Building dnsextd(8) for macOS in 2022

Question

TyngJJ OP

Created Jun ’22

Replies 3

Boosts 0

Views 1.2k

Participants 2

Looks like dnsextd(8) was removed from macOS in 10.15 Catalina, and building from source isn't easy.

I used the attached patch to build mDNSResponder 1310.140.1, which removes unused functions except for setTrafficClass which is unused by the target (it passes mDNSFalse for useBackgroundTraffic).

We're planning to use this as a frontend to BIND 9.18.3 with an external daemon to verify TSIG for dynamic updates. With MDM we should be able to easily provision new TSIG keys remotely on servers, then communicate them out-of-band to the daemon and (hopefully) have the process work almost automatically.

I have heard only RC4 is supported in released versions of macOS, and the implementation is broken in macOS Monterey.

dnsextd.txt

Comments welcome

Boost

Answer 1

TyngJJ OP

Jun ’22

Looks like building 1557.120.7 from the GitHub releases is pretty different, the latest doesn't have an Xcode target for dnsextd. The patch is much smaller, but the Makefile doesn't collect the conf, man page, launchd plist and executable and put them in an appropriate structure.

dnsextd.txt

0

Answer 2

DTS Engineer OP

Apple

Jun ’22

I presume your goal here is to get those patches integrated into the mainline source code. If so, I recommend that you put them in a bug report. That’ll ensure they’re seen by the right folks.

Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

TyngJJ OP

Jun ’22

Not exactly. I have the patches for both, but I'm looking for comments on the use of dnsextd (hopefully from someone in the networking group) on its viability with recent versions of BIND. Also their thoughts on the overall scheme, like relying on the TSIG implementation in macOS for secure record updates. FB10279468

I realized I didn't reference the BIND documentation section 4.2.28.4 Dynamic Update Policies (the external option), which is what's planned.

0