DNS is messed up
I have an older PowerPC G4 iMac that I use at school because I prefer it to the Dell Box from1999 that I'm supposed to use.
Over the summer, the tech department installed a new version of PowerSchool. With older versions, I never has many issues, but since the update was installed, my iMac keeps going to the older version of Power School that still must be on a network server somewhere. I type in the correct URL, but it always goes to the version from last year.
The tech guy says, the DNS is messed up. When he enters the "hard" address (it's all numbers), I get to the correct web page to log into the new Power School and I can log in. He says that DNS is the "thing" that translates the letters (www.apple.com) to the actual address (http://10.76.10.10 for example).
I can access Power School at home, on the same machine, with no problem, but when I try to get to Power School through the district's "Proxy Server," I get errors, the wrong page, or when I can log in, some of the links are dead.
My question, how do I clear the DNS cache on my G4 iMac (1.25Ghz) OS 10.5.8 - 1Gig of RAM? I've tried different commands from the "terminal," but nothing seems to stop the computer from going to the wrong web page through the district proxy server.
The tech guys don't really want to support Macs anyway, so I sort of on my own. I hope that someone can help me figure out what I can do... or ask the tech guys to do for me.
Thanks, so much!
It's usual local practice to use a registered domain or a subnet of a registered domain (even if it's only used within your own network perimeter), and not a bogus domain.
I can't wait until I try to host multiple domains! That'll be fun.
Your DNS provider or ISP (better) hosts the translations, and (presuming you're running web contents and not something else) your Apache web server uses [virtual domains|http://labs.hoffmanlabs.com/node/1282] (what Apple calls "sites") to serve up the pages.
If I have everything on the same subnet, then the UVerse gateway DHCP server and the TC DHCP server clash. I could turn off the TC one, but then I lose the benefits of gigabit (the gateway only does 100mbit, and if I have two devices connected to the TC gigabit ports but DHCP is from the gateway, I suspect that all packets go through the gateway, at 100mbit - but correct me if I'm wrong).
I don't know the UVerse stuff sufficiently to post on it off-hand; the last time I dealt with that, I ended up doing a pile of research work to figure out how that stuff worked. It did some funky stuff with MAC addresses, and the folks from AT&T didn't seem entirely certain of how it fit together, either.
Dig around in the AT&T forums. AT&T UVerse would not be my suggested environment for learning IP networking, either; that's the proverbial deep end of the pool. The folks that designed that do some odd stuff.
Similar Messages
-
Comcast claims that are not blocking ports. Technically from what I understand they are not. They just don't recongnize the iCloud server address on their DNS. An Apple Genius gave me a "free access DNS" which they use in the Oakrigde store to sync to iCloud. It works great in the store with my computer and iPhone but not at home. After a comversation with an IT person in Germany he explained that due to the limited number of ports available and the almost infitinite appetite for ports companies often choose to manage the number of ports avialable for use by their customers. What did work for me was to use a secure proxy server with secure encoding. It works great! However as the cloud does seem to go down from time to time I would prefer to also have the USB cable option for syncing.
This does not make sense. If comcast blocked iCloud.com there would be millions of posts here about it, as comcast is one of the largest ISPs in the US. Most likely you have DNS settings messed up in your router or your computer. Ports and DNS have nothing to do with each other. A "port" is just part of a complete URL. Using a port does not have any affect on the ISP, who doesn't even see the port in the packet.
-
How to repair DNS hostname?
Hello,
I had a working DNS setup with the right Primary address, Current HostName and DNS hostname. While figuring out how to use the Print service my DNS hostname changed. I suspect that when I was adding a printer IP to the DNS list something went wrong. After that the DNS hostname must have changed to the name of the mail server. I discovered that, because I could not access the internet anymore and did a 'changeip -checkhostname' to check the settings. I thought that it was simple to delete the mail-server from the dns list to get the right DNS hostname back. But that's not the case.
After putting in the mail server address the mail did not function either. So my DNS is mess now.
I tried searching in the support discussions for a way to repair this, but could not find an answer that fits the situation.
I am in the middle of a swith over and because everything was working (except the printers) I decided to move all data and mail from the old Windows servers to the new Mac servers. Because the system is in use now for a week I can't simply switch back. So I am stuck in this situation and desperate. Yes, I made a classical mistake not to backup first the working servers. But that happens when you are in a rush to get this done. This is my first Apple server experience and was very happy I came this far with the available Apple docs and discussion support.
Server network situation:
- Mac Mini server1 (en0:10.0.0.1, en2:191.168.0.128 (USB-adaptor)) configured as DHCP, NAT, FireWall and secondary DNS
- Mac Mini server2 (10.0.0.2) configured as Primary DNS, Mail, Open Directory, AFP and SMB
I configured with non-authorative domainname (say mydomain.nl). In the near future I will have a fixed IP-address so the domainname can be used from the internet.
changip -checkhostname on result:
Primary address = 10.0.0.2
Current Hostname = hollandia.mydomain.nl
The DNS hostname is not available, ...
scutil --get LocalHostName = DeHollandia
scutil --get Hostname = hollandia.mydomain.nl
dig -x 10.0.0.2
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:3354
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;2.0.0.10.in-addr.arpa. IN PTR
;; SERVER: 10.0.0.2#53(10.0.0.2)
DNS configuration:
-mydomain.nl
hollandia Machine 10.0.0.2
beschermer Machine 10.0.0.1
mail Machine 10.0.0.2
-0.0.10.in-addr.arpa.
10.0.0.1 Reverse Mapping beschermer.mydomain.nl
10.0.0.2 Reverse Mapping hollandia.mydomain.nl
Hopes the above info is a start to the solution.Solved.
After some study of DNS examples I manually edited the file /var/named/zones/db.0.0.10.in-addr.arpa.zone.apple. -
Guest network feature of Time Capsule/Airport Extreme in conflict with DNS on OS X Server?
Hi, I want use the guest network feature of Time Capsule/Airport Extreme which requires an external DNS server but my OS X Server is the dns server...Can I configure server and airport with an external dns without messing up my OS server?
Thx RonIf you want to use the guest network while also using your server for DNS - you will need to do the following: It's a bit painful - but it works.
On your Airport Device (Airport Extreme or Time Capsule) - in the Internet tab you will need to do one of the following:
1) Leave the DNS Servers Blank - which they will default to the DNS servers provided by your ISP.
2) Actually enter your ISP's DNS servers.
3) Enter Open DNS servers (I use 208.67.222.222 / 208.67.220.220).
The DNS servers specified in the airport device must be internet routable addresses (if you are going to use the guest network functionality) - and cannot refer to private ip address (e.g. 10.x.x.x, 192.168.x.x, etc).
Here is the painful part...on all of the devices (Macs, PCs, phones, ipads - that will be used on your "private" network 10.0.1.x - you will need to provide static DNS setting (but still allow DHCP to assign the devices IP address). You will specify 10.0.1.13 as primary DNS and 208.267.222.222 (or your ISP's primary DNS IP).
One you do this - your devices that you permanently use on your local network - will still use your server for DNS - and the external DNS - should your DNS server happen to be down.
Anyone visiting your house - will connect to your guest network - and automatically be DHCP assigned a guest IP address - and the external DNS servers that you specified in the Airport Extreme device.
This has been working great for me. I suspect that the guest network functionality is flawed in the Airport Extreme/Express and Time Capsule. Since I do not have another router that provides a guest network - I cannot say whether this issues is limited to the Airport devices - or whether this workaround would need to be done - regardless of which brand of router is providing the guest network.
In a nutshell - your household permanent devices will have to specify static DNS servers - but your guests will connect seamlessly without having to change and risk messing up any of their device settings.
If this solution works for you - Please be sure to click either "This solved my problem" or "This helped me". -
Please please help! I have messed up the DNS Settings on 10.8 server
Just started a new job and am in charge of managing the Mac Server. I have lots of Mac experience, but very little Mac OS X Server experience.
I used my MBP to access the server (which is a headless Mac Mini) and after I did so the settings were pretty messed up. In particular the Computer Name, Host Name, and DNS name were wrong or missing. I was able pretty easily to get the first two fixed, but not DNS.
I can reach the server via the IP, but NOT the domain name. (We were able to do this before I messed things up).
When I run
cat /etc/resolv.conf | grep nameserver
I get 4.2.2.2
which is the forwarding server
I have tried turning DHCP on and off, never works.
When I run
cat /etc/resolv.conf | grep nameserver
I get
nameserver[0] : 4.2.2.2
nameserver[0] : 150.2.0.30
nameserver[0] : 4.2.2.2
The 150.2.0.30 is what I have for the DNS entery in the Network Control Panel
When I run changeip -checkhostname under sudo I get
macserver:~ bryanschmiedeler$ sudo
Password:
Primary address = 192.168.x.x
Current HostName = server.example.com
The DNS hostname is not available, please repair DNS and re-run this tool.
dirserv:success = "success"
Any help would be GREATLY Appreciated!
BryanHere are instructions for setting up DNS on OS X Server; select the show-all-records option on Server.app in 10.7 and 10.8, and those instructions should get you to a working configuration.
Your DNS server on OS X Server should refer to itself, via 127.0.0.1 address; the "localhost" address; IP networking's version of "self" or "me". This 127.0.0.1 reference is a special case, and only applicable to the DNS server's references to itself. All other hosts on your network should refer to your OS X Server DNS server by its assigned private static IP address on your LAN; whatever 192.168.0.0/16 address you're using for your DNS server. If you should have more than one DNS server on the LAN (commonly used for better reliability), each DNS server will refer to 127.0.0.1 and to the private static IP address of the other DNS server.
Do not refer to off-LAN DNS servers. Do not refer to ISP DNS servers, or the old Verizon DNS servers (in use here) nor to the Google DNS servers. To get local translations of private-block IP addresses such as your use of a subnet within 192.168.0.0/16, the server and the local clients must refer to the local DNS server. (Not to off-LAN DNS servers.) That means either manually-configured DNS server settings for static-addressed servers, and configuring the DHCP server to pass out only — only — the address of the local DNS server(s) to DHCP clients, and to not pass out any off-LAN server address(es).
Half the planet is probably using a subnet in the 192.168.0.0/16 private block, so obfuscating that range just means you might be running in one of the two the more problematic subnets, 192.168.0.0/24, or 192.168.1.0/24, but we can't tell. Those will cause issues with potential future use of VPNs with this network. Best to avoid those two subnet blocks. -
Google Chrome messes with my DNS on Yosemite
So I've spent ages today trying to figure this out. I have a nicely upgraded version of Yosemite. All was working well but I couldn't figure out how to make safari full screen without the toolbar (like a kiosk/presentation mode). It was suggested I use Chrome which does have presentation mode. On installing Chrome, it immediately began to not be able to access any website. Safari was then unable to as well. Using network utility to see what the problem was still resulted in ability to ping IP address but not to DNS. Turns out DNS was no longer resolving. Trying an alternate DNS such as Open DNS servers, flushing the cache using a variety of methods suggested on the internet did not resolve it.
However, deleting Google Chrome and setting IP6 to Link-Local mode only did seem to reset it and allow safari and DNS ping/lookup to work again.
Re-installing Chrome stopped it again. Uninstalling Chrome and rebooting allowed it all to work again.
So for those of you who are having this headache, I can definitely confirm that Google Chrome does something unusual in relation to DNS. I don't know what, but perhaps some boffins here can figure it out.
The problem above is re produceable for me.
Good luck solving it internets.Patrick,
You will be using the DNS server configured in the VPN profile. The DNS server could be removed from the profile, but it also depends if you are allowed to route locally while connected to the VPN? -
I messed up DNS, what are the steps clear out DNS and OD to start over?
After I changed the hostname using the Server wizard and the previous dns zones don't show up in server admin.app. I even tried to edit named.conf but it is somehow locked and won't let me over write it even with root.
They hid this one a little bit.
Download the Server Admin Utilities from apple.com/downloads
Open Server Admin.
Log in to the server in question.
Click on the arrow next to the server.
And there is the DNS Server control. You can update your zones there.
Did this from memory, since I am not in front of my server right now. I just figured it out myself last night. I had two "extra" zones from my earlier attempts to configure server that were wreaking havoc. 10.7 Server is not exacltly as advertised in terms of being the "server for everyone". -
Domain removed, DNS messed up
A former technician removed a domain from our environment. I do not know the details on the process he used. All I know, is that if I do an nslookup on an internal machine I get the following. The first response comes back correctly and displays servername.currentActiveDomain.org but
the non-authoritative comes back incorrectly. it displays the name as the servername.current&correctdomain.oldDomainNoLongerHere.org.
I am pretty sure this is causing me some issues on network. When installing vcenter attempts to autodiscover to authenticate, it gets an error and can't find what It is looking for. I do an nslookup and get this. I think this is the
issue.
When I look at my DNS, I see:
The 3rd ldap and 3rd Kerberos entries are the *network.org domain that was removed months ago. Can I just delete both of those entries out of dns? As long as that domain is not used and there are no DC's with that domain name will there be an
issue? I have also removed any references from Active Direct Sites and cannot find any other reference to this domain in DNS.
thank you in advance
mcpthank you for your reply.
The first one is just the server name. Then I did another lookup with the FQDN. Lastly, did a lookup on the server and saw that other domain that is no longer here, listed again in the non-authoritative answer, however, I never see that domain
listed in the log below.
set d2
kwf-vcenter
erver: kwf-dc1.kwfdn.org
ddress: 10.69.1.245
endRequest(), len 39
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = A, class = IN
ot answer (55 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = A, class = IN
ANSWERS:
->
kwf-vcenter.kwfdn.org
type = A, class = IN, dlen = 4
internet address = 10.69.1.17
ttl = 1200 (20 mins)
endRequest(), len 39
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = AAAA, class = IN
ot answer (88 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = AAAA, class = IN
AUTHORITY RECORDS:
-> kwfdn.org
type = SOA, class = IN, dlen = 37
ttl = 3600 (1 hour)
primary name server =
kwf-dc1.kwfdn.org
responsible mail addr = admin
serial = 238612
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ame: kwf-vcenter.kwfdn.org
ddress: 10.69.1.17
kwf-vcenter.kwfdn.org
erver: kwf-dc1.kwfdn.org
ddress: 10.69.1.245
endRequest(), len 49
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org.kwfdn.org, type = A, class = IN
NS request timed out.
timeout was 2 seconds.
imeout (2 secs)
endRequest failed
endRequest(), len 49
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org.kwfdn.org, type = AAAA, class = IN
ot answer (107 bytes):
HEADER:
opcode = QUERY, id = 5, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org.kwfdn.org, type = AAAA, class = IN
AUTHORITY RECORDS:
-> kwfdn.org
type = SOA, class = IN, dlen = 37
ttl = 3600 (1 hour)
primary name server =
kwf-dc1.kwfdn.org
responsible mail addr = admin
serial = 238612
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
endRequest(), len 39
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = A, class = IN
ot answer (55 bytes):
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = A, class = IN
ANSWERS:
->
kwf-vcenter.kwfdn.org
type = A, class = IN, dlen = 4
internet address = 10.69.1.17
ttl = 1200 (20 mins)
endRequest(), len 39
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = AAAA, class = IN
ot answer (88 bytes):
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
kwf-vcenter.kwfdn.org, type = AAAA, class = IN
AUTHORITY RECORDS:
-> kwfdn.org
type = SOA, class = IN, dlen = 37
ttl = 3600 (1 hour)
primary name server =
kwf-dc1.kwfdn.org
responsible mail addr = admin
serial = 238612
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ame: kwf-vcenter.kwfdn.org
ddress: 10.69.1.17
:\Users\millerr>nslookup
kwf-vcenter.kwfdn.org
erver: kwf-dc1.kwfdn.org
ddress: 10.69.1.245
on-authoritative answer:
ame:
kwf-vcenter.kwfdn.org.newtechnetwork.org
ddress: 162.249.109.162
mcp -
I have a wireless network (Airport Extreme and Airport Express for range in the back of my house). Have 4 Macs on the network. All have Open DNS set in System Prefs>Network>Airport>Advanced>DNS.
Should I set one or both of the Airports to Open DNS also? If so, how? I looked at Airport Utility and see no ready way to do it.
If I should add OPen DNS to Airport, can someone tell me how in an easy to follow fashion?
Thanks in advance!No, sorry.
All my machines are individually set for Open DNS: System Prefs>Network>Airport>Advanced>DNS: 208.67.222.222; 208.67.220.220.
The machines have been set this way for a long time.
My Q: Can/Should I set my Airports (Express and Extreme) somehow for Open DNS?
My general configuration is:Cable>Modem>Airport>4 Macs.
The hardware configuration is Cable into Router (Cox), Ethernet into Extreme, broadcast to Express 5 rooms away (to serve 2 of the 4 Macs); Ch 1 all.
Perfect connection - so don't want to mess with that.
Just want to know (if I can to speed up download time) --
Would (if possible) setting the Airport settings to Open DNS help my speed? If so, how in the world would one do that - - > set the actual base station to have Open DNS settings?
Make sense? Hope so!
Thanks!
Message was edited by: pcbjr -
My MAC runs very slow. Rainbow wheel every time i try to go somewhere. Im a complete MAC novice. Only really use it for iTunes and email. the odd document here and there. The odd spreadsheet. Was brought up on a PC. I would imagine my system is in mess. I think i downloaded that Mackeeper which i have just discovered was not a good idea. I found a thread about EtreCheck and it suggested i posted the report of my machine which i have done.I only have 2GB of space. Not sure how much i have left. My wife keeps putting photos on here like they are going out of fashion. Bought the machine in 2008 because everybody said you have a MAC. I've never really got to grips with it but at least it worked. Now it does not run very well at all. That spinning wheel is driving me mad. HELP please, never ever used a forum light this either so please go gentle on me. Cheers Paul
EtreCheck version: 1.9.15 (52)
Report generated 8 September 2014 09:09:26 BST
Hardware Information: ?
iMac (20-inch, Early 2008) (Verified)
iMac - model: iMac8,1
1 2.66 GHz Intel Core 2 Duo CPU: 2 cores
2 GB RAM
Video Information: ?
ATI Radeon HD 2600 Pro - VRAM: 256 MB
iMac 1680 x 1050
System Software: ?
OS X 10.9.4 (13E28) - Uptime: 0 days 0:31:45
Disk Information: ?
Hitachi HDP725032GLA380 disk0 : (320.07 GB)
S.M.A.R.T. Status: Verified
EFI (disk0s1) <not mounted>: 209.7 MB
Macintosh HD (disk0s2) / [Startup]: 319.21 GB (117.84 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
USB Information: ?
Apple Inc. Built-in iSight
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
Bose Corporation Bose USB Audio
Apple Computer, Inc. IR Receiver
Gatekeeper: ?
Mac App Store and identified developers
Launch Daemons: ?
[loaded] com.adobe.fpsaud.plist Support
[loaded] com.macpaw.CleanMyMac2.Agent.plist Support
[running] com.trusteer.rooks.rooksd.plist Support
[loaded] net.sourceforge.MonolingualHelper.plist Support
Launch Agents: ?
[running] com.trusteer.rapport.rapportd.plist Support
User Login Items: ?
iTunesHelper
Internet Plug-ins: ?
Google Earth Web Plug-in: Version: 5.1 Support
Default Browser: Version: 537 - SDK 10.9
Flip4Mac WMV Plugin: Version: 3.2.0.16 - SDK 10.8 Support
OfficeLiveBrowserPlugin: Version: 12.3.6 Support
Silverlight: Version: 5.1.10411.0 - SDK 10.6 Support
FlashPlayer-10.6: Version: 14.0.0.145 - SDK 10.6 Support
AmazonMP3DownloaderPlugin101749: Version: AmazonMP3DownloaderPlugin 1.0.17 - SDK 10.4 Support
Flash Player: Version: 14.0.0.145 - SDK 10.6 Outdated! Update
iPhotoPhotocast: Version: 7.0
QuickTime Plugin: Version: 7.7.3
eMusicRemote: Version: (null) Support
eMusic: Version: Unknown
Audio Plug-ins: ?
BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
AirPlay: Version: 2.0 - SDK 10.9
AppleAVBAudio: Version: 203.2 - SDK 10.9
iSightAudio: Version: 7.7.3 - SDK 10.9
iTunes Plug-ins: ?
Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
3rd Party Preference Panes: ?
Flash Player Support
Flip4Mac WMV Support
Trusteer Endpoint Protection Support
Time Machine: ?
Time Machine not configured!
Top Processes by CPU: ?
2% iTunes
2% WindowServer
0% coreaudiod
0% fontd
0% rapportd
Top Processes by Memory: ?
178 MB Finder
133 MB com.apple.WebKit.WebContent
109 MB iTunes
92 MB Safari
63 MB com.apple.quicklook.satellite
Virtual Memory Information: ?
24 MB Free RAM
821 MB Active RAM
807 MB Inactive RAM
291 MB Wired RAM
338 MB Page-ins
680 KB Page-outs1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can read it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p) if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' '" L*/P*/*loginit*' 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,Inter,iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed. -
Hello,
I am relatively new to configuring DNS settings in Server Manager. Recently, my Kerberos relm stopped working and I am now getting this error message on the console:
configured name and reverse DNS name do not match (fileserver.occu-med.com != mail.occu-med.net), various services may not function properly - use changeip to repair and/or correct DNS
I did, for a short time, try to register the server as a mail server. However, due to the many issues I experienced, this was a short lived endeavor. Right now I am running 10.4.11 on an Xserv. The box is functioning as a Fileserver running AFP and SMB, DHCP server, DNS Server, Firewall and NAT, an AD Server, and a VPN server. I have had no issues with the other services, they are all functioning fine. The only problem with OD is that it cannot Kerborize if the DNS is not functioning properly.
I believe that the issue with the DNS can be attributed to the server being part of an external DNS relm as well as an internal DNS relm. There is definitely an entry for mail.occu-med.net in our ISP's DNS server, however on the internal network that I am running, occu-med.com, there is no such entry in our DNS records.
I have tried the changeip command "changeip LDAPv3/127.0.0.1 "externaladdress" 10.0.0.2 mail.occu-med.net fileserver.occu-med.com to no avail.
When I go into the Server Admin took to look at my network connections, it lists connection en0 (The outside portion of the NAT) as mail.occu-med.net. The connection en1 (the inside portion of the NAT) does not have an assigned DNS name.
When I go into the Terminal on the Xserv and type in "hostname" I get "Fileserver.occu-med.com." However when I type in "host fileserver.occu-med.com" I get the error "Host fileserver.occu-med.com not found: 3(NXDOMAIN)" When I type in "host externalip" I get "externalip.in-addr.arpa domain name pointer mail.occu-med.net."
Obviously the server is confused here, but how exactly can I fix the problem?DNS was working right before the server was propagated to a mai server. I have set up our internal domain to mirror the external domain by entering all of the ISP specific DNS information into the server so that users can access mail.occu-med.com via the internet. I have also set up specific internal DNS names that are not shared with the outside world, such as fileserver.occu-med.com that I do not want published to the external DNS servers. The problem I cannot get around is where the entry mail.occu-med.net is coming from and why it persists. When I was messing around with the mail functions of OS X Server, I deliberately made two different domains, one for occu-med.net and one for occu-med.com. This was short lived as the confusion on where to connect for certain services was giving even myself a headache, let alone my users. Thats when I started delving into setting up our own internal DNS server to provide FQDN services to internal machines. I deleted all of the old information in the server for the previous DNS Zones, but apparently something has not changed.
Using a computer on the inside of my network, if I type into the console host mail.occu-med.net it returns "mail.occu-med.net has address 216.251.43.97"
If I type host 209.234.153.2 I get "2.153.234.209.in-addr.arpa domain name pointer mail.occu-med.net."
So, the server IS providing the wrong information to the internal clients somehow. The problem is that there is no mail.occu-med.net domain even hosted on the server. When I was original messing around with the server as a mail server, I had the connections reversed, en0 was the inside connection and en1 was the outside. I did have DNS working properly when i did this. Is it possible that somehow, while it may not be displayed in the Server Admin window, the current outside interface is still assigned the FQDN mail.occu-med.net? -
Internal DNS - emailsrvr.mydomain won't resolve, IP does - www works.
Internal Mail won't resolve to emailserver domain, but LAN ip is fine
Hey gang, longtime reader first time poster.
After wrestling with this issue, i'm about out of ideas.
Here's my setup.
Leopard server 10.5.4, running OD master (all rocking),
AFP, Firewall, DNS, (mobile) network home directories.
I'll call this "xserve.mydomain.com "
Its NAT'd IP is 192.168.1.102.
It's a FQDN, kerberos is running and happy, all is well.
There are about 12
clients, each with a desktop (imac) and laptop (macbook).
I have a second (windows 2003 sbe) server hosting the following
services: Exchange and Web (for now).
I'll call this winsbe.mydomain.com
Its NAT'd IP is 192.168.1.101
My External DNS setup is this.
Our DNS hosting is done by our registrar (network solutions).
We own 4 static IPs from our ISP.
One IP is for our router/firewall providing NAT
to internal clients, and the xserve is on DMZ, with
its OSX firewall service turned on.
One IP is for the
windows server. (the last two, if you've been counting, are unused .
Via Network Solutions "advanced DNS", I have our zone
configured. "xserve.mydomain.com" points to its WAN
IP (66.xxx.xxx.198).
www points to 66.xxx.xxx.194.
MX records refer to "winsbe.mydomain.com" via
WAN IP 66.xxx.xxx.194 as well.
All outside services resolve correctly.
IE, i can hit the website and send/receive email from mydomain.com.
My internal DNS as setup as this:
primary zone= mydomain.com
nameserver= xserve.mydomain.com
mx record= winsbe.mydomain.com
xserve.mydomain.com has an A record to LAN IP.
winsbe.mydomain.com has an A record to LAN IP.
www is a CNAME record to winsbe.mydomain.com. <----i'm not sure about this one but it works.....
My forwarder IP points back to my Router (which seems to give me better performance than using ISP
DNS from here..)
I know this is working fine insofar as the webserver, as
an nslookup (www.mydomain.com) internally resolves www to 192.168.1.101.
mydomain.com and www.mydomain.com hit the webserver internally
on client browsers. rock.
Again, forward AND reverse nslookups internally resolve to winsbe.mydmain.com/92.168.1.101
Here is my guess as to my problem,
my internal hostname + a record for the windows server the same as the MX record
which has an alias from www.
I think it's getting effed in there somewhere?
If I setup email clients with the windows server LAN IP rather than
the domain "winsbe.mydomain.com" it all works fine.
I'd frankly be willing to half-*** it with this solution,
but each client will require a mobile computer, so we can't have that
I feel like i'm on the right track, but
just can't make the breakthrough.
Am I barking up the wrong tree here?
Here is a last question,
I have my firewall/router as the "Forwarder IP Address"
in the last page of Settings in server admin. When i put
my ISP's DNS servers, i always get a 2 second delay
for any web query on any client.
I have "127.0.0.1" as the first DNS entry in xserve Network Preferences.
The xserve is the only DNS entry in the client computers.
This isn't a "bad practice" or anything is it?For the curious, my named.conf below (haven't messed with it):
// Include keys file
include "/etc/rndc.key";
// Declares control channels to be used by the rndc utility.
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.
// Default controls
controls {
inet 127.0.0.1 port 54 allow {any; }
keys { "rndc-key"; };
options {
include "/etc/dns/options.conf.apple";
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
// query-source address * port 53;
// a caching only nameserver config
logging {
include "/etc/dns/loggingOptions.conf.apple";
// Public view read by Server Admin
include "/etc/dns/publicView.conf.apple";
// Server Admin declares all zones in a view. BIND therefore dictates
// that all other zone declarations must be contained in views. -
DNS for an Xserve NAT arrangement
Hi,
I've still struggling with Open Directory login and I'm now convinced my DNS is way off. I have full functionality with a simple clients to server to modem/router to ISP.
However, with a dual port xserve, a NAT arrangement keeping one port pointing to web access and the other to the internal mac client network I seem to be consistently wrong. Could anyone run through the basic DNS arrangements for such a set up. I believe it very close to the earlier mentioned setup with the addition of a record maybe?? I'm not sure.
ThanksYou are correct.
This is more a "running this by you all" post, as I've tried several things that have seemed, in a "UNIX" way, to be proper - you caught the part about the Zip Storm I gather, that was a mess, AppleTalk is a necessity.
It's only one of the few solutions I've seen and this is a tough nut to crack (properly). I appreciate you "checking the math".
Do you, or anyone have a safer suggestion where I can get the update but shut of Internet access to the private LAN and Xserve, while still allowing DNS, to operate?
I don't want (need) a redundant Internet gateway.
I appreciate your attention to this - it not as easy as it seems. -
Do you think I have my DNS set up correctly?
Hi
I have bought a macmini server running the latest OSX software. I plan to host my own website and email from it. My ISP has given me a static ip address and I plan to set up my advanced DNS settings as follows, though I have used fake url & ip address for this question:
A Records: Host Name - myserver.example.com / IP Address - 215.40.70.84
DNS "MX" Records: Points to - 215.40.70.84 / Priority - 1
My question is, would the above enable my url to point to my new server and deliver emails to it?
Thanks!
Mark- Could you expand on VPN end-point capabilities? I googled this but the explanations are a bit too technical for me. BTW I am running a 2wire BT2700 router.
VPNs can be forwarded via NAT (which gets ugly) to a server, or the gateway itself can include a VPN server.
If you connect directly to a server (port-forwarding everything at the gateway), you have to get all of the network traffic through NAT, and NAT can get ugly for a couple of reasons, and the server must be booted and working or you won't have an end-point for the VPN connection. (VPNs tend to seek security through various means including the use the originating IP address, and NAT seeks to mess with the originating IP address.)
With a VPN connection into a VPN server in the gateway, your local client is effectively similar to a client directly connected on the target network.
I'd be surprised if that 2Wire widget had a VPN server, but check the documentation. It does look to be possible to [switch (some?) 2Wire 2700 gateways into bridged mode|http://www.dslreports.com/forum/r21066151-2wire-2700HGB-bridge-mode-simple -tutorial] and place a server-grade firewall behind it. (A bridge is comparatively transparent to an IP connection.)
I often suggest a VPN, and for various reasons. Remote access into the LAN for maintenance and general access to LAN-local resources and particularly for various operations from untrusted networks, and as a path for remote support. AFP or SMB and other protocols are best kept behind the gateway, for instance. And the VPN scales as your network scales (you're able to get directly to any box, and not hopping around via an internal VPN server host), and a VPN-capable gateway keeps the riffraff at the edge of your network.
- I agree on split horizons. Do you know of any websites with user friendly explanations of this?
Questions or comments on [Mac OS X Server DNS configuration|http://labs.hoffmanlabs.com/node/1436] are welcome. -
[SOLVED] Slow DNS lookup, I think
Hi
I have a really annoying problem. My DNS lookup in Arch is painfully slow. I know it's not a network problem, as I don't have any problems in my Ubuntu installation. I have tried to run two simple tests to show you what I mean. The first is a simple ping google.
########### Ubuntu ###########
carsten@carsten-laptop:~$ time ping -c 3 www.google.com
PING www.l.google.com (216.239.61.104) 56(84) bytes of data.
64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=1 ttl=245 time=17.4 ms
64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=2 ttl=245 time=20.6 ms
64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=3 ttl=245 time=11.4 ms
--- www.l.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 11.465/16.529/20.641/3.809 ms
real 0m2.290s
user 0m0.000s
sys 0m0.004s
########### Arch ###########
carsten ~/Desktop $ time ping -c 3 www.google.com
PING www.l.google.com (216.239.61.104) 56(84) bytes of data.
64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=1 ttl=245 time=12.3 ms
64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=2 ttl=245 time=10.7 ms
64 bytes from sn-in-f104.google.com (216.239.61.104): icmp_seq=3 ttl=245 time=12.4 ms
--- www.l.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 10.776/11.867/12.476/0.778 ms
real 0m15.305s
user 0m0.013s
sys 0m0.007s
Ubuntu: 0m2.290s vs. Arch: 0m15.305s.
In the second test I tried to fake a pacman update by downloading the .db files from my primary server. On both Ubuntu and Arch I used this simple script
repos=( core extra community )
time for repo in ${repos[@]}
do
wget http://archlinux.unixheads.org/$repo/os/i686/$repo.db.tar.gz
done
When I run it in, I get this result
########### Ubuntu ###########
carsten@carsten-laptop:~/Desktop$ ./updatetest
--2008-11-10 07:58:23-- http://archlinux.unixheads.org/core/os/i686/core.db.tar.gz
Resolving archlinux.unixheads.org... 204.152.186.174
Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 32515 (32K) [application/x-gzip]
Saving to: `core.db.tar.gz'
100%[=============================================================>] 32.515 --.-K/s in 0,1s
2008-11-10 07:58:23 (331 KB/s) - `core.db.tar.gz' saved [32515/32515]
--2008-11-10 07:58:23-- http://archlinux.unixheads.org/extra/os/i686/extra.db.tar.gz
Resolving archlinux.unixheads.org... 204.152.186.174
Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 422622 (413K) [application/x-gzip]
Saving to: `extra.db.tar.gz'
100%[=============================================================>] 422.622 242K/s in 1,7s
2008-11-10 07:58:25 (242 KB/s) - `extra.db.tar.gz' saved [422622/422622]
--2008-11-10 07:58:25-- http://archlinux.unixheads.org/community/os/i686/community.db.tar.gz
Resolving archlinux.unixheads.org... 204.152.186.174
Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 369845 (361K) [application/x-gzip]
Saving to: `community.db.tar.gz'
100%[=============================================================>] 369.845 206K/s in 1,8s
2008-11-10 07:58:27 (206 KB/s) - `community.db.tar.gz' saved [369845/369845]
real 0m3.837s
user 0m0.016s
sys 0m0.036s
########### Arch ###########
carsten ~/Desktop $ ./updatetest
--2008-11-10 08:01:33-- http://archlinux.unixheads.org/core/os/i686/core.db.tar.gz
Resolving archlinux.unixheads.org... 204.152.186.174
Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 32515 (32K) [application/x-gzip]
Saving to: `core.db.tar.gz'
100%[==============================================================================>] 32,515 --.-K/s in 0.1s
2008-11-10 08:01:47 (303 KB/s) - `core.db.tar.gz' saved [32515/32515]
--2008-11-10 08:01:47-- http://archlinux.unixheads.org/extra/os/i686/extra.db.tar.gz
Resolving archlinux.unixheads.org... 204.152.186.174
Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 422622 (413K) [application/x-gzip]
Saving to: `extra.db.tar.gz'
100%[==============================================================================>] 422,622 253K/s in 1.6s
2008-11-10 08:02:02 (253 KB/s) - `extra.db.tar.gz' saved [422622/422622]
--2008-11-10 08:02:02-- http://archlinux.unixheads.org/community/os/i686/community.db.tar.gz
Resolving archlinux.unixheads.org... 204.152.186.174
Connecting to archlinux.unixheads.org|204.152.186.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 369845 (361K) [application/x-gzip]
Saving to: `community.db.tar.gz'
100%[==============================================================================>] 369,845 262K/s in 1.4s
2008-11-10 08:02:17 (262 KB/s) - `community.db.tar.gz' saved [369845/369845]
real 0m44.153s
user 0m0.047s
sys 0m0.017s
Ubuntu: 0m3.837s vs. Arch: 0m44.153s
I get the same update time whenever I update pacman normally.
I have googled a lot to figure out an answer, but nothing helps, so I was hoping somebody could help me figure this out, as it's very annoying. My hosts file looks like this
hosts:
# /etc/hosts: static lookup table for host names
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost arch
# End of file
rc.conf:
# /etc/rc.conf - Main Configuration for Arch Linux
# LOCALIZATION
# LOCALE: available languages can be listed with the 'locale -a' command
# HARDWARECLOCK: set to "UTC" or "localtime"
# USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
# TIMEZONE: timezones are found in /usr/share/zoneinfo
# KEYMAP: keymaps are found in /usr/share/kbd/keymaps
# CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
# CONSOLEMAP: found in /usr/share/kbd/consoletrans
# USECOLOR: use ANSI color sequences in startup messages
LOCALE="en_US.utf8"
HARDWARECLOCK="UTC"
USEDIRECTISA="no"
TIMEZONE="Asia/Singapore"
KEYMAP="dk"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
# HARDWARE
# MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
# MOD_BLACKLIST: Prevent udev from loading these modules
# MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
# NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
MOD_AUTOLOAD="yes"
#MOD_BLACKLIST=() #deprecated
MODULES=(e100 mii iwl3945 fuse acpi-cpufreq cpufreq_ondemand cpufreq_conservative cpufreq_powersave loop !pcspkr !snd_pcsp)
# Scan for LVM volume groups at startup, required if you use LVM
USELVM="no"
# NETWORKING
# HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
HOSTNAME="arch"
# Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
# Interfaces to start at boot-up (in this order)
# Declare each interface then list in INTERFACES
# - prefix an entry in INTERFACES with a ! to disable it
# - no hyphens in your interface names - Bash doesn't like it
# DHCP: Set your interface to "dhcp" (eth0="dhcp")
# Wireless: See network profiles below
#eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
eth0="dhcp"
INTERFACES=(!eth0 !wlan0)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
# Enable these network profiles at boot-up. These are only useful
# if you happen to need multiple network configurations (ie, laptop users)
# - set to 'menu' to present a menu during boot-up (dialog package required)
# - prefix an entry with a ! to disable it
# Network profiles are found in /etc/network.d
# This now requires the netcfg package
#NETWORKS=(main)
# DAEMONS
# Daemons to start at boot-up (in this order)
# - prefix a daemon with a ! to disable it
# - prefix a daemon with a @ to start it up in the background
DAEMONS=(syslog-ng !network hal !netfs crond fam wicd cups laptop-mode oss gdm)
SPLASH="splashy"
Thanks in advance!
Last edited by Sharpeee (2008-11-15 10:39:42)Just tried to remove the "search..." line from my /etc/resolv.conf file, but nothing! It's okay if I remove the line after it connects right? Wicd overwrites the file anyways if I reconnect.
I don't really think changing to a different network-manager will help me. It works perfectly fine in Ubuntu with both network-manager and wicd, do don't think that's the problem. It must be a configuration file somewhere.
#### EDIT ####
I just tried to disable wicd and enable the wired network in /etc/rc.conf. After a reboot and it's still the same, even on the wired, so it's got be some other settings somewhere that's messing things up!
Also, for some reason my theme, in Gnome, isn't loaded after I disabled wicd? I have to manually run "gnome-appearance-manager"??
Last edited by Sharpeee (2008-11-11 05:01:46)
Maybe you are looking for
-
no matter how many times I ask T'bird to check for new mail I get back ANOTHER copy of the same message dated 7:28am and NO MAIL received after that reaches my INBOX. On my other PC running Windows 7 only ONE copy of the 7:28am transmission arrives a
-
Spry menu bar transparency in Internet Explorer 8
Hello all, I've searched for this one but can't seem to find a solution that works. I'm using DW CS5 and I've included a spry menu bar and transparency on the site works great everywhere else except for the menu bar. I tried to use the hack to change
-
Please open signing in to my account
Dear All Just open for me the sign in .. I know my password and I can log in without your help ! it's my account since 2001 if You see why you locked the account You will find that I was typing the password correctly but the problem is that the caps
-
Aperture 3.1.3. 3.2. checking library constantly
Hi there, since i updated from 3.1.3. to 3.2. every time i start aperture the library will be checked and updated. How can i turn it off? Thanks. Regards -s
-
Hi guys First of all i'd like for everyone to know im a HUGE FAN of the PC Suite , OVI suite and now called Nokia Suite software line, and it has helped me a lot in my daily routines.. to be honest? THIS SOFTWARE is the only reason im still w/ NOKIA.