Setup local DNS resolver on macOS Sierra

Instructions on how to install PowerDNS Recursor on macOS 10.12 Sierra.

These commands need to be run from the Terminal.

  1. Installation
  2. Configuration
  3. Reload config
  4. Clearing the cache


Install Homebrew

/usr/bin/ruby -e "$(curl -fsSL"

Install PowerDNS recursor

brew install pdnsrec

Download and install the boot script from this Gist

# Download boot script
sudo wget -O /Library/LaunchDaemons/homebrew.mxcl.pdnsrec.plist ''

sudo chown root:wheel /Library/LaunchDaemons/homebrew.mxcl.pdnsrec.plist

# Install boot script
sudo launchctl bootstrap system /Library/LaunchDaemons/homebrew.mxcl.pdnsrec.plist

# Start the recursor on boot
sudo launchctl enable system/homebrew.mxcl.pdnsrec

# Start it right now
sudo launchctl kickstart system/homebrew.mxcl.pdnsrec


Security setting to prevent access from outside and enable DNSSEC validation.

cd /usr/local/etc/powerdns
cp -n recursor.conf-dist recursor.conf

echo "allow-from=, ::1/128" >> recursor.conf

echo "dnssec=validate" >> recursor.conf

Go to System Preferences > Network and select your interface. Then go to Advanced > DNS tab and click the + to add a DNS server. Enter

You can further customize the resolver by editing the config file at /usr/local/etc/powerdns/recursor.conf

Reload config

When you’re done you need to restart the process like this:

sudo launchctl kickstart -k system/homebrew.mxcl.pdnsrec

Clearing the cache

To clear the local cache run:

sudo rec_control wipe-cache

or to clear only one domain zone:

sudo rec_control wipe-cache

Like this article?
Buy me a coffee

2020-02-28 – Rewrote config commands, they need to be overrides in case the file already exists.
2017-07-15 – Added DNSSEC validation, no more reboot required and replaced legacy launchctl commands.
Thanks to Babo D’s Corner for the commands.

Related stuff

Leave a Comment

Your email address will not be published. Required fields are marked *