My home network consists of an Airport Extreme connected via ethernet to a fiber / ethernet bridge limited to 100/100 (by the fc/ethernet converter).
After installing snow leopard my dns is broken. Looking from the airport extreme to see which dns servers I received via dhcp and directly doing queries (or ping) to the dns servers works fine. I can also open web pages via ip addresses I receive by directly doing a "dig hostname @dns-server" on the command line.
edit:
Rebooting did not help, but adding opendns nameservers seems to have at least temporarily allowed normal usage.
Update: I edited my network location, made some changes, applied them, then changed everything back to how it was/should be and applied changes again. Since then, all seems well. Will post back if the problem re-occurs.
I did have one of my old ISP's dns servers in the network configuration, so this explains the problem. Naturally it won't resolve for me when using a connection from another ISP.
This is a workaround rather than a fix, though - if the internal DNS goes down, it would still be desirable for clients to fall back to the DNS forwarder server so that internet use is still possible.
I have an 09 Mac Mini, snow installed, wired to an actiontec modem/wireless, and am getting loads of DNS errors. From the sys logs on the mini, it looks like scary port scanning, all coming stealth from... the two IPs supplied to my Mini's network DNS settings from my modem... my modem's inside IP, and my primary ISP's DNS server, coming from port 53 to various ports, mostly in the 5000s, on the Mini. On the modem log, it's all DNS errors, "no response for DNS request..," All DNS servers tried, no response,"failed DNS request len..". Testing the modem with ping and such, I find IPs do well, but URLs do nothing... and yet... I am having no issues that I've been aware of in surfing. Pages come, and come quickly. I have the network settings on the Mini on auto. *Is it good to have the modem/gateway internal IP as the first DNS IP in the settings, or should I nix that and just put in the primary and secondary IPS server IPs?* Perhaps, since I don't seem to be having any problems except for "stealth attempt" notices and DNS failures logged, perhaps I should not worry. It just works, right? Still, how could it be working, and not working? I have all sharing turned off and the Mini's firewall on, so I wonder where all these DNS requests that aren't being answered, but that aren't affecting my ability to stay connected and surf, are coming from. The DNS failures and late "stealth attempts" are most likely dropped queries, or late-returning answers to queries instigated by my Mini. Also, unrelated, anyone had a post snow install *freeze when logging out of a user account*, standard or admin? Three power button shut downs because of this yesterday. Beachball, and can't even get in to see and stop what's hanging it up.
i'm not sure this question is 'answered'. there's been two issues discussed. needing to clear manual DNS entries is one thing, and quite basic - but there is still the problem of priority with DHCP supplied DNS.
I don't have manual DNS specified on my macs, i only use DNS handed down via DHCP from my router - the primary DNS for clients is specified as an internal OS X server and secondary dns would simply be the router connecting to the outside world (using openDNS). so on my LAN i'd get a look up of my internal servers and alias locally before then querying the outside world. it works great with everything except snow leopard.
With snow leopard this fails 90% of the time (worth noting also that roughly 10% of the time it works like its supposed to) - the primary dns is not respected and checked first, my leopard clients simply jump straight to secondary (the router pipe to outside). It's not that my OS X server is failing - my one remaining 10.5.8 client still works everytime, as do windows machines. for 10.6 clients to connect to an internal server i actually have to set up an external DNS reference to 'loop back in' through the WAN interface - not good security wise for intranet interfaces which are meant to be LAN or VPN only.
I'll repeat this isnt that i have manual dns entries which need clearing - there arent any. It's bust in a way I can't fix, I can only try and work around: editing the hostfile - and I really shouldn't have to be doing that - likewise i shouldn't be having to make a separate location for this when DHCP is giving it to me on a plate. Some form of bug acknowledgement would be good here, and an indication of if this will change in 10.6.1.
JrtBloke, does your internal server answer for external names too? I mean, what happens if you query your internal sever for "www.google.com"? What does your internal server return? An error? What error?
Can you post the results of the following Terminal command?
Hi Dogg, My internal server is only meant to reference internal systems and aliases - i woudn't expect my internal DNS to resolve google, its an intranet service not internet - internet lookups are meant to go via my router via secondary DNS. it's worked that way for a long time. the whole point of having the internal as primary is that internal systems are resolved on primary
first before dns then resolves to secondary which goes straight outside.
so the digg is the same on my server and my clients. Note the server referenced in the dig '192.178.2.1' is the secondary DNS on the LAN - which is the router itself.
;; ANSWER SECTION:
www.google.com. 604353 IN CNAME www.l.google.com.
www.l.google.com. 133 IN A 216.239.59.103
www.l.google.com. 133 IN A 216.239.59.105
www.l.google.com. 133 IN A 216.239.59.147
www.l.google.com. 133 IN A 216.239.59.99
www.l.google.com. 133 IN A 216.239.59.104
just to follow this up, if I dig an internal name... again it ignores the primary internal DNS (192.178.2.3 btw) and ploughs straight into secondary again, resolving the host from the WAN interface rather than LAN. this is particularly nuts as the name i'm querying here is the internal primary DNS server - and i'm querying
from the DNS server itself. the DNS client system ignores the local DNS service and just goes straight for the internet on secondary.
here it is from the LAN osx server (192.178.2.3, the dns service) - as far as i can see its the same - which is to be expected as both machines are receiving their dns server IP's from DHCP - i use mac address reservations rather than fixed IP's.
OK, so have you ever noticed that in Leopard your Internet connection was hella-slow because every single query was first sent to your internal server which doesn't respond and eventually the querier times out and then moves on to the external server? That seems like a really inefficient way to configure your DNS. Maybe instead you could configure your internal DNS server to itself query the external servers when it doesn't know the answer?
no never found it to be 'slow' at all, in fact quite the reverse it's a pretty nippy network. Os X server's DNS is already set for 'forwarder IP' to point to OpenDNS - but that doesnt work in 10.6 either!