Skip navigation
This discussion is archived

Snow leopard broke my dns

79246 Views 149 Replies Latest reply: Apr 9, 2010 4:44 PM by jice0 RSS
  • Barnski Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 3, 2009 1:28 AM (in response to ~Bee)
    Yep, but neither really seems applicable. DHCP on this site hands out the same DNS server settings as I have specified manually, so even if the order was disrespected and it fell back to DHCP-supplied DNS server settings, all should still be fine.

    The only preference/order issue that might possibly cause this problem is if Snow Leopard queried the DNS server specified second before the one specified first, i.e. it tried the forwarder before the LAN DNS server. That said, my understanding is that a DNS client will try all the servers in its list until it finds one that can resolve the query, or all DNS servers are exhausted (unless there are bad cache entries, of course, but I have been using dscacheutil to flush the cache to eliminate that possibility).
    Look after many Macs; G4 to Intel Xeon., Mac OS X (10.6)
  • Barnski Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 3, 2009 2:39 AM (in response to Barnski)
    Update: I edited my network location, made some changes, applied them, then changed everything back to how it was/should be and applied changes again. Since then, all seems well. Will post back if the problem re-occurs.
    Look after many Macs; G4 to Intel Xeon., Mac OS X (10.6)
  • Barnski Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 3, 2009 4:17 AM (in response to Barnski)
    Update 2: Problem re-occurred. Changing Network Location / applying changes did not resolve the issue.
    Look after many Macs; G4 to Intel Xeon., Mac OS X (10.6)
  • Barnski Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 3, 2009 7:11 AM (in response to Barnski)
    Update 3: Having found the thread at http://www.mac-forums.com/forums/os-x-operating-system/164649-snow-leopard-keeps -dropping-dns.html I have removed the second DNS server from my Network Settings, so I am now only pointing at a single DNS server (the one on the LAN). I have been working for several hours now without a re-occurrence of the problem.

    This is a workaround rather than a fix, though - if the internal DNS goes down, it would still be desirable for clients to fall back to the DNS forwarder server so that internet use is still possible.
    Look after many Macs; G4 to Intel Xeon., Mac OS X (10.6)
  • jjrrss Calculating status...
    Currently Being Moderated
    Sep 3, 2009 3:54 PM (in response to dropadrop)
    I have an 09 Mac Mini, snow installed, wired to an actiontec modem/wireless, and am getting loads of DNS errors. From the sys logs on the mini, it looks like scary port scanning, all coming stealth from... the two IPs supplied to my Mini's network DNS settings from my modem... my modem's inside IP, and my primary ISP's DNS server, coming from port 53 to various ports, mostly in the 5000s, on the Mini. On the modem log, it's all DNS errors, "no response for DNS request..," All DNS servers tried, no response,"failed DNS request len..". Testing the modem with ping and such, I find IPs do well, but URLs do nothing... and yet... I am having no issues that I've been aware of in surfing. Pages come, and come quickly. I have the network settings on the Mini on auto. *Is it good to have the modem/gateway internal IP as the first DNS IP in the settings, or should I nix that and just put in the primary and secondary IPS server IPs?* Perhaps, since I don't seem to be having any problems except for "stealth attempt" notices and DNS failures logged, perhaps I should not worry. It just works, right? Still, how could it be working, and not working? I have all sharing turned off and the Mini's firewall on, so I wonder where all these DNS requests that aren't being answered, but that aren't affecting my ability to stay connected and surf, are coming from. The DNS failures and late "stealth attempts" are most likely dropped queries, or late-returning answers to queries instigated by my Mini. Also, unrelated, anyone had a post snow install *freeze when logging out of a user account*, standard or admin? Three power button shut downs because of this yesterday. Beachball, and can't even get in to see and stop what's hanging it up.
    Mac Mini, Mac OS X (10.5.8)
  • JrtBloke Calculating status...
    Currently Being Moderated
    Sep 5, 2009 2:03 AM (in response to dropadrop)
    i'm not sure this question is 'answered'. there's been two issues discussed. needing to clear manual DNS entries is one thing, and quite basic - but there is still the problem of priority with DHCP supplied DNS.

    I don't have manual DNS specified on my macs, i only use DNS handed down via DHCP from my router - the primary DNS for clients is specified as an internal OS X server and secondary dns would simply be the router connecting to the outside world (using openDNS). so on my LAN i'd get a look up of my internal servers and alias locally before then querying the outside world. it works great with everything except snow leopard.

    With snow leopard this fails 90% of the time (worth noting also that roughly 10% of the time it works like its supposed to) - the primary dns is not respected and checked first, my leopard clients simply jump straight to secondary (the router pipe to outside). It's not that my OS X server is failing - my one remaining 10.5.8 client still works everytime, as do windows machines. for 10.6 clients to connect to an internal server i actually have to set up an external DNS reference to 'loop back in' through the WAN interface - not good security wise for intranet interfaces which are meant to be LAN or VPN only.

    I'll repeat this isnt that i have manual dns entries which need clearing - there arent any. It's bust in a way I can't fix, I can only try and work around: editing the hostfile - and I really shouldn't have to be doing that - likewise i shouldn't be having to make a separate location for this when DHCP is giving it to me on a plate. Some form of bug acknowledgement would be good here, and an indication of if this will change in 10.6.1.
    iMac CD2, Macbook Pro CD 15", Powermac G5, Mac OS X (10.4.8)
  • William Kucharski Level 6 Level 6 (14,395 points)
    Currently Being Moderated
    Sep 5, 2009 6:06 AM (in response to JrtBloke)
    JrtBloke wrote:
    Some form of bug acknowledgement would be good here, and an indication of if this will change in 10.6.1.


    Note that we're all users here - Apple does not officially read these boards except to monitor for violations of the Terms of Use.

    Apple also historically never acknowledges bugs until they've been fixed.
    Quad 2.5 GHz G5, 5 GB | 15" 2.6 GHz MBP Penryn, 4 GB | 1 TB Dual-Band TC, Mac OS X (10.6)
  • Snoop Dogg Level 4 Level 4 (1,265 points)
    Currently Being Moderated
    Sep 5, 2009 11:52 AM (in response to JrtBloke)
    JrtBloke, does your internal server answer for external names too? I mean, what happens if you query your internal sever for "www.google.com"? What does your internal server return? An error? What error?

    Can you post the results of the following Terminal command?

    dig www.google.com
    MacBook Pro, Mac OS X (10.6)
  • JrtBloke Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 5, 2009 12:17 PM (in response to Snoop Dogg)
    Hi Dogg, My internal server is only meant to reference internal systems and aliases - i woudn't expect my internal DNS to resolve google, its an intranet service not internet - internet lookups are meant to go via my router via secondary DNS. it's worked that way for a long time. the whole point of having the internal as primary is that internal systems are resolved on primary first before dns then resolves to secondary which goes straight outside.

    so the digg is the same on my server and my clients. Note the server referenced in the dig '192.178.2.1' is the secondary DNS on the LAN - which is the router itself.

    ; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49513
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.google.com. IN A

    ;; ANSWER SECTION:
    www.google.com. 604353 IN CNAME www.l.google.com.
    www.l.google.com. 133 IN A 216.239.59.103
    www.l.google.com. 133 IN A 216.239.59.105
    www.l.google.com. 133 IN A 216.239.59.147
    www.l.google.com. 133 IN A 216.239.59.99
    www.l.google.com. 133 IN A 216.239.59.104

    ;; Query time: 55 msec
    ;; SERVER: 192.178.2.1#53(192.178.2.1)
    ;; WHEN: Sat Sep 5 19:56:54 2009
    ;; MSG SIZE rcvd: 132

    just to follow this up, if I dig an internal name... again it ignores the primary internal DNS (192.178.2.3 btw) and ploughs straight into secondary again, resolving the host from the WAN interface rather than LAN. this is particularly nuts as the name i'm querying here is the internal primary DNS server - and i'm querying from the DNS server itself. the DNS client system ignores the local DNS service and just goes straight for the internet on secondary.

    ; <<>> DiG 9.6.0-APPLE-P2 <<>> server.xxxx.eu
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11464
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;server.hacs.eu. IN A

    ;; ANSWER SECTION:
    server.xxxx.eu. 76569 IN A 82.xx.xx.xx

    ;; Query time: 2 msec
    ;; SERVER: 192.178.2.1#53(192.178.2.1)
    ;; WHEN: Sat Sep 5 20:01:29 2009
    ;; MSG SIZE rcvd: 48
    iMac CD2, Macbook Pro CD 15", Powermac G5, Mac OS X (10.6)
  • Snoop Dogg Level 4 Level 4 (1,265 points)
    Currently Being Moderated
    Sep 5, 2009 12:28 PM (in response to JrtBloke)
    OK, can you post the results of "scutil --dns" in Terminal.
    MacBook Pro, Mac OS X (10.6)
  • JrtBloke Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 5, 2009 12:38 PM (in response to Snoop Dogg)
    here it is from a 10.6 client:

    DNS configuration

    resolver #1
    domain : xxxx.eu
    nameserver[0] : 192.178.2.3
    nameserver[1] : 192.178.2.1
    order : 200000

    resolver #2
    domain : local
    options : mdns
    timeout : 2
    order : 300000

    resolver #3
    domain : 254.169.in-addr.arpa
    options : mdns
    timeout : 2
    order : 300200

    resolver #4
    domain : 8.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 300400

    resolver #5
    domain : 9.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 300600

    resolver #6
    domain : a.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 300800

    resolver #7
    domain : b.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 301000

    here it is from the LAN osx server (192.178.2.3, the dns service) - as far as i can see its the same - which is to be expected as both machines are receiving their dns server IP's from DHCP - i use mac address reservations rather than fixed IP's.

    DNS configuration

    resolver #1
    domain : xxxx.eu
    nameserver[0] : 192.178.2.3
    nameserver[1] : 192.178.2.1
    order : 200000

    resolver #2
    domain : local
    options : mdns
    timeout : 2
    order : 300000

    resolver #3
    domain : 254.169.in-addr.arpa
    options : mdns
    timeout : 2
    order : 300200

    resolver #4
    domain : 8.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 300400

    resolver #5
    domain : 9.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 300600

    resolver #6
    domain : a.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 300800

    resolver #7
    domain : b.e.f.ip6.arpa
    options : mdns
    timeout : 2
    order : 301000
    iMac CD2, Macbook Pro CD 15", Powermac G5, Mac OS X (10.6)
  • Snoop Dogg Level 4 Level 4 (1,265 points)
    Currently Being Moderated
    Sep 5, 2009 12:50 PM (in response to JrtBloke)
    OK, cool. Can you run this command and send the results. I'm interested in seeing how your internal server responds to a query for google.

    *dig www.google.com @192.178.2.3*
    MacBook Pro, Mac OS X (10.6)
  • JrtBloke Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 5, 2009 12:58 PM (in response to Snoop Dogg)
    from client:

    ; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com @192.178.2.3
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached


    from server itself:

    ; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com @192.178.2.3
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached
    iMac CD2, Macbook Pro CD 15", Powermac G5, Mac OS X (10.6)
  • Snoop Dogg Level 4 Level 4 (1,265 points)
    Currently Being Moderated
    Sep 5, 2009 1:06 PM (in response to JrtBloke)
    OK, so have you ever noticed that in Leopard your Internet connection was hella-slow because every single query was first sent to your internal server which doesn't respond and eventually the querier times out and then moves on to the external server? That seems like a really inefficient way to configure your DNS. Maybe instead you could configure your internal DNS server to itself query the external servers when it doesn't know the answer?
    MacBook Pro, Mac OS X (10.6)
1 2 3 4 ... 10 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.