Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Lucas Holt
Lucas Holt Author
User level: Level 1
23 points

OS X Lion is randomly having problems resolving hosts via DNS. How do I troubleshoot this?

I'm running Mac OS 10.7.2. It was an upgrade install from Snow Leopard. Several times a day, I am unable to resolve any hosts via DNS. Tried different DNS servers. Release and renew the DHCP release sometimes fixes it. ping always works with IPs.


I've tried flushing the dns cache using this command: dscacheutil -flushcache


My network setup is a bit pecular in that I have a switch then a network run to a Airport Extreme wireless router (but using wired connection) which is in bridge mode then a netscreen firewall that gives out DHCP leases.


Changing the DNS servers doesn't seem to help. I've tried my ISPs, Google, OpenDNS and even running one on a system here. Another system shows some strange ARP traffic where the system thinks the Airport router and the Mac Pro have the same IP address even though they don't (airport is hard coded below the DHCP range) and the MAC addresses aren't even close to identical. I've tested the network cables with a cable tester and they all test good.


I don't have any problems with other computers including another Mac, a Windows based PC and a BSD laptop so I suspect something with the Mac Pro.


I've read online that there have been other reports of DNS lookup problems on upgrades from Snow Leopard, but no resolutions. I'm sure it's possible that it's some other device on the network but I'm at a loss on what to try next. Any ideas would be greatly appreciated.

Mac Pro, Mac OS X (10.7.2), First Gen 2.0Ghz Xeon (2x2) 5GB RAM

Posted on Jan 3, 2012 4:47 PM

Reply
7 replies
User profile for user: asqueella
asqueella
User level: Level 1
0 points

Jan 8, 2012 1:17 PM in response to Lucas Holt

I'm trying to troubleshoot a very similar issue (10.7 not resolving domains intermittently). I have a much simpler network setup though (macbook connected to a netgear router/ADSL modem over wi-fi).


By now I learned that in 10.7 DNS resolution for most apps is done by mDNSResponder, while nslookup, dig, host command-line tools perform use another mechanism for their DNS queries.


So the first thing to do is check whether dig (or another command that doesn't use mDNSResponder) works. If your situation is like mine, dig will work fine, pointing to mDNSResponder as the culprit.


Next I'm going to try listing and clearing mDNSResponder's cache when the problem resurfaces - as HenryAZ on macrumors noticed that cache isn't affected by dscacheutil -flushcache.


To dump a snapshot summary of the internal state (including cache):

sudo killall -INFO mDNSResponder

To flush (clear) DNS cache:

sudo killall -HUP mDNSResponder


I also enabled additional mDNSResponder logging as suggested in man mDNSResponder. We'll see if it shows anything interesting.


P.S. How long is the period during which DNS is broken for you? For me it's less than 5 (maybe 10 tops) minutes each time.

Reply
User profile for user: asqueella
asqueella
User level: Level 1
0 points

Jan 8, 2012 5:13 PM in response to asqueella

With -USR1 logging:

sudo killall -USR1 mDNSResponder

...I get the same log as Coldboot here: https://discussions.apple.com/thread/2132856?answerId=10089723022#10089723022


So mDNSResponder adds a negative record (no address for the domain) to the cache (kDNSRecordTypePacketNegative), as indicated by a minus sign ("-") between "-U-" and "Addr":

441 45 -U- - Addr 0 googlemail.l.google.com. Addr


Now to figure out what reply from my router causes it to do that:

sudo killall -USR2 mDNSResponder
Reply
User profile for user: asqueella
asqueella
User level: Level 1
0 points

Jan 29, 2012 10:20 AM in response to asqueella

In my case the router/ISP occasionally returns a ServFail response, which Lion apparently decides to cache... I also noticed the "AA" (Authoritative Answer) bit, which is usually unset in other (NoErr and NXDOMAIN) responses, not sure what's up with that.


I should probably try switching the DNS provider to see if the problem persists, but curiously enough, the problem almost disappeared after I started debugging it 🙂


Jan 29 19:22:09 alfie mDNSResponder[14]: -- Sent UDP DNS Query (flags 0100) RCODE: NoErr (0) RD ID: 30929 16 bytes from port 53694 to 192.168.1.1:53 --
Jan 29 19:22:09 alfie mDNSResponder[14]:  1 Questions
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 mozdev.org. Addr
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 Answers
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 Authorities
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 Additionals
Jan 29 19:22:09 alfie mDNSResponder[14]: --------------
Jan 29 19:22:09 alfie mDNSResponder[14]: -- Received UDP DNS Response (flags 8582) RCODE: ServFail (2) AA RD RA ID: 30929 16 bytes from 192.168.1.1:53 to 192.168.1.6:53694 --
Jan 29 19:22:09 alfie mDNSResponder[14]:  1 Questions
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 mozdev.org. Addr
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 Answers
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 Authorities
Jan 29 19:22:09 alfie mDNSResponder[14]:  0 Additionals
Jan 29 19:22:09 alfie mDNSResponder[14]: --------------
Jan 29 19:22:10 alfie mDNSResponder[14]:  76: DNSServiceQueryRecord(mozdev.org., Addr) ADD    0 mozdev.org. Addr 
Jan 29 19:22:10 alfie mDNSResponder[14]:  76: Cancel 00000000 00000001
Jan 29 19:22:10 alfie mDNSResponder[14]:  76: DNSServiceQueryRecord(mozdev.org., Addr) STOP
Reply
User profile for user: pvanwylen
pvanwylen
User level: Level 1
4 points

Feb 14, 2012 5:35 AM in response to Lucas Holt

I agree that this is a real problem. Apple needs to fix this as a 5 minute cache for a negative response is, well, bad engineering. Exponential backoff might be more appropriate. Try, wait 1 second, try again, wait 2 seconds, then 4, etc. But caching a negative response for 5-10 minutes is just crazy.


I'm having this issues all the time and mostly it happens with google services. My gmail will freeze up for 10 minutes, then my google search, then google maps. It's only ever one service at a time that freezes up, but after some investigation I've found that it's for sure a DNS issues with mDNSResponder.

Reply
User profile for user: Lucas Holt
Lucas Holt Author
User level: Level 1
23 points

Feb 14, 2012 5:49 AM in response to pvanwylen

I've noticed that in my case, renewing the DHCP lease seems to start activity up again. I don't think it's a DHCP problem directly because the timeouts also seem to happen if I assign static IPs. I'm guessing that the cache is flushed when the lease is renewed.


Just for fun, I've setup mDNSResponder on my BSD box. I haven't seen this problem with mDNSResponder 330.10 on that machine, but it can fallback to the traditional resolver too.


I've also seen this problem happen on my Apple TV occasionally, but not nearly as frequently.


One theory I have is that apple is caching a negative response if a DNS request is not returned at all. I think that my firewall might be blocking some requests and then OS X is assuming the server does not exist rather than trying again.

Reply

OS X Lion is randomly having problems resolving hosts via DNS. How do I troubleshoot this?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up