Snow leopard broke my dns

Update: I edited my network location, made some changes, applied them, then changed everything back to how it was/should be and applied changes again. Since then, all seems well. Will post back if the problem re-occurs.

Update 2: Problem re-occurred. Changing Network Location / applying changes did not resolve the issue.

Update 3: Having found the thread at http://www.mac-forums.com/forums/os-x-operating-system/164649-snow-leopard-keeps -dropping-dns.html I have removed the second DNS server from my Network Settings, so I am now only pointing at a single DNS server (the one on the LAN). I have been working for several hours now without a re-occurrence of the problem.

This is a workaround rather than a fix, though - if the internal DNS goes down, it would still be desirable for clients to fall back to the DNS forwarder server so that internet use is still possible.

I have an 09 Mac Mini, snow installed, wired to an actiontec modem/wireless, and am getting loads of DNS errors. From the sys logs on the mini, it looks like scary port scanning, all coming stealth from... the two IPs supplied to my Mini's network DNS settings from my modem... my modem's inside IP, and my primary ISP's DNS server, coming from port 53 to various ports, mostly in the 5000s, on the Mini. On the modem log, it's all DNS errors, "no response for DNS request..," All DNS servers tried, no response,"failed DNS request len..". Testing the modem with ping and such, I find IPs do well, but URLs do nothing... and yet... I am having no issues that I've been aware of in surfing. Pages come, and come quickly. I have the network settings on the Mini on auto. *Is it good to have the modem/gateway internal IP as the first DNS IP in the settings, or should I nix that and just put in the primary and secondary IPS server IPs?* Perhaps, since I don't seem to be having any problems except for "stealth attempt" notices and DNS failures logged, perhaps I should not worry. It just works, right? Still, how could it be working, and not working? I have all sharing turned off and the Mini's firewall on, so I wonder where all these DNS requests that aren't being answered, but that aren't affecting my ability to stay connected and surf, are coming from. The DNS failures and late "stealth attempts" are most likely dropped queries, or late-returning answers to queries instigated by my Mini. Also, unrelated, anyone had a post snow install *freeze when logging out of a user account*, standard or admin? Three power button shut downs because of this yesterday. Beachball, and can't even get in to see and stop what's hanging it up.

i'm not sure this question is 'answered'. there's been two issues discussed. needing to clear manual DNS entries is one thing, and quite basic - but there is still the problem of priority with DHCP supplied DNS.

I don't have manual DNS specified on my macs, i only use DNS handed down via DHCP from my router - the primary DNS for clients is specified as an internal OS X server and secondary dns would simply be the router connecting to the outside world (using openDNS). so on my LAN i'd get a look up of my internal servers and alias locally before then querying the outside world. it works great with everything except snow leopard.

With snow leopard this fails 90% of the time (worth noting also that roughly 10% of the time it works like its supposed to) - the primary dns is not respected and checked first, my leopard clients simply jump straight to secondary (the router pipe to outside). It's not that my OS X server is failing - my one remaining 10.5.8 client still works everytime, as do windows machines. for 10.6 clients to connect to an internal server i actually have to set up an external DNS reference to 'loop back in' through the WAN interface - not good security wise for intranet interfaces which are meant to be LAN or VPN only.

I'll repeat this isnt that i have manual dns entries which need clearing - there arent any. It's bust in a way I can't fix, I can only try and work around: editing the hostfile - and I really shouldn't have to be doing that - likewise i shouldn't be having to make a separate location for this when DHCP is giving it to me on a plate. Some form of bug acknowledgement would be good here, and an indication of if this will change in 10.6.1.

JrtBloke wrote:
Some form of bug acknowledgement would be good here, and an indication of if this will change in 10.6.1.

Note that we're all users here - Apple does not officially read these boards except to monitor for violations of the Terms of Use.

Apple also historically never acknowledges bugs until they've been fixed.

JrtBloke, does your internal server answer for external names too? I mean, what happens if you query your internal sever for "www.google.com"? What does your internal server return? An error? What error?

Can you post the results of the following Terminal command?

dig www.google.com

Hi Dogg, My internal server is only meant to reference internal systems and aliases - i woudn't expect my internal DNS to resolve google, its an intranet service not internet - internet lookups are meant to go via my router via secondary DNS. it's worked that way for a long time. the whole point of having the internal as primary is that internal systems are resolved on primary first before dns then resolves to secondary which goes straight outside.

so the digg is the same on my server and my clients. Note the server referenced in the dig '192.178.2.1' is the secondary DNS on the LAN - which is the router itself.

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49513
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 604353 IN CNAME www.l.google.com.
www.l.google.com. 133 IN A 216.239.59.103
www.l.google.com. 133 IN A 216.239.59.105
www.l.google.com. 133 IN A 216.239.59.147
www.l.google.com. 133 IN A 216.239.59.99
www.l.google.com. 133 IN A 216.239.59.104

;; Query time: 55 msec
;; SERVER: 192.178.2.1#53(192.178.2.1)
;; WHEN: Sat Sep 5 19:56:54 2009
;; MSG SIZE rcvd: 132

just to follow this up, if I dig an internal name... again it ignores the primary internal DNS (192.178.2.3 btw) and ploughs straight into secondary again, resolving the host from the WAN interface rather than LAN. this is particularly nuts as the name i'm querying here is the internal primary DNS server - and i'm querying from the DNS server itself. the DNS client system ignores the local DNS service and just goes straight for the internet on secondary.

; <<>> DiG 9.6.0-APPLE-P2 <<>> server. xxxx.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11464
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;server.hacs.eu. IN A

;; ANSWER SECTION:
server. xxxx.eu. 76569 IN A 82. xx.xx.xx

;; Query time: 2 msec
;; SERVER: 192.178.2.1#53(192.178.2.1)
;; WHEN: Sat Sep 5 20:01:29 2009
;; MSG SIZE rcvd: 48

OK, can you post the results of "scutil --dns" in Terminal.

here it is from a 10.6 client:

DNS configuration

resolver #1
domain : xxxx.eu
nameserver[0] : 192.178.2.3
nameserver[1] : 192.178.2.1
order : 200000

resolver #2
domain : local
options : mdns
timeout : 2
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 2
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 2
order : 301000

here it is from the LAN osx server (192.178.2.3, the dns service) - as far as i can see its the same - which is to be expected as both machines are receiving their dns server IP's from DHCP - i use mac address reservations rather than fixed IP's.

DNS configuration

resolver #1
domain : xxxx.eu
nameserver[0] : 192.178.2.3
nameserver[1] : 192.178.2.1
order : 200000

resolver #2
domain : local
options : mdns
timeout : 2
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 2
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 2
order : 301000

OK, cool. Can you run this command and send the results. I'm interested in seeing how your internal server responds to a query for google.

*dig www.google.com @192.178.2.3*

from client:

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com @192.178.2.3
;; global options: +cmd
;; connection timed out; no servers could be reached


from server itself:

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com @192.178.2.3
;; global options: +cmd
;; connection timed out; no servers could be reached

OK, so have you ever noticed that in Leopard your Internet connection was hella-slow because every single query was first sent to your internal server which doesn't respond and eventually the querier times out and then moves on to the external server? That seems like a really inefficient way to configure your DNS. Maybe instead you could configure your internal DNS server to itself query the external servers when it doesn't know the answer?

no never found it to be 'slow' at all, in fact quite the reverse it's a pretty nippy network. Os X server's DNS is already set for 'forwarder IP' to point to OpenDNS - but that doesnt work in 10.6 either!