DNS Resolution Issues

Hey Guys,
I have recently set up a Mac OS X server at home and have set it up to work with the domain name server.geckocentral.co.uk for which I have created an A record and it works perfectly.. this is the Mac OS X standard tutorial method presented by the great Todd Otholff for accessing your network on an outside line and I followed it perfectly.
The problem I now have is that I cannot access http://geckocentral.co.uk anywhere in the world although I could on and off earlier on but even off my WiFi my mobile devices can no longer access it so I guess the internal and external DNS are both broken ?
When you add the domain to the servers DNS it has to hold the zone geckocentral.co.uk and then server.geckocentral.co.uk is the machine name within the domain.
Is there perhaps a record I can add somewhere to tell the DNS that anything not assigned to server.geckocentral.co.uk needs to look somewhere else since my website is hosted externally with innohosting along with my webmail etc and now its busted.
This is for my business I run and I am hoping there is a way to fix it.
Regards,
Matt

You'll want to launch the following diagnostic command and confirm your local DNS is working:
sudo changeip -checkhostname
If you're referring to any DNS services off of your network and if you're using NAT as is typical, then the above command will probably report a DNS error.
Here are details on setting up LAN-local DNS on OS X Server.
I would generally recommend against using the same domain name both inside your firewall on your NAT'd network and outside via your DNS provider's servers — it's possible to do that, but you'll then have to track public IP addresses around within your internal DNS.   If I've guessed at the trigger for the issue you've encountered, it's involving two separate authoritative DNS servers, or there's no internal DNS running here. 
Either use a subdomain of a domain you've registered or have permission to use, or use a seperate registered domain inside your network, or (getting more difficult as ICANN is adding new top-level domains) use a bogis domain such as .mattd25 as your top-level domain.  If you choose to use a bogus domain, do not use .local, .com, .net or any other existing top-level domain.

Similar Messages

  • AD DNS resolution Issue for specific Site

    Hello Experts,
    Currently I am facing issue for DNS Resolution.
    I have 2 Sites
    Site A(2003 R2 DC) & Site B(2008 R2 ADC)
    my domain name is abc.co.in
    and I have another forwardlookup zone abcl.com (mail.abcl.com/Dev.abcl.com)
    I am able to resolve host recoreds for abc.co.in & abcl.com from site A
    I am facing issue for Site B
    unable to resolve A records for mail.abcl.com
    when I am trying to resolve using
    ============================================================
    nslookup mail.abcl.com 192.168.0.5 (Site B ADC)
    getting below output
    Server : adc01siteB.abc.co.in
    Address : 192.168.0.5
    Non autoritative answer :
    Name : com.co.in
    address : 192.254.185.209
    Aliases : mail.abcl.com.co.in
    ==============================================================
    mail.abcl.com - 192.168.0.11 (Actual Internal A record)
    I want to know why this trying to resolve from external DNS (192.254.185.209)
    your help / pointers will be appreciable
    R Udeg

    Is your settings for site B the same for site A in the DNS Server properties?
    Did you make sure that UDP and TCP port 53 is open both ways?
    Did you make sure all resource records have been updated?
    Did you flush the cache/ scavenging happened?
    Did you check the DNS forwaders and recursion?
    Remember if a DNS server fails to resolve a name for which it is not authoritative, the cause is usually a failed recursive query. Recursive queries are used frequently by DNS servers to resolve remote names that are delegated to other DNS zones and servers.
    Note: If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.

  • Safari can't find insert server Server DNS resolution issues

    I'm getting this error a lot.
    Most of mine are to .gov sites that change their DNS resolution fairly frequently
    Here is a list of the types of sites that often come back with server not found errors.
    http://forecast.weather.gov/MapClick.php?CityName=Paonia&state=CO&site=GJT&textF ield1=38.8695&textField2=-107.59
    http://forecast.weather.gov/MapClick.php?lat=38.89317057287496&lon=-107.59323120 117188&site=gjt&smap=1&unit=0&lg=en&FcstType=text
    http://www.crh.noaa.gov/gjt/
    http://squall.sfsu.edu/gif/jetsat_00.gif
    http://science.nasa.gov/science-news/science-at-nasa/2010/11jan_antimatter/
    http://farmingforum.co.uk/forums/index.php
    Further research has shown that the problem is that Safari has changed how it looks up DNS services between revision 5.0.3 and the one in Leopard as the problem never happened in Leopard.
    Clearing the cache does not help, clearing and resetting cookies does not help. Constant reloading of the page will eventually fix it, whenever Safari finally goes to the proper DNS.
    There is clearly a change in how Safari is looking things up on the DNS but no clue hot to change the behavior to get it back to the Leopard version that worked.

    If you use a router, does it have the latest firmware installed? Safari 5 introduced 'DNS Prefetching' (Safari looks up the addresses of links on webpages and can load those pages faster) which could strain some routers or modems producing a 'latency' in page loading. This was fixed in Safari 5.0.2, but you may see a benefit from getting a faster router or modem. You can read more about that here:
    http://support.apple.com/kb/TS3408?viewlocale=en_US

  • Internal DNS resolution issue - almost all external sites working

    I administer an Xserve running 10.5.8 Server. This client is running internal DNS due to a few internal services (iChat, mail, VPN, etc) - but his website, of the same domain, is hosted externally at a hosting provider. This is where I'm running into odd problems. For examples:
    ichat.company.com - 10.0.1.100 (when inside the network, also has FQDN on Internet)
    mail.company.com - 10.0.1.100 (same as above)
    www.company.com - xxx.xxx.xxx.xxx (the actual public IP address of the web server at the host)
    Do I need to do it this way? If I don't define the "www" record internally, and point it to the external IP of the hosting provider for the website, the clients inside the network can't see the website, because the internal domain services aren't answering the "www" question and won't hand off to the internet records. It's frustrating because every time the client has a subdomain added to his website, i have to add a record on his internal DNS or it won't resolve at his office. example:
    newdomain.company.com - xxx.xxx.xxx.xxx (public IP of the web host, or it fails)
    Is there a way to have internal DNS for a domain answer most but not all questions for the domain?
    - Bill

    Just as an aside, you could potentially setup a subdomain for the internal systems, e.g. 'corp.company.com' and setup the internal services in this domain - ichat.corp.company.com, mail.corp.company.com, etc.
    Then to get to the internal systems users use those .corp.company.com hostnames and the rest of .company.com gets sent upstream.
    It may or may not be sufficient for your needs. This kind of model works well for static users that only work in the office but may not work so well for mobile users.

  • Intermittend DNS resolution, timeserver, group policy updates errors in client logs in Win 2012 R2 single server environement

    We recently switched hardware and server software Win SBS 2008 to 2012R2 for a small network roughly 40 clients (Win7 Pro / Win 8.1 Pro) about 16 running concurrently at a given time and one network printer with the printer queue residing on the DC as well.
    I read that a single server environment might not be ideal in particular no fail-over but that is an accepted risk in this particular network here.
    Errors:
    Error 1043: Timeout during name resolution request
    Error 1129: Group policy updates could not be processed due to DC not available
    Error 5719: Could not establish secure connection to DC, DC not available
    Occasionally but disappears after a while
    Error 134: As a result of a DNS resolution timeout could not reach time server
    Symptoms
    On Win 7 Clients
    Network shares added through Group Policy will not show sometimes
    Network shares disconnect (red X) and when accessed return access authorization error after one or two clicks on the share finally grant access again
    When the issue with accessing network shares occurs, it usually also affects Internet access meaning a 'server not responding' error appears in the browser windows when trying to open just any web page
    nslookup during the incident returns cannot resolve error
    ipconfig on client shows correct default router (VDSL Router) and DHCP / DNS Domain Controller
    Also, the Win system log shows the above errors during these incidents, however, the nuimber of incidents vary from 20-30
    On Win 8.1 Clients
    Same as above with the slight variation for network shares apparently due to Server 2012 and Win 8.1 clients managing drive shares differently. However, network share refresh does not work with this clients. In most cases only a gpupdate /force returns
    drive shares but usually only for the active session. After logoff / logon the shares are gone again.
    The issue does appear to be load related since it occurs even if there are only one or two workstations active.
    Server Configuration
    Dell R320 PowerEdge 16GB / 4TB 7200RPM RAID10 / GBitEthernet
    Zyxel 1910-48 Port Switch
    VDSL 50Mbps Down / 20Mbps Up
    Since the DC is the only local DNS and there are no plans to add another one or move DNS to another server, the DNS server is configured with this own address as preferred DNS with three DNS forwarders 1) VDSL Router 2) ISP DNS1 3) ISP DNS2
    Currently only one Network card is active for problem determination reasons.
    There appears to be no consensus concerning IPV6 enabled or disabled, I tried both with no apparent effect
    I have set all network cards server and client to Full Duplex and the same speed, also disabled Offload functions within the adapter settings. Some but no consistent improvements.
    Best Practice Analyzer Results
    DNS server scavening not enabled
    Root hint server XYZ must respond to NS queries for the root zone
    More than one forwarding server should be configured (although 3 are configured)
    NIC1 should be configured to use both a preferred and alternate DNS (there is only one DNS in this network)
    I have found some instructions to apply changes to the clients through a host file but I would rather like to understand whether this DNS response time issue can be resolved on the server for example timing setting perhaps. Currently the DNS forwarders are
    set to 3 second.
    Since a few people have reported issues with DNS but most are working with multi DNS, DC environment I could not really apply any suggestions made there. perhaps there is anyone like me who is running a single server who has overcome or experience the same
    issues. Any help would be appreciated

    Hello Milos thx for your reply.. my comments below
    1. What does it "switched"? You may mean migration or new installation. We do not know...
    >> Switched is probably the incorrect term, replaced would be the appropriate wording. Before, there was a HP Proliant Server with SBS 2008 with distinct domain and now there is a Dell Server with MS 2012 R2 with a distinct domain. Client were
    removed from one (SBS) domain and added to the new Server 2012 domain. Other components did not change for example same Network Switch or VDSL Router, Workstations and Printer
    2. Two DCs are better alternative. Or backup very frequently. There are two groups of administrators. Those who have lost DC and those who will experience this disaster in near future.
    >> Correct, and I am aware of that
    3. NIC settings in W 7 and W 8.1, namely DNS points to DC (...and NOTHING else. No public IP or that of router DNS.))
    >> Correct, this is how it's currently implemented. Clients point to DC for DHCP and DNS and Default Router, no public IP or DNS. The only references to ISP DNS exist on the VDSL Router itself as provided through ISP when establishing VDSL
    Link and the list of Forwarders in the DNS Server configuration. However, I have just recently added the ISPs DNS as forwarders for test purposes and will probably learn tomorrow morning whether this had any effect for better or worse.
    4. Do nslookup to RR on clients. RR branch is saying client basic info on LDAP parameters of AD.
    >> Will post as soon as available
    5. I do not use forwarders and the system works
    >> Ok, does this mean it works for you in a similar or the same infrastructure setup or are you saying it is not required at all and I can remove any forwarder in a scenario like mine? If not required can you explain a bit more why it is not
    required apart from that it does work for you that way?
    6. DHCP should sit on DC (DHCP on router is disabled)
    >> Correct, no other device is configured to provide DHCP service other than DC and DHCP is currently running on DC
    7. NIC settings in DC points to itself (loopback address 127.0.0.1)
    >> Are you sure this is still correct and does apply to Server 2012? I am reading articles stating that it should be the servers own IP but local loop or should this be added as alternate DNS in addition to the servers own IP?
    8. Use IPCONFIG /FLUSHDNS whenever you change DNS settings.
    >> OK, that was not done every time I changed some settings but I can do that next week. Reboot alone would not suffice, correct?
    9. Test your system with dcdiag.
    >> See result below
    10. Share your findings.
    Regards
    Milos
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
      Home Server = GSERVER2
       * Identified AD Forest.
       Done gathering initial info.
    Doing initial required tests
    Testing server: Default-First-Site-Name\GSERVER2
          Starting test: Connectivity
             ......................... GSERVER2 passed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\GSERVER2
          Starting test: Advertising
             ......................... GSERVER2 passed test Advertising
          Starting test: FrsEvent
             ......................... GSERVER2 passed test FrsEvent
          Starting test: DFSREvent
             ......................... GSERVER2 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... GSERVER2 passed test SysVolCheck
          Starting test: KccEvent
             ......................... GSERVER2 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... GSERVER2 passed test
             KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... GSERVER2 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... GSERVER2 passed test NCSecDesc
          Starting test: NetLogons
             ......................... GSERVER2 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... GSERVER2 passed test
             ObjectsReplicated
          Starting test: Replications
             ......................... GSERVER2 passed test Replications
          Starting test: RidManager
             ......................... GSERVER2 passed test RidManager
          Starting test: Services
             ......................... GSERVER2 passed test Services
          Starting test: SystemLog
             ......................... GSERVER2 passed test SystemLog
          Starting test: VerifyReferences
             ......................... GSERVER2 passed test VerifyReferences  
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : GS2
          Starting test: CheckSDRefDom
             ......................... GS2 passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... GS2 passed test CrossRefValidation  
       Running enterprise tests on : GS2.intra
          Starting test: LocatorCheck
             ......................... GS2.intra passed test LocatorCheck
          Starting test: Intersite
             ......................... GS2.intra passed test Intersite
    Server:  gserver2.g2.intra
    Address:  192.168.240.6
    *** gserver2.g2.intra can't find g2: Non-existent domain
    > gserver2
    Server:  gserver2.g2.intra
    Address:  192.168.240.6
    g2.intra
            primary name server = gserver2.g2.intra
            responsible mail addr = hostmaster.g2.intra
            serial  = 443
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)
    > wikipedia.org
    Server:  gserver2.g2.intra
    Address:  192.168.240.6
    Non-authoritative answer:
    wikipedia.org   MX preference = 10, mail exchanger = polonium.wikimedia.org
    wikipedia.org   MX preference = 50, mail exchanger = lead.wikimedia.org
    polonium.wikimedia.org  internet address = 208.80.154.90
    polonium.wikimedia.org  AAAA IPv6 address = 2620:0:861:3:208:80:154:90
    lead.wikimedia.org      internet address = 208.80.154.89
    lead.wikimedia.org      AAAA IPv6 address = 2620:0:861:3:208:80:154:89
    Final benchmark results, sorted by nameserver performance:
     (average cached name retrieval speed, fastest to slowest)
      192.168.240.  6 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      + Cached Name   | 0,001 | 0,002 | 0,003 | 0,001 | 100,0 |
      + Uncached Name | 0,027 | 0,076 | 0,298 | 0,069 | 100,0 |
      + DotCom Lookup | 0,041 | 0,048 | 0,079 | 0,009 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 gserver2.g2.intra
                    Local Network Nameserver
      195.186.  4.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,023 | 0,025 | 0,000 | 100,0 |
      - Uncached Name | 0,025 | 0,071 | 0,274 | 0,065 | 100,0 |
      - DotCom Lookup | 0,039 | 0,040 | 0,043 | 0,001 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns8.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
      195.186.  1.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,023 | 0,026 | 0,001 | 100,0 |
      - Uncached Name | 0,025 | 0,072 | 0,299 | 0,066 | 100,0 |
      - DotCom Lookup | 0,039 | 0,042 | 0,049 | 0,003 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns7.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
        8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,033 | 0,040 | 0,079 | 0,011 | 100,0 |
      - Uncached Name | 0,042 | 0,113 | 0,482 | 0,097 | 100,0 |
      - DotCom Lookup | 0,049 | 0,079 | 0,192 | 0,039 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 google-public-dns-a.google.com
                     GOOGLE - Google Inc.,US
      UTC: 2014-11-03, from 14:33:12 to 14:33:29, for 00:17,648
    15: 40
    192.168.240.  6 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      + Cached Name   | 0,001 | 0,002 | 0,004 | 0,000 | 100,0 |
      + Uncached Name | 0,025 | 0,074 | 0,266 | 0,063 | 100,0 |
      + DotCom Lookup | 0,042 | 0,048 | 0,075 | 0,007 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 gserver2.g2.intra
                    Local Network Nameserver
      195.186.  1.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
      - Uncached Name | 0,024 | 0,073 | 0,289 | 0,067 | 100,0 |
      - DotCom Lookup | 0,039 | 0,041 | 0,043 | 0,001 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns7.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
      195.186.  4.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
      - Uncached Name | 0,025 | 0,073 | 0,286 | 0,065 | 100,0 |
      - DotCom Lookup | 0,041 | 0,066 | 0,180 | 0,037 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                         cns8.bluewin.ch
               BLUEWIN-AS Swisscom (Schweiz) AG,CH
        8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
      ----------------+-------+-------+-------+-------+-------+
      - Cached Name   | 0,033 | 0,038 | 0,077 | 0,009 | 100,0 |
      - Uncached Name | 0,042 | 0,105 | 0,398 | 0,091 | 100,0 |
      - DotCom Lookup | 0,049 | 0,066 | 0,141 | 0,025 | 100,0 |
      ---<-------->---+-------+-------+-------+-------+-------+
                 google-public-dns-a.google.com
                     GOOGLE - Google Inc.,US
      UTC: 2014-11-03, from 14:39:59 to 14:40:12, for 00:13,363

  • ISE ver 1.1.3.124 - DNS Resolution Errors.

    I am having a very strange issue with ISE version 1.1.3.124 running as a VM on UCS.
    When I login to ISE GUI using my browser I see a large number of Alarms:
    Alarm
    Occurred At:
    Mon Apr 15 19:45:01 UTC 2013
    Cause:
    DNS resolution failure on host device_name01.abc.xyz.com
    Details:
    DNS resolution failed for the hostname device_name01.abc.xyz.com
    against the currently configured name  servers. Ensure that you have configured a reachable name server using  the 'ip name-server <servername>' CLI. 
    I have the 'ip name-server x.y.z.1' command configured in ISE using the CLI.
    From the CLI I resolve any other device names by PINGing from ISE CLI to any of my other devices in the network. So DNS seems to be working fine.
    But why am I getting the Alarms in ISE?
    Thanks for any help or suggestion in advance.
    Regards.
    Adil.

    Can you confirm that you have an A record for the ISE node configured on your DNS Server?
    If there is only a CNAME record, then you may see the specified error message.

  • Changes in DNS resolution in Mac OS X Snow Leopard

    Disclaimer: Apple does not necessarily endorse any suggestions, solutions, or third-party software products that may be mentioned in the topic below. Apple encourages you to first seek a solution at Apple Support. The following links are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use the information below at your own discretion.
    There have been two major changes in DNS resolution in Mac OS X Snow Leopard as compared to Mac OS X Leopard and previous releases, and this tip is intended to explain them.
    1) User-specified DNS servers, if any, are now used to the exclusion of all others
    DNS server addresses may be manually-specified by users via the Networking preference pane by selecting the active interface (e.g. AirPort, Ethernet, etc.), the clicking the "Advanced…" button in the lower right hand corner of the window, and selecting the "DNS" tab.
    DNS server addresses may also be provided by a DHCP server.
    In Mac OS X Snow Leopard, if any DNS servers are manually specified, they will be the only DNS servers consulted; any DNS servers specified via DHCP will be ignored
    This differs from Mac OS X Leopard and previous releases of Mac OS X, as in those releases, if DNS servers were specified manually as well as provided via DHCP, the manually-specified server(s) would be queried first, and if those requests failed, requests would then be sent to any DNS server(s) specified via DHCP.
    This means that in Mac OS X Snow Leopard, if queries to manually-specified DNS servers fail, the request will be considered to have failed and no DHCP-specified DNS server will ever be queried.
    Users may encounter this because at some point a DNS server (which is no longer functioning or reachable) was manually set in a work or other environment and they had forgotten about it since the previous behavior was for failed requests to "fall through" to DHCP-specified servers.
    Because of the change in behavior, those same systems will fail to resolve any DNS requests in Mac OS X Snow Leopard.
    2) mDNSResponder does not honor DNS server ordering
    While not explicitly documented, in Mac OS X versions earlier than Snow Leopard, DNS servers, whether specified manually or via DHCP, were queried in the order they were provided. For manual specification, this means in the order shown in the appropriate Network preferences pane tab, and for DHCP users in the order specified by the DHCP server.
    This is no longer true in Mac OS X Snow Leopard; instead mDNSResponder now seems to occasionally change the order in which it queries DNS servers from that in which they were specified.
    This has caused some users issues when DNS servers are specified in a specific sequence.
    For example, say your network has two DNS servers, a main server at address 192.168.100.1, and a secondary server at 192.168.100.2, which is normally only to be used if the primary DNS server fails as it is slower and/or has a slower link to the Internet.
    If they were specified in that order, past versions of Mac OS X would query them in that order, and unless a failure occurred contacting the primary server, the second server specified would never be contacted.
    In Mac OS X Snow Leopard, under various conditions mDNSResponder will instead decide to route all DNS queries to the second DNS server specified, perhaps as a method of routing DNS queries in a round-robin fashion.
    Nevertheless, this behavior is unexpected to most users, and may cause issues if the previous behavior was expected.
    The only workaround is to realize that Mac OS X Snow Leopard treats all specified DNS servers as being equally capable and to specify DNS servers, either manually or via DHCP, accordingly.
    This is the 1st version of this tip. It was submitted on November 15, 2009 by William Kucharski.
    Do you want to provide feedback on this User Contributed Tip or contribute your own? If you have achieved Level 2 status, visit the User Tips Library Contributions forum for more information.

    This tip is now ready for publication.

  • Error NtpClient was unable to set a manual peer. DNS resolution error When using IP address.

    Hya,
    We have been migarting to some new DCs. one of the new DCs now has all the master roles call it DC01.
    when I try and sync/setup NTP on this server as the the authoritive NTP in the doamin I get:
    NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on '”10.*.*.*,0x1”'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
    I am using the following commands to set NTP up on the server.
    >net stop w32time
    >w32tm /config /syncfromflags:manual /manualpeerlist:"10.*.*.*,0x1"
    >w32tm /config /reliable:yes
    >net start w32time.
    Is anyone aware of what the issue could be?
    Ps one of the old dc can still sync to this site manually if tried.
    cheers Mike

    Hi,
    First make sure your DNS is working properly, then please try this article below:
    Event ID 134 — Manual Time Source Acquisition
    http://technet.microsoft.com/en-us/library/cc756393(v=ws.10).aspx
    Hope this helps.

  • RV082 - Slow DNS Resolution

    Greetings Gang,
    Have an RV082 v1.1 FW 1.3.98-tm that has been rock solid for a couple of years and is now, suddenly, experiencing dead crawl DNS resolution.
    No changes in configuration prior to the behavior starting. Tried rebooting the unit, no changein behavior.
    There's an internal DNS server that resolves internal resources, but everything else gets pushed to the RV082.
    I've tried Comcast, Verizon and Google DNS servers at the router level, and the results are the same -- so that rules out the DNS servers themselves.
    Change the DNS servers at the NIC level on a wrokstation, and resolution occurs quickly and reliably.
    I'm looking to reset to Factory Default and reload the configuration and likely upgrade to FW 2.0.0.19-tm or 2.0.2.01-tm but I do see similar issues reported with those firmwares, and moreover, in a mixed Mac/PC environment.
    Was wondering if anyone else has experienced these issues, could identify a root cause and resolution.
    Thanks,
    Jorge

    Probably just corruption, which can happen every so often.  A couple of years in service rock-solid is really great.
    I experienced similar problems with my rv016s when my ISP changed their backend carrier equipment.  I was never able to fix the issue, so I had to reboot them every 8hrs.
    I wouldn't upgrade unless you HAVE to.  You'll more than likely run into other bugs that breaks your current configuration, even if it's just a site-to-site VPN (I've been there, done that).
    Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

  • DNS nslookup issue

    Hello,
    It is in continuation of my previous thread;
    http://social.technet.microsoft.com/Forums/en-US/4cb781c2-7da5-4da8-aa4a-b62dd8b122c4/nslookup-issue?forum=winserverNIS
    I have two sites main and dr. In each site we have 4 domain controllers running on windows 2008 r2. when i try to nslookup from dr domain controllers to our Domain name (ads.pnu.edu.sa), it gives me two times "Time out for 2S" and after that it
    properly shows me the IP addresses of the servers of my domain. I need to investigate why the RTO is coming. i am attaching the nslookup and ipconfig snapshots.
    I disabled ipv6 from registry. all is working through normal ping and there is PTR for the server in DNS. Appreciate if anyone please guide.

    When you put a period on the end of it, it will not use the search suffixes. Here's more info on that and how and why it works:
    Nslookup suffixing behavior
    http://blogs.msmvps.com/acefekay/2013/02/17/nslookup-suffixing-behavior/
    Are you concerned that your servers, applications or something else is not properly working? Nslookup is good for testing, however, you have to remember that an app doesn't use nslookup. It has its own built-in resolver. If you use ping, which uses the machine's
    client side resolver, do you see any delays or non-resolution issues?
    Are your DNS server patched and updated?
    ===
    If it's doing it for other records too, then Run the following, and if the hotfix is already installed or it doesn't apply
    due to service pack level or operating system version, no fret, the installer will tell you right away and will tell you to
    stop. Some of them require restarts.
    DNS Server service does not use root hints to resolve external names in Windows Server 2008 R2
    Post Windows 2008 R2 SP1 HOTFIX available.
    APPLIES TO •Windows 2008 R2 Datacenter •Windows 2008 R2 Ent •Windows 2008 R2 Std.
    Requires a restart.
    http://support.microsoft.com/kb/2616776
    DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2
    Hotfix release - (released 4/15/2011)
    http://support.microsoft.com/kb/2508835
    Windows 2008 -
    DNS queries for external domains are not resolved when you use Conditional Forwarding in Windows Server 2008
    Post Windows 2008 SP2 Hotfix available
    Requires a restart.
    http://support.microsoft.com/kb/2625735/
    DNS server stops responding to DNS queries from client computers in in Windows Server 2003, in Windows Server 2008 or in
    Windows Server 2008 R2 - Post Service Pack Hotfix available.
    Does not require a restart.
    http://support.microsoft.com/kb/2655960
    And if nslookup times out on MX records, it's by design:
    NSLOOKUP Returns Time-out Error When Query for an MX Record
    http://support.microsoft.com/kb/198551/en-us
    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • Slow DNS Resolution using Time Capsule

    Hello,
    I'm using a time capsule as my main internet router and wireless access point, and I've noticed a significant delay before web pages begin to download.  In trying to troubleshoot this, I came across a very helpful utilitity called the Netalyzr from Berkley.  Using this tool, I'm able to see that there is a significant delay in name lookups using the time capsule DNS proxy capability.  There's not a lot of documentation on this, but it appears that instead of handing clients the designated DNS servers configured in DHCP, it hands out its own address to the clients as the DNS server and makes the DNS request to the configured servers.  I've included the verbage from the Netalyzer tool below.
    Your ISP's DNS resolver requires 2200 msec to conduct an external lookup. It takes 81 msec for your ISP's DNS resolver to lookup a name on our server.
    This is particularly slow, and you may see significant performance degradation as a result. 
    As you can see, this causes almost a 2.5 second "pause" before the lookup is even returned.  However, if I hard code the designated DNS servers into this client (Macbook air running Lion), I get the following result.
    Your ISP's DNS resolver requires 110 msec to conduct an external lookup. It takes 81 msec for your ISP's DNS resolver to lookup a name on our server. 
    This is a significant improvement over the lookup using the proxy capabilities of the Time Capsule.  This leads me to believe that the DNS "proxying" that the time capsule is doing is really slow.
    I'm using opendns as my provider in both scenarios.
    Is this a known issue, and if so, is there an existing fix or a planned fix for this?
    Best,
    Eric

    Frankly I just don't believe those analysers.. not until I can prove it myself.
    Do a very simple test..
    Open terminal  and ping a website you have never opened before.
    You should do this from a PC or Mac on the network using ethernet. Just to keep crummy wireless responses out of it. And do it without internet activity going on.
    Do it a second time, and it should be instantaneous now having the address resolved and held in the cache.
    If you get a significant lag before the address is resolved to actual IP, there maybe something wrong. And the first test then would be to change the DNS server to your local ISP not opendns.. because the routing to opendns might also be an issue.
    You can also test by removing the TC from the network..plug a computer directly to the modem and just browse.. compare that to speed with the TC. I know it isn't exactly scientific but a 2.5sec delay in dns resolution you will notice it. It is important to connect to stuff that is outside your normal pattern. Otherwise it should just be in the cache.
    Otherwise it is unlikely to really exist.

  • SCOM 2012 SP1 - DNS Resolution failure alert

    Hi,
    Our customers are receiving bogus DNS resolution failure alerts though the site is rendering fine from the watcher node.Nslookup shows the name resolves after first or 2nd timeout and this behavior is expected in some of our internal name space that have a
    long resolution path.Is SCOM perform an nslookup first?What is the default DNS resolution time SCOM use? I'm trying to set higher threshold for DNS Resolution time in custom monitor to mitigate this.Users doesn't want to disable the DNS resolution monitor
    and looking for a permanent fix.This issue has been going on a while in our environment. Any help would be much appreciated. Our SCOM is 2012 sp1 CU4.
    C:\Users\admin>nslookup xxxx
    Server:  abc.contosso.com
    Address:  10.4.5.6
    Non-authoritative answer:
    DNS request timed out.
        timeout was 2 seconds.
    Name:    abc.xyz.contosso.com
    Address:  10.2.3.4
    Aliases:  abc.xyx.contosso.com
    Thanks,

    Thanks.As a temporary mitigation, I have disabled the DNS Resolution Failure Monitor for the url to stop the false alert and it worked so far but it started again and this time it alerted for the error code failure.It appears DNS resolution failure is the
    culprit .Any insight why error code failure monitor is additionally checking for DNS resolution failures? The DNS Resolution Failure monitor is already in disabled state.Any way we can disable this DNS checks without disable error code failure monitor?
    Error Code Failure health explorer,
    Base Page (show/hide details)
    HTTP Status Code
    0
    Unreachable
    false
    Error Code
    2147954407
    DNS Resolution Failure
    true
    DNS Resolution Time (seconds)
    0
    TCP Connect Time (seconds)
    0
    Time To First Byte (seconds)
    0
    Time To Last Byte (seconds)
    0
    Redirect Time (seconds)
    0
    Download Time (seconds)
    0
    Total Response Time (seconds)
    0
    Content Size (bytes)
    0
    Secure Failure Code
    0

  • Primary DNS resolution slow if PDC role DC is down

    Hello,
    In my environment I'm running purely Windows Server 2012 in a two site environment.  I run a single domain infrastructure with my main site that has 2 domain controllers (one has all FSMO roles), and a second site which has a single domain controller.
     I've been looking all over the forums for a related topic, but haven't read something anything that fits my scenario.  Basically what happens is, if the DC that has FSMO roles (specifically PDC) goes offline, or if I were to turn the DNS service
    off, all devices would take forever for DNS resolution.  Another scenario (which is essentially the same) is if the VPN tunnel between the two sites goes down, all clients at site 2 would take awhile for DNS resolution.  If those clients launch their
    browser any website they go to takes 5-10 seconds to load.  They could reboot their PC, and do ipconfig /flushdns, and even though those clients DNS settings point to the DC at site 2 as primary DNS, it takes awhile.  As soon as the PDC server is
    restored everything is back to normal.  Quite frequently the VPN tunnel will go down leaving very slow responses at site 2.  Oddly enough is, if the tunnel were to go down, and I logged into the DC at site 2, if I were to ping various domains the
    response would take 5 or so seconds.  Is this normal to occur?  If not, how could I possibly remedy this?  My assumption is that, if the primary DNS were to go down, or in this case the PDC server goes down, one of the secondary servers would
    kick in.  I appreciate any light you can shed on this issue.
    Ken

    I agree with Meinolf. It's not always the DNS or PDC or whatever DC is in question's, fault. A lot of it is due to the client side resolver algorithm. Here's more specifics on how the whole process works - and note that this applies to all operating systems,
    Windows, Linux, Unix, BEOS..... because they all follow the RFCs defining how client side resolvers work.
    This blog discusses:
    WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
    Client side resolution process chart.
    The DNS Client Side Resolver algorithm.
    If one DC or DNS goes down, does a client logon to another DC or use the other DNS server in the NIC?
    DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders or more than one IP in the NIC's DNS list)
    Client side resolution process chart
    Published by Ace Fekay, MCT, MVP DS on Nov 29, 2009 at 10:28 PM  1764  1
    http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm.aspx
    DNS Clients and Timeouts (Part 1 & Part 2), karammasri [MSFT] Dec 2011 6:18 AM
    http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx
    http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx
    DOMAIN NAMES - CONCEPTS AND FACILITIES - Dicusses local resolvers.
    http://tools.ietf.org/html/rfc882
    =============
    To add on how the client resolver picks a nameserver, below is a link to a discussion that points out the following - and please note, the operative point in the first bullet point indicates "equivalent," meaning that all DNS servers you enter into a NIC,
    must all reference the same exact data, so you can't mix nameserver with different data and expect the client to try all of them.
    •by RFC, all nameservers in a zone's delegation are equivalent
    •they are indistinguishable to the client
    •clients are allowed to choose the NS to query with whichever policy they wish
    •if any picked server fails to respond (e.g. "ns3"), then the next server is picked among the remaining set (e.g. ns1 and ns2) according to the policy
    •often clients use sophisticated policies that "score" servers and pick more often the ones that replied faster
    •as a by-product, in practice this policy makes caches favor "nearest" servers
    That was quoted from:
    When is a secondary nameserver hit?
    http://serverfault.com/questions/130608/when-is-a-secondary-nameserver-hit
    ===============
    So you have to check when the first DNS goes down, not all directory enabled apps can handle it. opened.
    Another issue is the client has bounded to the logon server during the DC Locator process. That's difficult to mess with other than restarting the machine...
    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • Serious resolution issues with After Effects CC (2014) on Windows 8.1 Pro on Dell Precision M3800 laptop??

    My new company installed Adobe Creative Cloud (There was some annoying Proxy issues at first, because of the seriously tight I.T policies) but we are having some serious resolution issues with After Effects CC 2014 (also have this resolution problem with Adobe Premiere, Media Encoder, Muse) on Windows 8.1 Pro on a Dell Precision M3800 laptop with icons and interface looking too small and hard to see, is there a fix, an update or a work around, can anyone help?
    Any help will be appreciated!
    k.regards
    Ramon

    Hi Todd is there a time-frame for this fix, there is a lot of pressure on me, because I convinced my company to get the Creative Cloud and quite a lot of the CC software is not compatible with the latest Windows 8.1 OS.
    Is there at least a work around, until this big fix comes along?
    k.regards
    Ramon

  • OS X 10.8.3 Display Resolution Issue

    Ever since updating to 10.8.3, there has been a sporatic resolution issue when waking my MBP. My mid 2009 13" MBP operates in closed lid mode while connected to a 21.5" monitor. My machine frequently wakes to a completely incorrect resolution that is many times the size of my display. It fixes to the correct resolution if I simply sleep and wake again, or correct it via System Preferences, but having to do this several times becomes quite annoying. Anyone else experiencing this bug and/or have any ideas on its resolution?

    Hi GoldenA,
    Thanks for visiting Apple Support Communities.
    It may help to reset the NVRAM by following the steps in this article:
    About NVRAM and PRAM
    http://support.apple.com/kb/HT1379
    Best,
    Jeremy

Maybe you are looking for