Currently Being ModeratedMar 24, 2011 3:03 AM (in response to leo.xue)I have exact same problem but found no solution. Do you have this issue continuously or intermittently?MacMini, Mac OS X (10.6.7)
Currently Being ModeratedMar 24, 2011 6:49 AM (in response to tyrol25)Shut off IPv6 DNS networking and try again.
That probably easiest via System Preferences > Network > select controller > Advanced ... > TCP/IP > Configure IPv6 > Off. (There's also a way to shut it off for BIND at launch time via tweaking the startup plist, but let us not go there first.)
The "DNS after reducing the advertised EDNS UDP packet size to 512" stuff is a problem with an intervening DNS server, or the path to a DNS server. If there are forwarding servers configured, remove them and remove the references. There is probably a broken firewall/gateway/router box here (or more?) that are blocking UDP packet fragments, or that are blocking UDP packets larger than 512 bytes, etc.
Currently Being ModeratedMar 28, 2011 3:27 AM (in response to MrHoffman)Mr. Hoffman,
Thank you for the advice. At least in my case, shutting off IPv6 and deleting the forwarding DNS servers didn't solve the issue. Only after replacing the Airport Extreme Base Station with another router (D-Link) the problem appears to have disappeared. The AEBS is still under warranty so I'll be contacting Apple about this.
Thanks again for your suggestions!iMac, Mac OS X (10.6.6)
Currently Being ModeratedApr 21, 2011 8:01 PM (in response to MrHoffman)
Turning off IPv6 doesn't seem to make any difference for me, either--some of the failures are AAAA records, but A queries are equallt unresolvable. For me, the problem seems to be caused by a Time Warner Ubee router that doesn't like DNS requests larger than 512 bytes, combined with the fact that Snow Leopard's DNS resolver *really* wants to use EDNS & provides no mechanism to turn it off.
(yes, I know it's "TWC's problem", but it's affecting *me*, and I'd like to fix it (well, implement a workaround) in less time than TWC is likely to take)
Currently Being ModeratedApr 21, 2011 8:20 PM (in response to Heath Roberts)
It may be early to declare victory, but it appears that forcing bind to port 53 per the comment in /etc/named.conf:
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
// query-source address * port 53;
(i.e. take out those two slashes in front of "query-source address")
I'll have to do tcpdump some traffic sometime to see whether bind is still sending EDNS requests.
Currently Being ModeratedApr 22, 2011 7:57 AM (in response to Heath Roberts)
Are you using DNS forwarding on your DNS server? If so, shut that off and run some tests. (DNS forwarders from within a DNS server is generally only necessary for DNS caching servers or when you're using a DNS-based nanny filter or such.)
Currently Being ModeratedSep 6, 2011 3:03 PM (in response to leo.xue)
I had the same error messages. I found the problem in faulty network settings of the server: wrong router-IP-address. DNS-IP was right but the DNS-requests of the server didn't find their way to the nameserver.
Currently Being ModeratedAug 9, 2013 1:19 PM (in response to Olaf Seifert)
also interesting, when setting DNS servers IPs in Network Settings for your host,
it is important that the IPs are not doubled.
in example if you have Networksettings like
automatic DHCP given from router or server.
Router IP: 192.168.2.1
DNS-Server: 127.0.0.1, 192.168.2.2
wich means localhost and again same machine, just different IP..
then your lookup mechanism has to walk thru this steps to know if there is nothing inside to resolve adresses.
which means in this example it would take double the time if DNS-Server would be just 127.0.0.1
you can see if there is a lot to work thru in your logs.
look for something like "sizing zone task pool based on 9 zones".
this mount of zones will change if you set the correct DNS server IP.
more zones are slower than less, very logical!
but this will not solve your problem with packet size at all, it just reduces circles after dns resolves not known adresses even with packet size change.