Snow leopard broke my dns

So your DNS server is running Snow Leopard Server?

I've seen this broken DNS situation on a number of machines upgraded to SL, on various kinds of home and corporate-style networks. It's definitely a bug in SL.

The symptom that I see is simply that a dig will work on a DNS name just fine, returning the proper IP address. However any other command that uses the DNS name (curl, ping, any GUI app like Safari, etc) will claim that the DNS name won't resolve. Obviously bogus and a bug.

I tried various things, including dscacheutil -flushcache, fooling with the network settings, Locations, etc, and some would provide a temporary workaround, usually with some disruption.

However, I happened across a Parallels support topic that provided what seems like a sure-fire workaround, either temporary or longer-lasting, until Apple fixes this bug.

The basic workaround is to issue the command +sudo killall mDNSResponder+ at the Terminal prompt when this issue occurs, and all starts working properly.

The Parallels support article has steps to make it a permanent workaround if desired, until Apple fixes it: http://kb.parallels.com/en/6651

JohnDCCIU, can you run the Terminal command "scutil --dns" and post the results?

Sure.

----------- Work system (LAN) ----------

$ scutil --dns
DNS configuration

resolver #1
nameserver[0] : 204.108.129.19
nameserver[1] : 204.108.129.18
nameserver[2] : 204.108.253.95
order : 200000

resolver #2
domain : local
options : mdns
timeout : 2
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 2
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 2
order : 301000

----------- Home System (wireless to FiOS) ----------------

$ scutil --dns
DNS configuration

resolver #1
nameserver[0] : 10.0.1.1
order : 200000

resolver #2
domain : local
options : mdns
timeout : 2
order : 300000

resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 2
order : 300200

resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300400

resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300600

resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 2
order : 300800

resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 2
order : 301000

OK, well your home machine looks pretty standard. Your work machine has three DNS severs but the first two don't seem to work (at least not from here). Do you know if those might only work when connected to your work network? What happens if you enter in "204.108.253.95" as the only DNS server in Network pref pane?

The first two DNS servers are our internal ones and they only work from inside our network.

I'll try it with 204.108.253.95 only and see what happens.

OK, could you also try this test in Terminal on your work machine and post the results...

*dig www.google.com @204.108.129.19*

Sure, here it is:

$ dig www.google.com @204.108.129.19

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.google.com @204.108.129.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56859
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 50757 IN CNAME www.l.google.com.
www.l.google.com. 276 IN A 64.233.169.103
www.l.google.com. 276 IN A 64.233.169.104
www.l.google.com. 276 IN A 64.233.169.147
www.l.google.com. 276 IN A 64.233.169.99

;; Query time: 2 msec
;; SERVER: 204.108.129.19#53(204.108.129.19)
;; WHEN: Sun Sep 6 03:00:26 2009
;; MSG SIZE rcvd: 116

OK, that looks good. Is it possible that only hostnames that are on your internal network are failing sometimes? Or do you also see public web sites failing too?

I think you have something there. Looking back at my Terminal History as I was encountering this issue since updating to SL, it does appear to be affecting all hostnames belonging to my own domain. Some of the resulting IP addresses are public and routable, others NATted addresses, but all the names are in our own domain.

OK, can you run a couple more Terminal commands on the work computer? What does this return?

*echo "show Setup:/Network/Global/IPv4" | scutil*

$ echo "show Setup:/Network/Global/IPv4" | scutil
<dictionary> {
ServiceOrder : <array> {
0 : FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F
1 : 11410BD0-8931-4361-B729-016EA93847C9
2 : 2D3080AD-D957-4855-9B6E-EF1A1F91ADBA
3 : 5968CC83-3722-46A5-98C0-CC0F4D526C80
4 : 52FE3DD3-C860-4B53-BADF-00A1ED43787A
5 : A6512522-8B8C-449D-8412-36E662B980ED
6 : 841953A8-874C-42C0-B76B-404EAB64DB9D
}
}

OK, so hoping that the first service is the one you're using, run these two commands at work and post the results.

*echo "show State:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/DNS" | scutil*
*echo "show Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/DNS" | scutil*

There have clearly been changes in how Snow Leopard applications respond to DNS queries in which multiple IP addresses are returned. It appears that if: 1) Multiple IP addresses are returned from a DNS query, 2) At least one of the IP address is 'reachable' and 3) Other IP address are not 'reachable' that Snow Leopard applications may fail to test each IP address and reach a time out condition in which no connection is made. This would explain why Snow Leopard fails to connect to my personal Mail Server when connected to the LAN, but is able to connect when on the WAN. (Multiple IP addresses are returned on my LAN, but only one is returned when connected to the WAN.)

Here are the results of some tests to document the differences utilizing the "host" and "telnet" commands under various scenarios.

Environment:

Outside my LAN, I use DYNDNS to control my domain so that mail.mydomain.com resolves to the (1.2.3.4), the WAN IP Address for my Mail Server.

Inside my LAN, I use a "DNS Forwarder" allowing me to "shadow" mail.mydomain.com so that it resolves to (192.168.0.3), the LAN IP Address of my Mail Server.

On both my Leopard and Snow Leopard Boxes, I deleted all Network Locations and created two new Network Locations called "Automatic" and "Manual". Defined as follows:

1) Automatic: DHCP server provides, IP address, DNS Server and Search Domain (mydomain.com)
2) Manual: Manual designation of the above BUT NOT SEARCH Domain. (It is left blank.)


==============================
Test Results for "host":
==============================


Leopard and Snow Leopard Boxes (Output on both OS's are the same)
==============================
Manual Network Location:

~:$host mail.mydomain.com
mail.mydomain.com has address 192.168.0.3
mail.mydomain.com is an alias for wan.mydomain.com.
mail.mydomain.com is an alias for wan.mydomain.com.

~:$host mail
mail has address 192.168.0.3
--------------------------------------

Automatic Network Location:

~:$host mail.mydomain.com
mail.mydomain.com has address 192.168.0.3
mail.mydomain.com is an alias for wan.mydomain.com.
mail.mydomain.com is an alias for wan.mydomain.com.

~:$host mail
mail.mydomain.com has address 192.168.0.3
mail.mydomain.com is an alias for wan.mydomain.com.
mail.mydomain.com is an alias for wan.mydomain.com.
--------------------------------------



==============================
Test Results for "telnet":
==============================

Snow Leopard Box
==============================
Manual Network Location:

(Initially)
~:$telnet mail.mydomain.com 995
Trying 192.168.0.3...
Connected to mail.mydomain.com.

(15 seconds later)
~:$telnet mail.mydomain.com 995
Trying 1.2.3.4...
telnet: connect to address 1.2.3.4: Operation timed out

(No change with time)
~:$telnet mail 995
Trying 192.168.0.3...
Connected to mail.
--------------------------------------

Automatic Network Location:

(Initially)
~:$telnet mail.mydomain.com 995
Trying 192.168.0.3...
Connected to mail.mydomain.com.

(15 seconds later)
~:$telnet mail.mydomain.com 995
Trying 1.2.3.4...
telnet: connect to address 1.2.3.4: Operation timed out

(Initially)
~:$telnet mail 995
Trying 192.168.0.3...
Connected to mail.

(15 seconds later)
~:$telnet mail.mydomain.com 995
Trying 1.2.3.4...
telnet: connect to address 1.2.3.4: Operation timed out
--------------------------------------

Conclusions:

1) All telnet connections eventually fail except the the Manual Network Location with a non-FQDN. What is noteworthy is that this is the only scenario in which a "host" query returns only a single IP Address. All other scenarios returned multiple IP addresses.

2) I've tried connecting from my Snow Leopard box to different services and different boxes on my LAN with the same results, i.e., all connections eventually fail if there are more than a single IP address returned from a DNS query. (This is the reason that my Mail Application fails to connect on Snow Leopard box inside my LAN, but connects on the outside just fine -- only one IP address is returned.)

3) I've also been able to connect from my Snow Leopard box to different services and boxes if I specify the IP address rather than the name of the box.

3) There must have been some change with how Snow Leopard applications respond to DNS queries in which there are multiple IP addresses returned.

The only service with a DNS subkey is the second service, and only for Setup, not State. So the first service just gives "No such key" for both State and Setup, while the second give "No such key" for State. The Setup return for the second key is below, along with the full list of subkeys if you need them.

$ echo "show Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/DNS" | scutil
<dictionary> {
ServerAddresses : <array> {
0 : 204.108.129.19
1 : 204.108.129.18
2 : 204.108.253.95
}
}

$ echo "list" | scutil
subKey [0] = Plugin:IPConfiguration
subKey [1] = Plugin:InterfaceNamer
subKey [2] = Setup:
subKey [3] = Setup:/
subKey [4] = Setup:/Network/Global/IPv4
subKey [5] = Setup:/Network/HostNames
subKey [6] = Setup:/Network/Interface/en2/AirPort
subKey [7] = Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9
subKey [8] = Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/AppleTalk
subKey [9] = Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/DNS
subKey [10] = Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/IPv4
subKey [11] = Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/Interface
subKey [12] = Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/Proxies
subKey [13] = Setup:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/SMB
subKey [14] = Setup:/Network/Service/2D3080AD-D957-4855-9B6E-EF1A1F91ADBA
subKey [15] = Setup:/Network/Service/2D3080AD-D957-4855-9B6E-EF1A1F91ADBA/IPv4
subKey [16] = Setup:/Network/Service/2D3080AD-D957-4855-9B6E-EF1A1F91ADBA/IPv6
subKey [17] = Setup:/Network/Service/2D3080AD-D957-4855-9B6E-EF1A1F91ADBA/Interface
subKey [18] = Setup:/Network/Service/2D3080AD-D957-4855-9B6E-EF1A1F91ADBA/Proxies
subKey [19] = Setup:/Network/Service/52FE3DD3-C860-4B53-BADF-00A1ED43787A
subKey [20] = Setup:/Network/Service/52FE3DD3-C860-4B53-BADF-00A1ED43787A/IPv4
subKey [21] = Setup:/Network/Service/52FE3DD3-C860-4B53-BADF-00A1ED43787A/IPv6
subKey [22] = Setup:/Network/Service/52FE3DD3-C860-4B53-BADF-00A1ED43787A/Interface
subKey [23] = Setup:/Network/Service/52FE3DD3-C860-4B53-BADF-00A1ED43787A/Proxies
subKey [24] = Setup:/Network/Service/5968CC83-3722-46A5-98C0-CC0F4D526C80
subKey [25] = Setup:/Network/Service/5968CC83-3722-46A5-98C0-CC0F4D526C80/IPv4
subKey [26] = Setup:/Network/Service/5968CC83-3722-46A5-98C0-CC0F4D526C80/IPv6
subKey [27] = Setup:/Network/Service/5968CC83-3722-46A5-98C0-CC0F4D526C80/Interface
subKey [28] = Setup:/Network/Service/5968CC83-3722-46A5-98C0-CC0F4D526C80/Proxies
subKey [29] = Setup:/Network/Service/841953A8-874C-42C0-B76B-404EAB64DB9D
subKey [30] = Setup:/Network/Service/841953A8-874C-42C0-B76B-404EAB64DB9D/Ethernet
subKey [31] = Setup:/Network/Service/841953A8-874C-42C0-B76B-404EAB64DB9D/IPv4
subKey [32] = Setup:/Network/Service/841953A8-874C-42C0-B76B-404EAB64DB9D/IPv6
subKey [33] = Setup:/Network/Service/841953A8-874C-42C0-B76B-404EAB64DB9D/Interface
subKey [34] = Setup:/Network/Service/841953A8-874C-42C0-B76B-404EAB64DB9D/Proxies
subKey [35] = Setup:/Network/Service/A6512522-8B8C-449D-8412-36E662B980ED
subKey [36] = Setup:/Network/Service/A6512522-8B8C-449D-8412-36E662B980ED/Ethernet
subKey [37] = Setup:/Network/Service/A6512522-8B8C-449D-8412-36E662B980ED/IPv4
subKey [38] = Setup:/Network/Service/A6512522-8B8C-449D-8412-36E662B980ED/IPv6
subKey [39] = Setup:/Network/Service/A6512522-8B8C-449D-8412-36E662B980ED/Interface
subKey [40] = Setup:/Network/Service/A6512522-8B8C-449D-8412-36E662B980ED/Proxies
subKey [41] = Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F
subKey [42] = Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/IPv4
subKey [43] = Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/IPv6
subKey [44] = Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/Interface
subKey [45] = Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/Modem
subKey [46] = Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/PPP
subKey [47] = Setup:/Network/Service/FA8BA677-2DFD-48AE-8F5C-80E7E1D38C8F/Proxies
subKey [48] = Setup:/System
subKey [49] = State:/IOKit/Power/CPUPower
subKey [50] = State:/IOKit/PowerManagement/Assertions
subKey [51] = State:/IOKit/PowerManagement/CurrentSettings
subKey [52] = State:/IOKit/PowerManagement/SystemLoad
subKey [53] = State:/IOKit/PowerManagement/SystemLoad/Detailed
subKey [54] = State:/Network/Global/DNS
subKey [55] = State:/Network/Global/IPv4
subKey [56] = State:/Network/Global/Proxies
subKey [57] = State:/Network/Global/SMB
subKey [58] = State:/Network/Interface
subKey [59] = State:/Network/Interface/en0/IPv4
subKey [60] = State:/Network/Interface/en0/Link
subKey [61] = State:/Network/Interface/en1/Link
subKey [62] = State:/Network/Interface/en3/IPv4
subKey [63] = State:/Network/Interface/en3/IPv6
subKey [64] = State:/Network/Interface/en3/Link
subKey [65] = State:/Network/Interface/en4/IPv4
subKey [66] = State:/Network/Interface/en4/IPv6
subKey [67] = State:/Network/Interface/en4/Link
subKey [68] = State:/Network/Interface/fw0/Link
subKey [69] = State:/Network/Interface/lo0/IPv4
subKey [70] = State:/Network/Interface/lo0/IPv6
subKey [71] = State:/Network/MulticastDNS
subKey [72] = State:/Network/PrivateDNS
subKey [73] = State:/Network/Service/11410BD0-8931-4361-B729-016EA93847C9/IPv4
subKey [74] = State:/Network/Service/841953A8-874C-42C0-B76B-404EAB64DB9D/IPv4
subKey [75] = State:/Network/Service/A6512522-8B8C-449D-8412-36E662B980ED/IPv4
subKey [76] = State:/Users/ConsoleUser
subKey [77] = com.apple.DirectoryService.NotifyTypeStandard:DirectoryNodeAdded
subKey [78] = com.apple.network.identification