Snow Leopard mini having DNS issues

Hi

We are having an issue with our 10.6 iMac's... We bind them to our windows 2003 domain ' *.local' with no problems. After a few hours it will say in the directory utility it can't connect to the Active Directory Domain.

We had this problem our 10.5 iMac's but got round it by disabling Bonjour. With 10.6 if we disable Bonjour we get no internet access!!

Will configuring the SOA record in our Zone File help us? If so how will I go about changing it? If not anyone have any ideas?

Paul

Sadly, I also have this problem, but from a slightly different perspective. My Mac VPN client inserts additional resolvers in the /etc/resolv.conf

as it seems to be switching the resolver used, my local DNS server is unable to resolve the name for a host that is on the VPN network, which fails.

real pest. Keen to find a workaround to this issue.

I'm experiencing a similar DNS or Bonjour problem here, too.

All lookups to my ".local" names are not given to Bonjour, but to my ISP's DNS server. There were no changes to the network but only upgrading my Macs to Snow Leopard 10.6.1 from Leopard. Everything used to work just fine. I've upgraded both a MacBook Pro and a Mac mini which give me exactly the same behavior.

I have tried several things and I made an observation: My ISP's DNS server is broken giving me identical CNAME RR to any unresolvable names. If I change to use a saner DNS server, e.g. OpenDNS, my ".local" names work normal again.

With a broken DNS server (which doesn't fail on unknown names) I can't even ping myself:
------
$ hostname -f
book.local
$ ping -c1 book.local
PING kdn.ktguide.com (61.110.21.165): 56 data bytes

--- kdn.ktguide.com ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
$ dig book.local

; <<>> DiG 9.6.0-APPLE-P2 <<>> book.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61841
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;book.local. IN A

;; ANSWER SECTION:
book.local. 43200 IN CNAME kdn.ktguide.com.
kdn.ktguide.com. 32 IN A 61.110.21.165

;; AUTHORITY SECTION:
ktguide.com. 692 IN NS ns1.ktguide.com.
ktguide.com. 692 IN NS ns2.ktguide.com.

;; ADDITIONAL SECTION:
ns1.ktguide.com. 1622 IN A 211.45.157.64
ns2.ktguide.com. 125192 IN A 211.45.158.64

;; Query time: 12 msec
;; SERVER: 168.126.63.1#53(168.126.63.1)
;; WHEN: Wed Sep 23 21:53:35 2009
;; MSG SIZE rcvd: 141

$ dig non-existent.local

; <<>> DiG 9.6.0-APPLE-P2 <<>> non-existent.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61877
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;non-existent.local. IN A

;; ANSWER SECTION:
non-existent.local. 43200 IN CNAME kdn.ktguide.com.
kdn.ktguide.com. 28 IN A 61.110.21.165

;; AUTHORITY SECTION:
ktguide.com. 688 IN NS ns2.ktguide.com.
ktguide.com. 688 IN NS ns1.ktguide.com.

;; ADDITIONAL SECTION:
ns2.ktguide.com. 156433 IN A 211.45.158.64

;; Query time: 13 msec
;; SERVER: 168.126.63.1#53(168.126.63.1)
;; WHEN: Wed Sep 23 21:53:39 2009
;; MSG SIZE rcvd: 133

$ scutil --dns
DNS configuration

resolver #1
domain : mazic.org
nameserver[0] : 168.126.63.1
nameserver[1] : 168.126.63.2
order : 200000

resolver #2
domain : local
options : mdns
timeout : 2
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 2
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 2
order : 301000
------



If I switch to a saner DNS server which gives me NXDOMAIN, ".local" name resolution comes back. (after waiting some short period; maybe after cache's flushed?)
------
$ networksetup -setdnsservers Ethernet 208.67.222.222 208.67.220.220
cp: cannot create regular file `/Library/Preferences/SystemConfiguration/preferences.plist.old': Permission denied
$ ping -c1 book.local
PING book.local (192.168.23.6): 56 data bytes
64 bytes from 192.168.23.6: icmp_seq=0 ttl=64 time=0.036 ms

--- book.local ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.036/0.036/0.036/0.000 ms
$ dig book.local

; <<>> DiG 9.6.0-APPLE-P2 <<>> book.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56389
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;book.local. IN A

;; Query time: 158 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Sep 23 22:16:55 2009
;; MSG SIZE rcvd: 28

$ dig non-existent.local

; <<>> DiG 9.6.0-APPLE-P2 <<>> non-existent.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30156
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;non-existent.local. IN A

;; Query time: 170 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Sep 23 22:17:15 2009
;; MSG SIZE rcvd: 36

$ ping -c1 maru.local
PING maru.local (192.168.23.3): 56 data bytes
64 bytes from 192.168.23.3: icmp_seq=0 ttl=64 time=0.357 ms

--- maru.local ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.357/0.357/0.357/0.000 ms
$ scutil --dns
DNS configuration

resolver #1
domain : mazic.org
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
order : 200000

resolver #2
domain : local
options : mdns
timeout : 2
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 2
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 2
order : 301000
$
------
("book" is my MacBook Pro and "maru" is my Mac mini.)

I hope they fix it soon as well. I don't run a home dns server. I do connect to our work vpn though, and have to have their internal dns servers assigned to resolve anything on the internal work network. In Leopard putting the internal work dns servers first worked fine. Now, I have this same problem. 99% of the time it can't ssh to hostnames at work and I have to ssh to the ip addresses.

Hi netJ. Your issue is pretty different from the rest. Your ISP is returning bogus DNS responses for .local names and it's breaking Bonjour. You should contact your ISP and ask them to stop doing this. Specifically, see how the following DNS queries are returning answers.

*dig -t soa local @168.126.63.1*
*dig foobar.local @168.126.63.1*

These queries should not be returning answers. No matter which .local name you query for, your ISP always returns the IP address for kdn.ktguide.com. That's messed up.

Snoop Dogg, Thanks for your explanation.

Sadly, my ISP does return bogus results for those two. I guess the only option left for me is to explicitly use another public server like OpenDNS. It's a very energy wasting job to contact technical people at my ISP.

;; ANSWER SECTION:
local. 43200 IN SOA kns.kornet.net. domain.ns.kornet.net. 2007102500 43200 3600 604800 43200

However, the funny thing is that all .local names used to work fine in Leopard even though my ISP was still broken then.

As mentioned by many others, I think so that Snow Leopard started to use all available DNS servers and uses a reasonable response from any of them.

I am having the same issues on 10.6.1 Server. Turning off the IPv6 helps for a little while and then the DNS issues return. Rebooting also makes the issues disappear for a while. I really hope that Apple issues a fix for this soon. Its really annoying. 😟

Any word on the rumored 10.6.2 fixing this DNS issue?

Due this bug I reconfigured my DHCP to push just one DNS server and I do not know what happened today, but it stops resolving my domains when they are without TLD. It works few minutes after turning off/on the interface and than I need to use host.home. This is really annoying and I hope 10.6.2 will fix this.

I encourage those of you for whom this causes difficulties to contact AppleCare about your issue.

The number of complaints about an issue is one of the factors in how Apple assigns engineers to issues.

I was having DNS problems with Snow Leopard and tried a ton of stuff to fix it. I finally got it fixed.

My problem had nothing to do with DNS. To find the problem, I ran a "verify disk" in Disk Utility and found a Invalid Sibling Link. I followed the instructions at http://www.macosxhints.com/article.php?story=20070204093925888. Basically, it says run fsck_hfs -r /dev/disk0s2 while booting from the install CD and unmounting the drive. I had to run fsck_hfs -f /dev/disk0s2 before the problem was fixed. The disk was successfully repaired, and I am back on the internets.

Even if you don't have a "Invalid Sibling Link" error but you do have some other error on the disk, try just doing a "repair disk" in Disk Utility.

I really hope this helps someone out.

Can anyone tell me if this is fixed in 10.6.2 (released today?). And/or what the apple bug ID is?

Thanks!

Tthis is still a problem for me after updating to 10.6.2. Any one else?

The mDNSResponder ordering issue, if that's what you're referring to, is not addressed in Mac OS X 10.6.2.

Apple Bug ID numbers won't do you any good, as only the original creator of a bug or Apple employees can see their status, thus we've no idea whether it is actively being investigated as an issue or if it's been long since closed as "Behaves correctly."

-I have a Snow Leopard DNS for local DNS on my LAN. I use OpenDNS for all other requests.
-I have an airport extreme configured with my SL server as the first DNS entry and OpenDNS as the second entry. The search domain is the fully qualified domain of the SL server.
-PC's and iPhone follow the rules and always use SL server as primary DNS lookups.
-SL machines don't follow the rules it works some of the time but other times SL machines will use my alternate DNS source instead of SL.
-I have configured an alternate DNS lookup in my Airport because I like my SL server to go to sleep at night.
-Any suggestions how I can get my SL machine to always look to SL Server first?
-There are occasions when my SL machines aren't using SL server for resolution that for some reason I can't even ping the IP of the SL Server. I find this behavior very odd. I usually just end up rebooting my Airport but it is really annoying.