DNS Forwarding Servers

Tenho dois OS X Server na minha rede e após a última atualização (3.1) comecei a perceber um problema estranho com o serviço DNS.
Criei uma zona .private para minha rede interna em um server e configurei o outro para ser o secundário dessa zona.
Em ambos permito consultas recursivas apenas para os próprios servidores e para clientes da rede local.
Acontece que, automaticamente, a diretiva Forwarding Servers de um servidor é configurada apontando para o outro. E, por mais que eu remova essa configuração, após algum tempo ela aparece novamente.
Percebo que quando isso ocorre a navegação fica prejudicada, é como se os servidores ficassem empurrando indefinidamente as requisições um para o outro.
Alguém já enfretou esse problema e sabe como resolver?

Hoje removi a zona do servidor secundário e desativei todo o serviço DNS.
No servidor primário desativei a transferência de zonas, removi o IP que estava listado em Forwarding Servers e reiniciei o serviço DNS.
Alguns minutos depois esse mesmo endereço IP apareceu automaticamente em Forwarding Servers. Sendo que agora o serviço estava inativo no servidor com esse IP.
Estou cada vez mais confuso com esse problema. Já pensei até em reinstalar o OS X e refazer as configurações, mas não tenho garantias que isso não voltará a ocorrer.
Apple, help me!

Similar Messages

DNS forwarder with 2 real DNS servers, querying them simultaneously

DNS forwarder with >2 real DNS servers, querying them simultaneously and ignoring "server can't find" errors
Hi. When I connect to VPN, my normal DNS isnt queried, and DNS given by VPN answers: "server can't find"
An extract from 'man resolv.conf'
If there are multiple servers, the resolver library queries them in the order listed.
I need another logic. All servers should be queried at the same time, and the soonest positive reply should be used.
The algorithm used is to try a name server, and if the query times out, try the next, until out of name servers, then repeat trying all the name servers until a maximum number of etries are made.
So, if I get "server can't find" error, the next DNS server not queried. I want the DNS forwarder to ignore such answers and wait for replies from other servers.
What software can do this? Maybe dnsmasq? I plan to add 'nameserver 127.0.0.1' to the top of my resolv.conf and configure my scripts to add other nameservers below.

All servers should be queried at the same time
--all-servers
dnsmasq: ignoring nameserver 127.0.0.1 - local interface
good.
How to tell dnsmasq to completely disable dhcp? List all interfaces like this?
no-dhcp-interface=eth0
no-dhcp-interface=tun0
no-dhcp-interface=vboxnet0
no-dhcp-interface=wlan0

10.4 DNS forward

I just upgraded to 10.4 from 10.3 and it has killed my DNS forwarding. I set it up in 10.3 with Server Admin but in 10.4, Apple in their infinite wisdom, decided that that forwarding was a bad thing and removed it from the GUI. Worse yet: it overwrote my working DNS files.
Now I am at the point that DNS forwarding does not work and I do not know how to fix that. I do not even know what files I should modify. Here is what I do know:
zone "xyz.com" IN {
type forward;
file "fwd. xyz.com";
forwarders {10.0.6.32; 10.0.6.36;};
The forward is over a VPN.
Can anyone help?
TIA,
Dan
Loud Fan XServe Mac OS X (10.4.3)

The following is taken from a working /etc/named.conf file:
// Include keys file
include "/etc/rndc.key";
// Declares control channels to be used by the rndc utility.
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.
// Default controls
controls {
inet 127.0.0.1 port 54 allow {any;} keys {
"rndc-key";
options {
directory "/var/named";
forwarders {
xxx.xx.1.10;
xx.xx.100.10;
Meh.... there's whitespace in there that gets ignored by this (Apple's) forum software.
You should - of course - only use forwarding to DNS servers you should be using (eg: your ISPs)

Unable to create DNS forwarder in my AD integrated DNS

Hi,
I have my mix AD servers (2003 + 2008) and im trying to create DNS forwarder to send requests to outside the Domain over natted IP for the name resolution. However, it works perfectly fine in my test environment.
Now, when i try to create on my production server, i get below error:
The operation requested is not permitted on the root DNS server
Please suggest.

Hi, it is worth checking if you have got a root (period) forward lookup zone. If you have, you will need to remove that before you can setup a forwarder. Hope this helps. If in doubt, please post some details of your forward lookup zones (with fake names).
Thank you
MCTS, MCSE 2000/2003, MCSA 2000/2003, CNA

Does the Extreme support dns forwarding?

I can find no field to enter information for DNS forwarding. Am I missing something?

The AirPorts do not have a DNS server service built-in, thus DNS forwarding is not a user configuration option within the AirPort Utility.

DNS Forwarding Same Internal and External Zone

Hi,<o:p></o:p>
So we have decided that we want our internal domain to be the same as our external domain e.g. domain.uk. I understand that split DNS can be used
to fulfil this requirement but is it possible to set up a forward so if the DNS entry is not available in the internal zone it will forward onto one of our external name servers where it can resolve?<o:p></o:p>
We are basically trying to avoid having to add the entry on both external and internal DNS servers for it to resolve. So far I have added the external name servers to
the forwarders and disabled root hints which didn’t work. I’ve tried to add a conditional forwarder but it says the zone already exists. It seems the only to achieve the internal resolution is by creating the DNS entry both internally and externally.<o:p></o:p>
Does anyone know if this is the case? It seems strange that you couldn’t point the DNS to another external name server for resolution? <o:p></o:p>
Any help would be appreciated.<o:p></o:p>

You must ask in networking forum
https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS&filter=alltypes&sort=lastpostdesc

DNS/Fowarding Servers for OS X Mavericks Server

Is it okay that my AirPort Extreme AC router takes care of the DNS for OS X Mavericks Server and have the fowarding servers set to the default which is my routers IP?

That won't work. There is no DNS server in an AirPort Extreme, nor in a Time Capsule. The Apple WiFi boxes and most other low-end gateway boxes will only contain a DNS resolver. When in a NAT'd network, the DNS resolver will simply forward the DNS queries to off-LAN DNS servers. The resolver has no concept of LAN-local host names or IP addresses; of what's happening in the NAT'd address space that's in use. (Various mid-grade gateway boxes do have DNS capabilities, and open source options such as DD-WRT do have a DNSmasq-based server, and these boxes can suffice for the needs of OS X Server. If there's a way to configure host names and host IP addresses for random boxes on your LAN, then the box you're using should work. If not, it's a resolver, and won't work for a NAT'd network.) Off-LAN DNS servers will almost certainly not provide correct translations for hosts with private-block addresses. OS X Server requires proper forward and reverse DNS translations, or things get weird. Here's how to set up local DNS on OS X Server.

DNS Forward Lookups Not Working

My DNS experience and knowledge is pretty limited. Having said that it appears that our xserves can do reverse lookups for both of our xserves, but can't do a forward lookup. How can I fix this?
Here are the lookup information from network utility:
Lookup has started ... dataxserve.w.k12.ia.us
; <<>> DiG 9.3.4 <<>> dataxserve.w.k12.ia.us
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37918
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;dataxserve.w.k12.ia.us. IN A
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Tue Jan 15 13:26:53 2008
;; MSG SIZE rcvd: 49
Lookup has started ... 192.168.0.3
; <<>> DiG 9.3.4 <<>> -x 192.168.0.3
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19034
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;3.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
3.0.168.192.in-addr.arpa. 86400 IN PTR dataxserve.w.k12.ia.us.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Tue Jan 15 13:32:01 2008
;; MSG SIZE rcvd: 122
Lookup has started ...xserve.w.k12.ia.us
; <<>> DiG 9.3.4 <<>> xserve.w.k12.ia.us
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10240
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;xserve.w.k12.ia.us. IN A
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Tue Jan 15 13:32:52 2008
;; MSG SIZE rcvd: 45
Lookup has started ...192.168.0.2
; <<>> DiG 9.3.4 <<>> -x 192.168.0.2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49722
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
2.0.168.192.in-addr.arpa. 86400 IN PTR xserve.w.k12.ia.us.
;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Tue Jan 15 13:33:26 2008
;; MSG SIZE rcvd: 122
Please help

Hi
You don't have to if you don't want to. You can leave both servers running internal DNS Services. The DHCP Service does not require DNS. It all depends on how you want to push out network services to your clients.
I don't know your particular circumstances but its not absolutely necessary to run DNS on your mail server. It depends a great deal on how you want the server to handle mail for your domain. I'm not an expert but the way I generally do a mail server is to use external MX Records and duplicate the external record internally. Its a fairly simple method and should send and receive mail for your clients internally as well as externally.
You could configure internal DNS Services on one server only and just add a machine record for the second server. You could expand on this and configure DNS Services on both servers with a machine record for each server on both. There is enough in the GUI to allow you to do this. For example server01.mydomain.com with an IP address of 192.168.254.254 and server02.mydomain.com with an IP address of 192.168.254.253. This way if one server was to go down the other server should still provide a DNS Service to your local clients. However without knowing fully your network environment and your requirements its difficult to advise.
However is this a new setup and are you trying to get it to work? Or has it been working OK for a while and something has broken it? If its the latter what errors are you seeing?
If you want to know more about DNS purchase a copy of Paul Ablitz and Cricket Lui's book 'DNS & Bind' and start reading.
Hope this helps, Tony

DNS forward lookup

When I run a changeip -checkhostname all returns ok from the server. When I run a dig -x on that DNS server IP all is ok. When I run a dig on the server name it fails. So forward lookup fails, reverse is fine. Any reason why?

What DNS server(s) are involved here? Your own? ISP? A combination?
Is the server resolving DNS itself? If so, then the network controllers reference the local box and the local DNS via the name localhost (or 127.0.0.1), and the local DNS server then connects to the upstream servers.
Does dig with the @dns.example.com specifier for the DNS server you're interested in work?

DNS forward lookups failing

My system is the only DC and running Server 2012 R2 and is the only DNS server on a small network. There are 2 forwarders for internet name resolution and the root domains are also configured...all resolve without issue. Repeated simple & recursive test
inquires all pass. The DNS timeout is set to 5 seconds.
On every network client, approximately one-third of forwarded lookups fail on the first attempt. The second attempt may get a response. By the third attempt, the name resolves. There appears to be no relation between the domain lookups which fail. In
fact, the same domain may fail on one day but, after clearing the cache, the same lookup won't fail
No errors post to either the server or client event logs. I've removed the DNS service and reinstalled but the issue persists.
Any guidance is much appreciated.
Best,
Bill
Best,
Bill

Does the DNS lookup for your AD domain resolution or is it for public DNS names resolution?
If it fails for public DNS names resolution, you can consider updating your DNS forwarders to be your ISP ones.
Please also make sure that your DC is pointing only to its private IP address as primary DNS server and 127.0.0.1 as secondary one. On your client computers, make sure that they point to your DC as primary DNS server.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password

Server 3 DNS Forward

Hi There
I got an Issue with DNS on OSX 10.9.4 with Server 3.
I got an EMC Isilon with Smart Connect, but when i try to make an Type Forward Record to sent all request for the hostname: ktv-srv-016.ktv to 10.10.0.72 it wouldn´t work.
Here is my config:
view "com.apple.ServerAdmin.DNS.public" {
    zone "ktv-srv-016.ktv" IN {
        type forward;
        forward only;
        forwarders {
            10.10.0.72;
    zone "workflow.koncern.dk" IN {
        type master;
        file "db.workflow.koncern.dk";
        allow-transfer {
            none;
        allow-update {
            none;
    zone "portal.koncern.dk" IN {
        type master;
        file "db.portal.koncern.dk";
        allow-transfer {
            none;
        allow-update {
            none;
    zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update {
            none;
    zone "KTV" IN {
        type master;
        file "db.KTV";
        allow-transfer {
            none;
        allow-update {
            none;
    zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update {
            none;
    zone "0.10.10.in-addr.arpa" IN {
        type master;
        file "db.0.10.10.in-addr.arpa";
        allow-transfer {
            none;
        allow-update {
            none;
    zone "." IN {
        type hint;
        file "named.ca";
As You can see i have made the setup with all the options:
    zone "ktv-srv-016.ktv" IN {
        type forward;
        forward only;
        forwarders {
            10.10.0.72;
But i can´t get it to work. Hope some of you got an idea.
Kind Regards
Kim

Server moved
/var/named to the
/Library/Server/named directory.
Is that where your files are?

Delegate DNS Forward Lookup Zone

A: DNS - I would like to delegate the ability of creating Forward Lookup Zones at the root of my DNS (not subdomain).
For example, i would like to delegate to my "Tier 1" staff with the ability to modify our DNS. i want our "Tier 1" staff to have the ability to create a Primary Zone in order to redirect users that attempt to access a site with known malware content to an internal site with a warning message notifying the user that they have attempted to access a site that is not allowed.
Is this possible?

Hiya,
I'm about 86% sure that if they need permissions to create primary zones, they will have access to the complete DNS administration. So it's just a question if that is ok?
If that is okay you can add the users to the DNSadmin group and they should have access to perform the above from the DNS administration tool, which can be installed anywhere.

DNS Forwarder IP

So in 10.6 Server, you can specify IPs that it will forward non-authoritative queries. I'm setting up 10.4.11 on an old G4 and there is no option for forwarding DNS IPs. Does it just use the system's other DNS IPs? Does it forward at all?
Thanks!

You can also add this row beneath yours:
forward first;
which means the server forward external lookups first, and only if there isn't a successful reply the internal DNS will try itself.
I don't know what will happen without this but there is an other option:
forward only;
which will make the internal DNS not try itself if there a non successful reply.
Also forwarding is done mostly for speed reasons and offloading of the internal DNS so if the forwarder DNS are slow you don't gain anything. I'd compare your ISP DNS lookups from the client or DNS server directly to the forwarder DNS IPs to see how fast they are (and to see if you are allowed to used them as forwarders - recursive lookups):
host -v <FQDN or IP you want to lookup> <forwarder DNS IP to test>
You will get responses in milliseconds.
Use FQDNs that is NOT hosted by the forwarder DNS IP you test (preferably use seldom used FQDNs that is not cached).
Using a "too old" OS might leave you, from a security patch standpoint, having an non updated DNS if relying on Apple updates alone.

Dns Forwarder Error

Hi All,
I recently installed DNS Manager on Windows 2012 Server . I configured the DNS and I am able to get DNs working properly internally. I added open dns address under dns forwarders (208.67.222.222 & 208.67.220.220) to get connected to the internet
and I am getting an unable to resolve error.
Please help
Thanks
Ajith

Hi Ajith,
Based on your description, in the Forwarders tab, it displays
Unable to resolve in the corresponding Server FQDN.
Try to ping the two external DNS servers by IP address from the internal DNS server.
If it is unable to ping these forwarders, there are network connectivity problems between the internal network and Internet.
If it is able to ping forwarders, please try to use the OpenDNS server to resolve domain names via nslookup tool.
Run command prompts as administrator, type nslookup
Type server 208.67.222.222
Type www.google.com
If you receives DNS request timed out. It could be an issue that firewall or other devices block the DNS traffic. Please check the firewall configurations. And you could disable the firewall temporarily, then try again.
Best Regards,
Tina

Yet another DNS forwarding issue.

I'e read a few of the posts in here and it seems I'm not the only one having problems. I'll give you a rundown of my setup / problem.
Ethernet 1 - 192.x.x.x address - Router & DNS pointing to itself - Name resolution works fine.
Ethernet 2 - 10.x.x.x address - This is on my corporate LAN. Added the router & DNS address to this card. I can ping the router.
I've setup forwarding using the GUI & also tried adding the entry of the 10.x DNS server to named.conf
When I start this interface I get odd behaviour from Server Admin tool, spinning wheel until I stop the interface again.
I've read various documents and AFAIK I've set things up correctly but it doesn't want to play ball! I'm running 10.5.7 btw.
Any help appreciated.

That was part of the problem, it had been setup that way as when I'd been testing DeployStudio and had just followed the instructions. Removing it didn't just solve the problem though as I needed to add both local DNS & external DNS on both interfaces with the 192 DNS first. Anyway cheers for pointing it out, I couldn't see the wood for the trees and needed another set of eyes and to sleep on it.
Thanks
Sean

DNS Forwarding Servers

Similar Messages

Maybe you are looking for