Snow Leopard mini having DNS issues

Hi garion. It's strange, I never see any query for "sx280-2" in your logs. The only query I see is for "sx280-2.local." because it appends your search domain to the end. This looks like a definite bug in SnowLeopard. Apparently you can't search for any single label unqualified domain names. I think I found a work around. You need to put a dot at the end of the query. Try this...

ping sx280-2.

Hi jmarsan,

I set mine to 300 sec to test and it still seems to work fine, so it looks like this particular problem only occurs with large TTL values (some experiments; 1.700.000 sec still works, 1.800.000 sec fails).

Similar issues here. Just installed 10.6 on my client machine. DNS server for the local network hosted on 10.5.8 Server. DNS queries come and go throughout the day. At one point it forced me to logout. Applies at least to ping/ssh. DNS settings on 10.5.8 Server via Server Admin show TTL's at default values (zone is valid for 3 hours, zone data expires 168 hours after refreshing, etc). Has a bug been filed?

I was having DNS issues so I figured I'd share how I resolved my issue. I had manual IP with DHCP and DNS was dropping in and out. We have a local DNS server (windows 2003 based) on our network and DHCP is set to that server and two other external servers.

I switched over to manual IP and put in just the local DNS and now everything seems to work. I don't know how DHCP (no manual address) would work with multiple DNS servers.

It seems like my problem isn't TTL related. In my case when the problem occurs the DNS Server entries are swapped. Our DHCP setup serves out two DNS server addresses - one local and one outside of our network. When things are working if you run:

sudo killall -INFO mDNSResponder

(following directions in an earlier posting) I get a response of:

system.log:Sep 2 13:29:38 john mDNSResponder[29]: --------- DNS Servers ----------
system.log:Sep 2 13:29:38 john mDNSResponder[29]: DNS Server . 192.168.168.240:53
system.log:Sep 2 13:29:38 john mDNSResponder[29]: DNS Server . 207.191.50.10:53

But if I do the same when things aren't working I get:

system.log:Sep 2 13:57:53 john mDNSResponder[29]: --------- DNS Servers ----------
system.log:Sep 2 13:57:53 john mDNSResponder[29]: DNS Server . 207.191.50.10:53
system.log:Sep 2 13:57:53 john mDNSResponder[29]: DNS Server . 192.168.168.240:53

In my case, I just close the lid on my MPB wait a few seconds, open it back up and I'm back in business. Somehow the entries are getting swapped so when I try looking up a local address it (obviously?) fails when trying to use the remote server.

I also am having DNS problems. I disabled IPV6 locally, I made sure it was not running on my AD DNS server (which is the primary DNS for the LAN), I made sure my laptop DNS ONLY used the address for the local DNS, and still the problems persist, only we are using a content filter application that uses DNS queries to allow or block access. Everyoen with Snow Leopard are not getting filtered! Everyone without it IS getting properly filtered.

Face it guys, Snow Leopard is doing some funky things with DNS. And oh btw, I am running a store bought copy of Snow Leopard so it's not one of the hackware ones that have DNS changers in them.

But this is not how DNS works. The order that servers appear in /etc/resolv.conf is the order in which they are to be queried. Apple has broken that and needs to fix it.

http://www.kernel.org/doc/man-pages/online/pages/man5/resolver.5.html

Message was edited by: Unix Guru

Right, so pretend that SnowLeopard has the "rotate" option specified by default...

rotate sets RES_ROTATE in _res.options, which causes round robin selection of nameservers from among those listed. This has the effect of spreading the query load among all listed servers, rather than having all clients try the first listed server first every time.

I haven't looked at the source, but I concur with those who've suggested that 10.6 is not respecting the order of DNS servers in /etc/resolv.conf. This is a very bad thing, and Apple's breaking with convention will require me to change how I organize DNS servers on my own net.

If this is the case, I think it really is a bug. Does anyone know how to do the equivalent of a "dig" but based on mDNSReponder so that I can confirm that this really is what is happening?

Here is a "me too" post. I also have DNS-problems on 10.6 when connecting to servers on our local network.

We have a /24 net where all machines are assigned static IP addresses. No NAT. We run two DNS-servers. One on OSX server Tiger and a mirror on a OSX Leopard server. We have two local DNS zones where all users and robots are configured. ie 'bob.company' will resolve to bobs mac. Our upstream ISP also run a DNS.

I have upgraded three Macs to 10.6 and all have similar DNS issues. They are are set up as follows:
* Manually assigned IP-address
* Two DNS servers, first one of our local DNS servers, second our upstream ISPs DNS as a fallback.

Upgrades done with Apple-supplied DVDs (No dogdy pirateware).

Symptoms: "You are not connected to the internet" in Safari or "host unknown" when connecting to servers on our /24 net. Only on the 10.6 Macs. Reaching servers outside our own /24 network seems to work fine.

Workaround: Change DNS-server, swap them, delete one of them or anything similar. It will then work for x hours until the problem shows up again.

Most of our local web-servers have a TTL of 1 hour. I have just changed some of them to 24 hours. It seems to help, but this is a moving target and I cannot say for sure yet.

Nope, this is not working - our colleges and I still get freezes of snow leopard.


dig -t soa local returns:

; <<>> DiG 9.6.0-APPLE-P2 <<>> -t soa local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10454
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;local. IN SOA

;; ANSWER SECTION:
local. 86400 IN SOA me.local. hostmaster.local. 2004804554 14400 3600 3600000 86400

;; AUTHORITY SECTION:
local. 86400 IN NS me.local.

;; ADDITIONAL SECTION:
noc.local. 86400 IN A 192.3.7.111

;; Query time: 7 msec
;; SERVER: 192.35.0.111#53(192.35.0.111)
;; WHEN: Fri Sep 4 13:07:38 2009
;; MSG SIZE rcvd: 104

Hi schmooS, what do you mean by freezes? What exactly isn't working? What specific names are you trying to lookup?

I think I'm having the same problem. I've tried manually putting in the two ISP DNS server addresses, and tried having it only use the (grey) DHCP DNS. At home, DHCP uses the same two, but at (open) cafe hotspots the DNS is usually a 192.168... address.

The symptom is that every 6-10 webpage loads, the browser will take a Very Long Time (over 20 seconds) to load the page (usually saying Contacting <www.whatever.com>), or will eventually say it can't resolve the host name. Retrying usually works the first time, or it may take a couple of retries.

Let me know if you'd like me to run any diagnostic commands. It's a very frustrating problem and nothing I see here looks like a workaround. I'm not running any internal servers so I can't change TTL values or anything.

Hi radellaf, what does the "scutil --dns" command in Terminal return?

It says:
-----------------------
DNS configuration

resolver #1
domain : nc.rr.com
nameserver[0] : 209.18.47.61
nameserver[1] : 209.18.47.62
order : 200000

resolver #2
domain : renard.members.mac.com.
options : pdns
timeout : 5
order : 150000

resolver #3
domain : local
options : mdns
timeout : 2
order : 300000

resolver #4
domain : 254.169.in-addr.arpa
options : mdns
timeout : 2
order : 300200

resolver #5
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300400

resolver #6
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300600

resolver #7
domain : a.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300800

resolver #8
domain : b.e.f.ip6.arpa
options : mdns
timeout : 2
order : 301000
-----------------------------