'm trying to discover what is using the 53 port, in order to disable it and try with my WiFi adapter IP.

Any progress I make in order to make it run on MacOS will be posted here. Many thanks, @ShreyasZare for being so supportive.

[oppalla]

I thought I've made it to work.

Not fully working as expected, but at least it was working somehow.

I found out that there was a process called mDNSResponder using the port 53 tcp/udp.

Then, to free the port 53, I just went to the terminal and:

sudo killall mDNSResponder

After, I needed to start DNS Server, because then my PC is not resolving addresses anymore, then I go to iMac terminal and:

sudo ./start.sh

Now DNS server is running. There, I need to set up my Wifi adapter IP on "DNS Server Local End Points" which now is 192.168.0.101:53

After, I need to set my WiFi adapter DNS on iMac as "192.168.0.101"

Also, I must set the Router Address on the Ethernet Sharing connection on iMac as 192.168.0.X which is my Router address, in order for my PC could directly the modern, even not being in the same WiFi as it is.

And finally, in Windows, I must set up the ethernet connection to use the same IP "192.168.0.101" as DNS.

This way I can use DNS Server to resolve addresses in both iMac and PC.

Well, this I did yesterday, but trying to repeat today, it simply didn't worked.

I'm lost once again.

[oppalla]

Today I actually find a way to make it work for real. It's not doable daily because there's much harm in disabling System Integrity Protection.

Steps to reproduce:

1 - Restart your iMac pressing Command+R to enter recovery mode

2 - In recovery mode, go to the terminal and type csrutil disable. Now your System Integrity Protection is disabled.

3 - Restart your iMac and open up Terminal

4 - Insert these commands:

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponderHelper.plist

5 - On the same terminal, run your DNS Server using sudo ./start.sh

6 - Open another Terminal window and type these commands:

sudo launchctl load /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.mDNSResponderHelper.plist

7 - Open DNS Server interface on browser 127.0.0.1:5380

8 - Set your DNS Server Local End Points to your WiFi local IP:53 (my case, it is 192.168.0.101:53)

9 - Set your WiFi Adapter DNS as your Wifi Adapter IP. (192.168.0.101)

10 - On Windows, set your Ethernet adapter DNS as your iMac WiFi adapter IP (192.168.0.101)

11 - Now DNS Server should be filtering your internet connection on iMac and Windows.

If someone will try to reproduce it, keep in mind that having the System Integrity Protection disabled can harm your macOS.

If you don't load the mDNSResponder and mDNSResponderHelper after unloading it and running DNS Server, your Windows Machine will have internet access, and your iMac doesn't.

So, this post is more to incentive @ShreyasZare to keep doing his awesome job and maybe take a little more attention to Mac users than to actually try to teach someone to make it run on macOS.

Thanks, @ShreyasZare, for your attention per e-mail, reading my logs, and always troubleshooting with attention.

[ShreyasZare]

Thanks for posting the details. This will help someone in this same situation to debug the issue better.