Having problems with DNS which stops me creating home directories

Question

Level 4

1,481 points

Having problems with DNS which stops me creating home directories

Just recently - I have been unable to create home directores. In looking through the log I see the follwing;

Aug 1 06:00:41 server servermgrd: servermgr_dns: more than one name for the primary IP address, unable to pick one
Aug 1 06:00:41 server servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly

have performed the following:

sudo networksetup -getinfo "Built-in Ethernet"
Manual Configuration
IP address: 195.27.17.85
Subnet mask: 255.255.255.192
Router: 195.27.17.65
IPv6: Automatic
IPv6 Link Local Address: fe80::230:65ff:fe71:6b52
Ethernet Address: 00:30:65:71:6b:52

server:~ admin$ sudo networksetup -getdnsservers "Built-in Ethernet"
Password:
195.27.17.69
217.33.105.40
217.33.105.220

server:~ admin$ host -v 195.27.17.85 ns1.gildhouse.net
Trying "85.17.27.195.in-addr.arpa"
Using domain server:
Name: ns1.gildhouse.net
Address: 217.33.105.40#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14106
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;85.17.27.195.in-addr.arpa. IN PTR

;; ANSWER SECTION:
85.17.27.195.in-addr.arpa. 86175 IN CNAME 85.64-127.17.27.195.in-addr.arpa.
85.64-127.17.27.195.in-addr.arpa. 38400 IN PTR server.clayford.com.

;; AUTHORITY SECTION:
64-127.17.27.195.in-addr.arpa. 38400 IN NS ns3.gildhouse.net.
64-127.17.27.195.in-addr.arpa. 38400 IN NS ns1.gildhouse.net.
64-127.17.27.195.in-addr.arpa. 38400 IN NS ns2.gildhouse.net.

;; ADDITIONAL SECTION:
ns1.gildhouse.net. 38400 IN A 217.33.105.40
ns2.gildhouse.net. 38400 IN A 195.27.17.69
ns3.gildhouse.net. 38400 IN A 217.33.105.220

server:~ admin$ host server.clayford.com
server.clayford.com has address 195.27.17.85

server:~ admin$ host 195.27.17.85
85.17.27.195.in-addr.arpa is an alias for 85.64-127.17.27.195.in-addr.arpa.
85.64-127.17.27.195.in-addr.arpa domain name pointer server.clayford.com.

So it all looks OK to me, or am i missing something. This server started life and 10.4.3 and in now 10.4.7. i recently changed DNS servers in via the nerwork prefs panel. Not sure if that caused the problem or not.

Blue G3, G4, xserv, Mac OS X (10.4.7)

Posted on Jul 31, 2006 10:56 PM

Reply

Answer 1

Tim Harris Author

Level 4

1,481 points

Aug 2, 2006 1:21 AM in response to Tim Harris

I have now booted the server and this is the errors form the syslog file:

Aug 2 09:12:27 localhost lookupd[80]: lookupd (version 369.5) starting - Wed Aug 2 09:12:27 2006
Aug 2 09:12:29 server kernel[0]: UniNEnet::monitorLinkStatus - Link is up at 100 Mbps - Full Duplex
Aug 2 09:12:29 server configd[52]: setting hostname to "server.clayford.com"
Aug 2 09:12:29 server kernel[0]: ATY,Rage128Pd: Not usable
Aug 2 09:12:30 server launchd: Server 2b0b in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[80]: exited abnormally: Hangup
Aug 2 09:12:30 server configd[52]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-net work
Aug 2 09:12:30 server configd[52]: posting notification com.apple.system.config.network_change
Aug 2 09:12:30 server lookupd[86]: lookupd (version 369.5) starting - Wed Aug 2 09:12:30 2006
Aug 2 09:12:32 server /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Aug 2 09:12:32 server mDNSResponder: Adding browse domain local.
Aug 2 09:12:34 server loginwindow[98]: Login Window Started Security Agent
Aug 2 09:12:36 server mDNSResponder: Update kerberos.tcp.SERVER.CLAYFORD.COM. refused
Aug 2 09:12:36 server mDNSResponder: Registration of record kerberos.tcp.SERVER.CLAYFORD.COM. type 33 failed with error -65553
Aug 2 09:12:36 server mDNSResponder: Update kerberos.udp.SERVER.CLAYFORD.COM. refused
Aug 2 09:12:36 server mDNSResponder: Registration of record kerberos.udp.SERVER.CLAYFORD.COM. type 33 failed with error -65553
Aug 2 09:12:36 server mDNSResponder: ERROR: Only name server claiming responsibility for "_kerberos.clayfordserver." is "."!
Aug 2 09:12:39 server servermgrd: servermgr_dns: more than one name for the primary IP address, unable to pick one
Aug 2 09:12:39 server servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly

i have two servers - both have the same problem.

Reply

Answer 2

Tim Harris Author

Level 4

1,481 points

Aug 2, 2006 8:19 AM in response to Tim Harris

I have done some more work on this and it seems clear that 10.4.7 is not able to correctly resolve a reverse address that is returned in the form:

85.17.27.195.in-addr.arpa. 86175 IN CNAME 85.64-127.17.27.195.in-addr.arpa.
85.64-127.17.27.195.in-addr.arpa. 38400 IN PTR server.clayford.com.

Anyone else have this problem?

Reply

Answer 3

Tim Harris Author

Level 4

1,481 points

Aug 2, 2006 11:40 PM in response to Tim Harris

Also, I get this. Anyone else have this response?

host -r server.mydomain.com 127.0.0.1
;; connection timed out; no servers could be reached

Reply

Answer 4

Aug 3, 2006 2:30 AM in response to Tim Harris

"Aug 2 09:12:39 server servermgrd: servermgr_dns: more than one name for the primary IP address, unable to pick one"

server.clayford.com = 195.27.17.85

"Aug 2 09:12:36 server mDNSResponder: ERROR: Only name server claiming responsibility for "_kerberos.clayfordserver." is "."!"

"clayfordserver" is the Bonjour name (mDNS) What's in filesharing name settings? Maybe try only "server" ?

Whats in Network config "search domain" field?

Anything in the /etc/hostconfig :
hostname=

Remove that line for ≥ 10.4.6

"hostname" in Terminal reports what?

The reverse IP lookup looks OK to me and should work fine with the server (we run one like yours at a customers site).

Reply

Answer 5

Tim Harris Author

Level 4

1,481 points

Aug 3, 2006 9:28 AM in response to Leif Carlsson

Leif,

Thanks for your questions.

I have had to move the reverse record for server.clayford.com to a dedicated DNS server as I needed to get that working. So I'll post information for the other server xserve.kimcell.com which is still using the 'real' dns servers and has the same problems. Here is the log file from the a boot. It differs a little, but servermgr_dns errors are identical on both servers when using the real DNS servers:

Aug 3 17:12:39 xserv servermgrd: servermgr_dns: more than one name for the primary IP address, unable to pick one
Aug 3 17:12:39 xserv servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
Aug 3 17:12:41 xserv mDNSResponder: Update kerberos.tcp.XSERV.KIMCELL.COM. refused
Aug 3 17:12:41 xserv mDNSResponder: Registration of record kerberos.tcp.XSERV.KIMCELL.COM. type 33 failed with error -65553
Aug 3 17:12:42 xserv mDNSResponder: Update kerberos.udp.XSERV.KIMCELL.COM. refused
Aug 3 17:12:42 xserv mDNSResponder: Registration of record kerberos.udp.XSERV.KIMCELL.COM. type 33 failed with error -65553

To answer your questions. I can reconfigure the other server back if you want to to recheck all this.

1) Have changed from clayfordserver to server, no impact.
2) There is nothing in the search domain field when I look via the Network Config under prefs but I do remember seeing server.clayford.com for some command line reports which I found very very strange.
3) hostname (in the file )= -AUTOMATIC- (typed this so may be typo)
4) hostname on the command line = server.clayford.com

As i say - happy to move the clayford server back to the live DNS and provide any reports you need.

Tim

Reply

Answer 6

Aug 4, 2006 2:49 AM in response to Leif Carlsson

Do you have more than one IP (any aliases?) on this server (is it the same machine?)

"Both" are using only public IPs (not behind NAT and/or firewall)?

I have seen this error message on a machine using more than one IP and an A record for both (even different in domains though).

Reply

Answer 7

Tim Harris Author

Level 4

1,481 points

Aug 4, 2006 4:59 AM in response to Leif Carlsson

Leif,

Thanks again for you continued support.

Each machine only has one IP and only ever have had one IP. Neither are behind a NAT, but there is a firewall/come router that connects to the net. There are no rules in the firewall for these to servers - yet!

The temp DNS server that I'm using to serve the reverse record in order to get the one server going is on the same lan as these servers (i.e. not going via the cisco router) but behind a NAT with address/port mapping. One of the DNS servers that holds the real reverse is also on the same lan. I have not tried asking the server just to used this DNS server.

I have considered that this problem has always been there - but apple have never reported problems in the log files before. I now don't thing this is related to the issue of not being able to create home directories - but i have yet to prove it.

Reply

Answer 8

Aug 4, 2006 5:13 AM in response to Tim Harris

Hm...

If you do a host -v <server ip number> on the server

you only get one reverse IP name?

At least if you ask the real DNS I do.

Reply

Answer 9

Tim Harris Author

Level 4

1,481 points

Aug 4, 2006 6:52 AM in response to Leif Carlsson

Leif,

On the server I get;

xserv:~ admin$ host -v 195.27.17.70
Trying "70.17.27.195.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5794
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;70.17.27.195.in-addr.arpa. IN PTR

;; ANSWER SECTION:
70.17.27.195.in-addr.arpa. 32051 IN CNAME 70.64-127.17.27.195.in-addr.arpa.
70.64-127.17.27.195.in-addr.arpa. 38400 IN PTR xserv.kimcell.com.

;; AUTHORITY SECTION:
64-127.17.27.195.in-addr.arpa. 38400 IN NS ns3.gildhouse.net.
64-127.17.27.195.in-addr.arpa. 38400 IN NS ns1.gildhouse.net.
64-127.17.27.195.in-addr.arpa. 38400 IN NS ns2.gildhouse.net.

;; ADDITIONAL SECTION:
ns1.gildhouse.net. 38400 IN A 217.33.105.40
ns2.gildhouse.net. 38400 IN A 195.27.17.69
ns3.gildhouse.net. 38400 IN A 217.33.105.220

I'm no DNS expert so I cannot say this is as it should be.

When I do the same from the server that in using a dummy DNS to overcome the problem I get:

Trying "85.17.27.195.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28586
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;85.17.27.195.in-addr.arpa. IN PTR

;; ANSWER SECTION:
85.17.27.195.in-addr.arpa. 86400 IN PTR server.clayford.com.

;; AUTHORITY SECTION:
17.27.195.in-addr.arpa. 86400 IN NS server.local.clayford.

;; ADDITIONAL SECTION:
server.local.clayford. 86400 IN A 192.168.1.31

Received 127 bytes from 195.27.17.77#53 in 14 ms

Reply

Answer 10

Aug 6, 2006 1:27 AM in response to Tim Harris

"Aug 3 17:12:42 xserv mDNSResponder: Update kerberos.udp.XSERV.KIMCELL.COM. refused"

I wounder if this is because the DNS server rejects being updated with mDNS data. I don't know if that matters or not. Would be nice if "all names" are the same on one computer.

"2) There is nothing in the search domain field..."

I would enter the domainname there ("kimcell.com") so if the server/host name is "xserv" (shouldn't it be "xserve" ? 😉 , "kimcell.com" is automaticly added.

I my /etc/hostconfig there is no "hostname" line at all.

Reply

Answer 11

Aug 6, 2006 1:38 AM in response to Tim Harris

Both look OK but there really is no benefit to using the second one (for internal use) as the first one seems correct.

What kind of server is used for DNS?

We have one customer running a delegated reverse half a c-class net on a Tiger server using the built in BIND so the reverse looks similar to yours (and still works using the DNS config in Server Admin).

This machine hosts about 30 domains.

According to the logs the server has more than one name if you resolve the IP in the DNS (and possibly in the mDNS/Bonjour and/or maybe "hostname").

Are the servers setup standalone or OpenDirectory Master or Replica?

Reply

Answer 12

Aug 6, 2006 2:35 AM in response to Tim Harris

"host -r server.mydomain.com 127.0.0.1
;; connection timed out; no servers could be reached "

This would only give you a response if the machine you ran this command on is also running DNS sw (BIND).

Reply

Answer 13

Tim Harris Author

Level 4

1,481 points

Aug 6, 2006 4:06 AM in response to Leif Carlsson

Normally I will not have the second one and I can get rid of it if and when I can accept OSX to accept the format of the first one.

BIND servers are being used for the real dns. Clearly I'm not using a DNS server on the Servers themselves.

Both are running OD master.

The logs complain that the server has more then one name when I ask it to resolve via the live DNS servers. If I change the DNS on the server to point to just the 'internal' (DNS server which is just there to fix this problem and not operating as a deligated part of a class c) then the problem goes away.

I can retry it - just to be sure nothing has changed.

Tim

Reply

Answer 14

Tim Harris Author

Level 4

1,481 points

Aug 6, 2006 4:21 AM in response to Leif Carlsson

Have changed the computer name to match (xserv) and rebooted.

This is the log:

Aug 6 12:11:08 xserv servermgrd: servermgr_dns: more than one name for the primary IP address, unable to pick one
Aug 6 12:11:08 xserv servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
Aug 6 12:11:08 xserv /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Aug 6 12:11:08 xserv mDNSResponder: Update kerberos.tcp.XSERV.KIMCELL.COM. refused
Aug 6 12:11:08 xserv mDNSResponder: Registration of record kerberos.tcp.XSERV.KIMCELL.COM. type 33 failed with error -65553
Aug 6 12:11:08 xserv mDNSResponder: Update kerberos.udp.XSERV.KIMCELL.COM. refused
Aug 6 12:11:08 xserv mDNSResponder: Registration of record kerberos.udp.XSERV.KIMCELL.COM. type 33 failed with error -65553
Aug 6 12:11:08 xserv automount[183]: deferring user logout notification while init is in progress...
Aug 6 12:11:08 xserv configd[52]: target=enable-network: disabled
Aug 6 12:11:08 xserv mDNSResponder: ERROR: Only name server claiming responsibility for "_kerberos.xserve." is "."!
Aug 6 12:11:09 xserv loginwindow[219]: Login Window Started Security Agent
Aug 6 12:11:10 xserv automount[183]: reposting deferred logout notification.
Aug 6 12:11:11 xserv /usr/sbin/serialnumberd[178]: serialnumberd: Firewall rule #1 added to allow port 626.
Aug 6 12:11:15 xserv /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Disabled firewall

Now move this server to point to the 'internal' DNS server setup to look into this problem and here is the log from the boot. The xserv mDNSResponder: ERROR: Only name server claiming responsibility for "_kerberos.xserve." is "."! is still there but the two host names problem has gowe away.

Aug 6 12:16:26 xserv configd[52]: setting hostname to "xserv.kimcell.com"
Aug 6 12:16:28 xserv kernel[0]: AppleBCM5701Ethernet - en0 link active, 100-Mbit, full duplex, flow control disabled
Aug 6 12:16:29 xserv configd[52]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-net work
Aug 6 12:16:29 xserv launchd: Server 2f0f in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[84]: exited abnormally: Hangup
Aug 6 12:16:29 xserv configd[52]: posting notification com.apple.system.config.network_change
Aug 6 12:16:29 xserv lookupd[90]: lookupd (version 369.5) starting - Sun Aug 6 12:16:29 2006
Aug 6 12:16:31 xserv mDNSResponder: Adding browse domain local.
Aug 6 12:16:34 xserv kernel[0]: ATY,Bugsy_A: vram [a8000000:08000000]
Aug 6 12:16:34 xserv kernel[0]: ATY,Bugsy_B: vram [a0000000:08000000]
Aug 6 12:16:34 xserv /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Aug 6 12:16:34 xserv loginwindow[157]: Login Window Started Security Agent
Aug 6 12:16:34 xserv mDNSResponder: ERROR: Only name server claiming responsibility for "_kerberos.xserve." is "."!
Aug 6 12:16:35 xserv iChatServer-jabberd[48]: 20060806T11:16:35: [notice] (-internal): initializing server
Aug 6 12:16:35 xserv iChatServer-jabberd[48]: 20060806T11:16:35: [notice] (-internal): server started
Aug 6 12:16:35 xserv diskarbitrationd[54]: disk2s3 hfs 0DC522EC-6FAF-3003-922D-BB1F4810D2C9 Server HD Spare /Volumes/Server HD Spare
Aug 6 12:16:36 xserv ctl_cyrusdb[60]: verifying cyrus databases
Aug 6 12:16:36 xserv ctl_cyrusdb[60]: skiplist: recovered /var/imap/mailboxes.db (82 records, 10496 bytes) in 0 seconds
Aug 6 12:16:36 xserv ctl_cyrusdb[60]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Aug 6 12:16:37 xserv ctl_cyrusdb[60]: done verifying cyrus databases
Aug 6 12:16:37 xserv /usr/sbin/serialnumberd[155]: serialnumberd: Firewall rule #1 added to allow port 626.
Aug 6 12:16:37 xserv master[45]: ready for work
Aug 6 12:16:37 xserv ctl_cyrusdb[245]: checkpointing cyrus databases
Aug 6 12:16:38 xserv ctl_cyrusdb[245]: done checkpointing cyrus databases
Aug 6 12:16:41 xserv /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Disabled firewall
Aug 6 12:16:49 xserv configd[52]: target=enable-network: disabled

Reply

Answer 15

Aug 6, 2006 4:51 AM in response to Tim Harris

I can't see any info in this thread that you've setup/configured the name server for the delegated class c subnet.

Also AFAICT ns1.gildhouse.net is misconfigured. It has a CNAME which is perfect. But it has a PTR records where it should have a NS records.

Maybe this can explain things a little bit (read to the end):

http://www.linuxquestions.org/linux/answers/Networking/Settingup_DNS_in_SmallSubnets>

HTH

-Ralph

Other OS

Reply