Skip navigation

dns server hangs on lookup

767 Views 13 Replies Latest reply: Feb 7, 2012 5:45 AM by jimfromma RSS
jimfromma Level 1 Level 1 (0 points)
Currently Being Moderated
Feb 2, 2012 6:11 AM

We recently set up a new file server using a MacMini and Lion Server. After pain staking research to rectify a permissions issue, we are now having problems with the DNS server portion of the software. We upgraded from an old XServer running 10.4 that was set up as the DNS for our intranet. We changed the old server name and IP so as to be able to mimic all of the IP's and server name on the new one. Once we unplug the old server from the network, our ability to use the internet or email is radically deminished. When I plug the old server back into the network, everything works great. Any ideas?

Mac mini, Mac OS X (10.7.2)
  • thomas_r. Level 7 Level 7 (26,920 points)
    Currently Being Moderated
    Feb 2, 2012 6:13 AM (in response to jimfromma)

    You need to post this on the Mac OS X Lion Server forum.  This one is for the regular end-user version of Lion, and many folks here may have no experience whatsoever with the server, while everyone over there should.

  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Feb 2, 2012 10:07 AM (in response to jimfromma)

    That's impossible to answer without more information about the server setup, or at least an idea of the symptoms (e.g. what does dig or nslookup return when you try?)


    I'm guessing this is just a configuration issue. By default the DNS server is only configured to respond to zones that it's responsible for (e.g. it won't resolve other domains). You need to enable recursion or forwarding for your clients in order for the server to do this. You don't state whether you've done that or not.

  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Feb 2, 2012 2:02 PM (in response to jimfromma)

    I just try'd the "dig" on both machines and get the exact same results on both machines.


    which was...? Knowing the specific messages returned from dig will be useful.


    The problem is that I can't unplug the old server from the network or it takes a gadzillion years to lookup an address when online, and our mail programs barely load messages.


    You shouldn't need to unplug and swap this live. There are at least two better ways of doing this.


    One is to install and configure the server at a different IP address and make sure it works there (including configuring a single client on the LAN to use this server for lookups), then swap servers once you're sure.

    Another option is to configure the server at a new address and migrate services to it. If your LAN systems are all using DHCP then it's a simple matter to change the DHCP server settings and wait for the new settings to propogate.

    The one thing I do know is that the "Recursive" option is not readily available in 10.7 as it was in 10.4. Is there a secret to allowing recursive in 10.7?

    Really? It looks the same to me.


    Server Admin -> (server) -> DNS -> Settings -> Accept recursive queries from the following networks:


    Add your local subnet to this list and the server will recursively answer lookups for your LAN clients.

  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Feb 3, 2012 11:25 AM (in response to jimfromma)

    If this is internal then there's no real issue - even if I learn, for example, that your internal DNS server is at it means nothing - I can't hit that, query it, or wean any information from it.


    If you want to mask your domain name, that's fine.


    The example you posted, though, doesn't help - you just ran 'dig' but didn't query any hostname, so all it returned were the public root servers (that everyone knows). Please re-post with examples of querys against both your own domains and a public/external hostname such as

  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Feb 6, 2012 12:19 PM (in response to jimfromma)

    OK, that helps some, but doesn't make too much sense - yet.


    Can you clarify the relationship between the two DNS servers at and Did you change these numbers, or are they your real server addresses?

  • Camelot Level 8 Level 8 (45,670 points)
    Currently Being Moderated
    Feb 7, 2012 12:56 AM (in response to jimfromma)

    So these are public DNS servers? serving your .internal domain? and you work for Sun/Oracle (because that's who 'owns' the 192.9.x.x network)?


    From the data posted so far I'm going to hazard a guess that the .4 server is configured to use .5 as a forwarder, so queries to .4 are being passed to .5 for resolution. That's just a guess, though. It certainly points to some configuration error, but it's going to be hard to troubleshoot that without revealing more about your network/server setup than you might be comfortable with.


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.