Netctl and DNS client issues

Similar Messages

• Network and DNS Setup Issues

  I am setting up an Xserv with Snow Leopard at my school, and I'm running into DNS issues.
  I followed the excellent guide at http://labs.hoffmanlabs.com/node/1436 and believe I've set DNS up correctly, but I fail the changeip -checkhostname test (I've replaced my domain and server names):
  mserver:~ admin$ sudo changeip -checkhostname
  Primary address     = 10.10.10.2
  Current HostName    = myserver.mydomain.ns.ca
  DNS HostName        = myserver
  To fix the hostname please run /usr/sbin/changeip for your system with the
  appropriate directory with the following values
     /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
  dirserv:success = "success"
  I tried running the command as given, ("sudo /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver") but that didn't solve it. I'm not sure if that's the correct thing to do, or why that didn't work.
  I have come to suspect that my issue is with network settings, and would appreciate advice on what I'm trying to do. The server (our only one) will be an OD master, a file server and a web server. It is inside our router, with an externally-reachable IP address and an internal one (the latter is 10.10.10.2). I have configured it with the two IPs on one port to avoid the issue with SL wanting two serial numbers. My System Preference > Network settings are as follows:
  Ethernet 1b (highest service order):
  IP Address: 10.10.10.2
  Subnet mask: 255.255.255.0
  Router: 10.10.10.1
  DNS Server: 127.0.0.1
  Search Domains: mydomain.ns.ca
  Ethernet 1 (second highest service order):
  IP Address: <my external IP>
  Subnet mask: 255.255.255.248
  Router: <my ISP's router>
  DNS Server: 127.0.0.1
  Search Domains: mydomain.ns.ca
  Ethernet 2:
  Not Connected
  Although I'm unsure what it means (I'm more a teacher than a techie!), Server Admin > Settings > Network shows:
  Computer Name: myserver
  Local Hostname: myserver
  Network Interfaces:
  en0; IPv4; 10.10.10.2; myserver.mydomain.ns.ca
  Ethernet 1 (en0); IPv4; <my external IP>; myserver.local
  The second of the interfaces above is bold.
  The big issue I'm seeing on my network (possibly as a result of this, but everything I've seen says fix DNS first) is that network users can't log in although they have homes and can connect to the homes once logged in as local users.
  Many thanks in advance for your help--the school year is closing in quickly!
  Regards,
  Alex

  Thanks. I disabled the external IP & rebooted. Server Admin now has only the one IP. But I still get the same result:
  myserver:~ admin$ dscacheutil -flushcache
  myserver:~ admin$ sudo changeip -checkhostname
  Password:
  Primary address     = 10.10.10.2
  Current HostName    = myserver.mydomain.ns.ca
  DNS HostName        = myserver
  To fix the hostname please run /usr/sbin/changeip for your system with the
  appropriate directory with the following values
     /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
  dirserv:success = "success"
  myserver:~ admin$
  I ran dig on a client:
  Last login: Mon Sep  5 11:40:13 on console
  Lab-iMac-64:~ admin$ dig myserver.mydomain.ns.ca
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> myserver.mydomain.ns.ca
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45308
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;myserver.mydomain.ns.ca.        IN    A
  ;; AUTHORITY SECTION:
  mydomain.ns.ca.        10800    IN    SOA    myserver.mydomain.ns.ca. dns.mydomain.ns.ca.mydomain.ns.ca. 2011090201 86400 3600 604800 345600
  ;; Query time: 1 msec
  ;; SERVER: 10.10.10.2#53(10.10.10.2)
  ;; WHEN: Mon Sep  5 11:40:42 2011
  ;; MSG SIZE  rcvd: 94
  Lab-iMac-64:~ admin$ dig -x 10.10.10.2
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 10.10.10.2
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7073
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;2.10.10.10.in-addr.arpa.    IN    PTR
  ;; ANSWER SECTION:
  2.10.10.10.in-addr.arpa. 10800    IN    PTR    myserver.
  ;; AUTHORITY SECTION:
  10.10.10.in-addr.arpa.    10800    IN    NS    myserver.mydomain.ns.ca.
  ;; Query time: 3 msec
  ;; SERVER: 10.10.10.2#53(10.10.10.2)
  ;; WHEN: Mon Sep  5 11:41:04 2011
  ;; MSG SIZE  rcvd: 99
  What to try next?
  ~Alex
  PS- ...and I'm still not able to log in as a network user, but still can access network accounts using connect to server. Here's what my password log looks like when I try to log in (hash and username edited):
  Sep  5 2011 11:34:11    RSAVALIDATE: success.
  Sep  5 2011 11:34:11    AUTH2: {0x4e4d1b4e67..., alex} DHX authentication succeeded.
  Sep  5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} is in good standing.
  Sep  5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} authentication succeeded.
  Sep  5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.
  Sep  5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.

• Windows 8.1 pro and vpn client issue

  dear support community ,
  Am using windows 8.1 pro and cisco vpn client version 5.0.0.7.0410
  .my issue is that am able to connect to the VPN succesfully but  when connected i cant ping nodes inside the VPN
  whereas when i do the same test with a windows 7 and xp PCs , am able to ping and even remote desktop nodes.
  someone help please ??

  funniest thing is , after using my PC for two weeks and doing regular updates , am now able to ping and RDP to nodes
  inside the VPN..:-)

• Wifi but no internet, wrong time, and mail client issues on macbook pro

  A few things have recently come up that are worrying me...
  1.  My wifi says it is connected to my apartments internet, and yet I dont have any internet.  Meanwhile. my roommate is able to get on the internet on his desktop PC.  I am afraid I changed something accidentally in my network settings.  It says something about unable to connect to DNS server?  (I am on campus using their internet to send this)
  2.  My Clock is wrong.  Even when I reset the timezone, it is saying the time is 3:01 am when it is actualy 11:01 am. 
  3.  LAstly, my mail client is no lponger getting my mail.  I am able to get all the messages on my iphone, but for some reason my macbook is not getting them. 
  Any help is greatly appreciated.  THanks you much!

  Your wifi is connected to the router but the modem may be faulty. Try reporting the modem.

• MS Exchange 2007 - 64 bit and Entourage Client issue

  Hi guys -
  I'm a new one with Mac and I have got this problem so far:
  I have Exchange 2007 on 32 and 64 bit platforms
  from the Entourage I can see all mailboxes that are on Exchange 32 bit server and no issues at all here... I just go and add Exchange account and that's it...
  but the problem is when I do the same for any mailbox which is sitting on Exchange 64 bit server -> nothing happens no errors, nothing... I don't see anything at all...
  The question is: what I have missed here? or perhaps, it's not supported yet... Is there any kind of workaround
    Mac OS X (10.4.9)  

  Since Entourage is not an Apple product, you'll get better response if you use a forum dedicated to Microsoft's Mac products such as <http://groups.google.com/groups/dir?sel=33607053> rather than an Apple forum.
  Be sure to search the forum first in case someone has already had a similar question answered. You'll get your answer faster this way. Post your question in the forum if you don't find anything that helps you.

• Blackboard and oracle client issue

  Hi
  was trying to setup Blackboard 8 application and have installed oracle client manually..still while running the installer we get following error,
  [2008/07/16 16:13:26.554] [ERROR] Unable to connect to the database.
  Check the database configuration settings and passwords.
  (bbconfig.database.bbadmin.machine.systemuserpassword)
  [2008/07/16 16:13:26.555] [ERROR] Unable to connect to the database.
  Check the database configuration settings and passwords.
  We are sure about oracle client version installed.
  sqlnet.log
  Fatal NI connect error 12545, connecting to:
  (DESCRIPTION=(ADDRESS=(PROTOCOL=beq)(PROGRAM=/u01/app/oracle/product/client_10.2.0/bin/oracle)(ARGV0=oracleBB60)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))')(DETACH=NO))(CONNECT_DATA=(CID=(PROGRAM=sqlplus)(HOST=servert)(USER=user))))
  VERSION INFORMATION:
  TNS for Solaris: Version 10.2.0.1.0 - Production
  Oracle Bequeath NT Protocol Adapter for Solaris: Version 10.2.0.1.0 - Production
  TCP/IP NT Protocol Adapter for Solaris: Version 10.2.0.1.0 - Production
  Time: 16-JUL-2008 15:29:22
  Tracing not turned on.
  Tns error struct:
  ns main err code: 12545
  TNS-12545: Connect failed because target host or object does not exist
  ns secondary err code: 12560
  nt main err code: 515
  TNS-00515: Connect failed because target host or object does not exist
  nt secondary err code: 2
  nt OS err code: 0
  Any help for further digging is appreciated..
  Thanks
  added sqlnet.log
  Message was edited by:
  Aerosmith

  What version of Oracle?
  What OS?
  client_10.2.0 / Solaris 10
  What clues did you get when you looked up the error messages TNS-12545, TNS-12560, and TNS-00515
  nil
  Is this client on the same box as the database?
  no
  What does the tnsnames.ora and sqlnet.ora files on the client box look like?
  /sqlnet.ora
  # Generated by Oracle configuration tools.
  NAMES.DIRECTORY_PATH= (TNSNAMES)
  cat tnsnames.ora
  # tnsnames.ora Network Configuration File: /u01/app/oracle/product/client_10.2.0/network/admin/tnsnames.ora
  # Generated by Oracle configuration tools.
  bbadmin =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = server.domain.com)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = BBTD.domain.com)
  BBTD =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = server.domain.com)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = BBTD.domain.com)
  BB60 =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = server.domain.com)(PORT = 1521))
  (CONNECT_DATA =
  (SERVICE_NAME = BB60.domain.com)
  What does the listener.ora and sqlnet.ora files on the database box look like?
  i do not have access to the server
  What do you see when you execute 'lsnrctl status' on the database box?
  listener is fine as other clients are using this DB server.

• DNS Client Service Issues

  Hi all,
  We seem to be having some odd issues with about 50% of our Windows 7 clients.  I'll give you a brief run down of what is occurring.
  Server 2008 R2 Domain serving about 50 clients.  Having changed a static entry in DNS to point an A record to a new server, the Windows 7 clients randomly can't resolve the IP.
  So on testing using either the FQDN or just the host name the request doesn't resolve using ping.
  Tried using NSLOOKUP and NSLOOKUP resolves just fine.
  Tried ping again and no joy.  Turned off the DNS Client Service and instantly the host name resolved to the correct IP.
  Restart the DNS Client Service and there's about a 25% chance the hostname will no longer resolve.  On ALL of the PCs that have this issue.  Stopping or restarting the DNS Client  Service resolves the problem.
  Also it should be noted that running ipconfig /flushdns has no effect and the host still doesn't resolve to the IP.  ONLY stopping the DNS Client service on the Windows 7 PCs does the trick. 
  Your suggestions are most welcome!
  Thanks,
  Simon.

  Hi Yolanda,
  Nothing in any event log anywhere and I've checked all the AV logs and run scans already, drivers are up to date.  Also there is no firewalling at the client end.
  Had a read through the NRPT doc and I don't think that is relevant as the host they are trying to get to doesn't have anything different to anything else in the DNS Domain.  All hosts are of the form host.contoso.com.  All we've done is change
  the IP address on one of the hosts manually within DNS. 
  It is almost as if on a reboot, the DNS Client Service picks up an old copy of the cache and refuses to overwrite it.
  I'm considering changing the Parameters of the service to reduce the TTL of the cached entries from the default of one day to one hour and turn off caching of negative responses as follows:
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
  "MaxCacheTtl"=dword:e10
  "MaxNegativeCacheTtl"=dword:0
  Thanks,
  Simon.

• DNS client service issue

  I’ve got a DNS client service issue:
  I have a webserver in my local Domain, which is accessible locally only.
  One client machine with Windows Server 2012 sometimes cannot access the websites situated on this local webserver. Its event viewer does not contain any issues. The machine can still access the internet. The thing I need to do then, is to restart the DNS client
  service on this Windows Server client. After that these local websites are reachable again. The DNS Server is installed on the DC.
  What approach could I follow to solve this issue?
  Patrick

  Are you using the fqdn (host.domain.tld), a single label name or a custom dns name?
  If you use the single label name, dns name resolution depends on the suffixes, make sure these are configured.
  If the issue occurs, you could use nslookup to check if the communication with all configured dns servers is working and the required records are there.
  Use ping to check if the correct ip with FQDN is returned. No FQDN implies netbios was used for name resolution - no good -> check the dns configuration
  If you use a custom dns name, check what IP it resolves (ping/nslookup); is it a server local IP? If not, check if the issue resolves by putting the dns alias in the hostsfile with a local ip (or 127.0.0.1 if the bindings for your site allow)
  The issue might also be solely related to the dns cache maintained by the service. You could check if ipconfig /flushdns resolves the issue to confirm. Their is not much configuration or debugging info available on this, but issues I've seen all boil down
  to dns servers not being corretcly configured on the client's ip settings.
  You could enable the DNS Client Events operational log (eventviewer->applications and services logs\Microsoft\Windows to maybe get more info on the issue.
  MCP/MCSA/MCTS/MCITP

• Issue with parallel operation of SAP NW SSO 2.0 and SNC Client Encryption (Logon Groups)

  Hi!
  One of our customers is using the SNC Client Encryption solution to ensure encryption using SNC (based on Kerberos Technology) for their SAP GUI Dialog connections. They have lots of SAP backends DEV, QAS, PRD all with the SNC Client Encryption SNC Lib installed. The profile parameter snc/identity/as contains the following value: p:CN=SAP/<ServiceAccount>@<DOMAIN>.
  Example: p:CN=SAP/[email protected]
  The customer is using one AD Service Account "SNCServiceUser" with one registered SPN "SAP/SNCServiceUser" for all systems (yes, this is not recommended... but the case).
  Important: All users use group entries in the SAP Logon (saplogin.ini). Means, for SAP logon the SNC name can not be manually configured on the SAP Front End. With group logons, the application server's SNC name is dynamically requested by the message server each time a SAP GUI connection is started. The SNC Name is greyed out in this case as dynamically obtained from the applications servers profile parameter snc/identity/as.
  Now our customer implements SAP NetWeaver Single Sign-On 2.0 within his landscape. Based on the Secure Login Server 2.0 (SP3) he likes to use X.509 based authentication to his AS ABAP backends using SAP GUI SNC while others still use SNC Client Encryption.
  Replacing the SNC Library on the AS ABAP
  The Secure Login Library 2.0 (SP3) has been installed on one of the ABAP systems and the SNC Client Encryption SNC Library (which is based on SSO 1.0) is no longer used, thus we changed the parameter snc/gssapi_lib to point to the new SNC library. We removed the old PSE.ZIP containing the keytab and created the new SAPSNCSKERB.PSE incl. the keytab and proper credentials. To ensure parallel operation, we kept the snc/identity/as value as is =  p:CN=SAP/[email protected].
  After restarting the system with initialized Secure Login Library 2.0, still the SNC client encryption works fine for existing users.
  The problem
  We created on the Secure Login Server an SNC certificate for the AS ABAP which has the following X.509 Distinguised Name Fomat: CN=SAP/[email protected] This is to avoid having to change the snc/identity/as to an "real" X.509 DN which would lead to non-working SNC Client Encryption for all the other users using SAP GUI and logon groups.
  As soon as we install the PSE via STRUST on the system the SNC Client Encryption solution stops working with error „Server refuses kerberos key exchange“.
  As part of an pilot implementation we have installed Secure Login Client 2.0 (SP3) on some test PCs. The test PC with SLC is able to perform Single Sign-On with SNC based on X.509 (incl. Encryption) to the ABAP system.
  Seems the SAP System now only tries to do X.509 based authentication thus key exchange fails. The problem is, we cannot change the snc/identity/as value because of the logon groups. If we were able to do so, we would in any case set the server identity to X.509 DN and in addition create the SAPSNCSKERB.PSE incl. keytab. This should work, as confirmed by SAP see this post.  
  Any ideas how to solve this and have both solutions in parallel?
  Appreciate any help.
  Regards,
  Carsten

  Hi all,
  we was able to fix the issue. It was an issue with the customers cluster configuration and the  $SECUDIR variable. This tricky issue leads to non working or sporadic working SNC Client Encryption...
  This was how the configuration looks before:
  Environment variable $SECUDIR is defined:
  "/ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec“
  sapgenpse seclogin -l -v
  running seclogin with USER="<SID>adm"
  Credentials for username '<SID>adm':
  0 (LPS:OFF):
           (LPS:OFF): /ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCSKERB.pse
  1 (LPS:OFF):
           (LPS:OFF): /usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCS.pse
  After changing the $SECUDIR to "/usr/sap/<SID>/DVEBMGSxx/sec“ and re-creating the credentials, it worked like a charm.
  As a result of this we can confirm, this configuration and SNC Client Encryption works with CommonCryptoLib in parallel to the SSO configuration.
  And Valerie was right with 2. SLC starting from V. 1.0 SP2 PL3 was able to convert the CN= part of the SNC Name into an SPN, was my mistake. In addition SNC Client Encryption starting from Version 1 SP1 PL1 does this also.. just to make this clear
  Thread closed hope this helps someone
  Carsten

• DNS Server Issues with Comcast and Airport Extreme wifi routers

  I am having significant challenges with 3 Airport Extreme (latest gen) wifi routers and my Comcast Xfinitity service.  It once worked just fine, but now I continually get the blinking amber lights stating "No DNS servers" for each of the Airport Extreme (AE) routers.  My configuration is:
  Coax cable -> Comcast Xfinity cable modem -> ethernet to 16-port gigabit ethernet switch ->->-> ethernet to 3 Airport Extremes around the house direct connected with switch
  I have many wifi devices throughout the house (iPads, MacBooks, home automation devices) as well as direct-connected devices via ethernet (one PC connected to AE router).
  Each Airport Extreme router is set with these settings in the Airport Utility app: 
  Internet tab=  Connect using: DHCP
  Wireless tab=  Network mode: Create a wireless network
  Network tab=   Router mode: Off (Bridge Mode)
  I have attempted to put the Xfinity cable modem in bridge mode, and use the Airport Extreme to serve up the IP addresses, but still lost internet connectivity.
  I have also attempted to set the Network tab=> Router Mode to "DHCP and NAT" but get "Double NAT" error issues as well.
  I have tried using the Comcast DNS server addresses (75.75.75.75;75.75.76.76) setting on the Internet tab for the routers and do end up getting a green light, but NO internet connectivity.
  Lastly, I have tried using the Google DNS servers (8.8.8.8;8.8.4.4) setting on the Internet tab the routers giving me the No DNS servers amber light error and again, no Internet connectivity for either wifi-connected or even ethernet connected (directly to Airport Extreme router) devices (like my PC) despite getting a green light on the router.
  Any this point, it really seems that these AE routers are NOT compatible with the Xfinity cable modem or service… (and yes, I've tried power-cycling and restarting the modem, and then the AE routers, MANY times to little avail).
  Should I move one of these Airport Extreme wifi routers to before the switch, and have the other 2 in Bridge mode after the switch?  Do I need to setup a specific range of DHCP reservation addresses for each different AE router?
  Appreciate any insight anyone can share with this aggravating DNS server issue between Comcast & multiple Airport Extreme wifi routers.

  I do not see anything wrong with your basic setup.. the issue is indeed the WAN ports of the AE.. AC version are having problems with some network equipment.
  You have listed a stack of things you have tried.. but I want you to move the ethernet patch cable you use on each AE to its LAN port instead of WAN.
  Restart the airport when you do that.. and then see if it becomes stable.
  In bridge mode the airport moves the WAN port to LAN.. but the WAN port setup itself seems more problematic than the LAN ports.
  There are other methods we can try if this does not work.. but in the end.. I would be tempted to take the whole lot back to apple.. they need to start making equipment that works with standard modems and switches.
  BTW what brand is the 16 port switch?? Does it happen to be managed (smart type)?

• HH5 issuing wrong IP and DNS address

  My Win7 desktop pc is connected via ethernet to a HH5 and worked until this morning when it wouldn't connect to the internet. Various restarts of pc and HH didn't work so I checked the properties of the pc network. It stated that the IP address was valid (192.168.1.65) but the DNS was 192.168.0.254 instead of 192.168.1.254. After I changed it it worked OK so I manually set it to the DNS values in the HH5 setup of 62.6.40.162.
  All is working on my pc but now my win7 laptop is having the same problem when connected wirelessly to the HH. Also my Brother wireless printer wouldn't connect so I restarted it's network wizard which seemed to work until I checked the IP address and it's 192.168.0.104 so can't be seen by other devices.
  However, assorted iPads and iPhones all seem to connect and get the correct IP and DNS addresses OK giving good internet access.
  This only started this morning and as far as I know nothing has changed.
  What is going on ?
  Oh and I have already tried a factory reset of the HH5 by sticking a pin in the reset hole.

  Try disabling IPv6 on the Windows machines.
  This suggestion by forum member  gg30340, should fix the problem.
  Select Start
  In the Start Search field type ncpa.cpl and press the Enter key on your keyboard.
  In the new window, right-click on your Wireless Network Connection and select Properties.
  In the This connection uses the following items section, remove the tick beside (i.e. disable) Internet Protocol Version 6 (TCP/IPv6) and then press OK.
  Left click on Internet Protocol IPV4, click on properties. Check the options to obtain IP address and DNS Server address automatically.
  There are some useful help pages here, for BT Broadband customers only, on my personal website.
  BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

• Problem with proxy and DNS

  Hello,
  in our company we use Internet Explorer 8... (i know...) We also have a proxy and 4 DNS servers. Last weekend we suddenly had an issue where internet pages could not be loaded. When we did some testing with Wireshark we saw that it took a long time to query
  www.google.com or www.microsoft.com. The query went from the first DNS server to the second and so on. This behaviour was shown on Windows 2008 R2 servers with Citrix and also the workstations and laptops with Windows 7.
  When we deleted the DNS servers from the network settings and set the proxy ip-adres in the browser the problem was solved. So the problem had to be in DNS.
  After that we deleted the list of Root Hints and the problem seemed to be solved. However, when we look in wireshark we still see that external addresses are queried againts our local DNS servers. In internet explorer we have a policy active where the proxy
  is set. We have two proxies and the problem exists with both of them.
  So the question is, why does IE8 still query all four DNS servers even when we have a proxy? Why is there a lot of delay there?
  Thanks!

  Hi,
  Generally, if you configure IE with an explicit proxy:
  1.User types an address
  2.The address is checked for string matches against the IE proxy exceptions list
  a. If matching a bypassed entry, DNS is used to resolve the name, and the client connects directly to the target IP address on port 80 (assumed), then sends a request like:
  GET /something.htm HTTP/1.1
  Host: fulldomainame.example.com
  b. If non matching, continue
  3.The client connects to its configured proxy and sends a request of the form:
  GET http://fulldomainname.example.com/something.htm HTTP/1.1
  (this use of the FQDN in the URL is one way you can tell that a client thinks it's talking to a proxy instead of a real web server)
  4.The proxy resolves the name, connects to the target site, etc, etc
  So what’s your configuration of proxy?
  Alex Zhao
  TechNet Community Support

• Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

  Summary:
  After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
  Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
  Configuration:
  Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
  Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
  -> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
  DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
  en0: fixed public IP address -> controller.example.com
  en1: 192.168.1.254 -> controller.cluster
  -> 18 agents with AFP and Xgrid agent activated:
  en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
  VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
  _*Detailed problem description:*_
  After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.201
  Subnet Mask:
  Router: 192.168.1.254
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
  The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
  After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
  Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
  Configure IPv4: Using PPP
  IPv4 address: 192.168.1.202
  Subnet Mask:
  Router: (Public IP address of my VPN server)
  DNS: 192.168.1.254
  Search domain: cluster
  From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
  I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
  Any help is welcome!!!

  I would suggest taking a look at:
  server admin:vpn:settings:client information:network route definitions.
  as I understand your setup it should be something like
  192.168.1.0 255.255.255.0 private.
  at least as a start. I just got done troubleshooting a similar issue but via two subnets:
  http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0

• DNS client in a non-global zone

  Hello,
  I want to configure only the non-global zone as a DNS client, with
  /etc/resolv.conf
  /etc/defaultdomain
  /etc/nsswitch.conf
  Is this ok or is this a global wide issue?
  -- Nick

  Yes. The /etc file system is private to each zone (both in the sparse and whole root models) so each zone can have it's own DNS settings (as well as private things like a different time zone and such).

• OD, LDAP and DNS

  I am new to LDAP and I believe I have everything setup correctly on the server (everything under Open Directory in SA says "Running", logs don't show any errors). However, I can not access the LDAP server from a client machine using Directory Access. I suspect that client machines still can not "see" my LDAP server.
  I believe the issue may be with DNS and I am trying to understand the interaction between DNS and OD, etc. First off, I do not have DNS turned on for my Mac OS X Server since my ISP has always hosted our DNS. Is this a problem? Do I need DNS activated on the same server that I am running this LDAP server? I have tried entering the IP and DNS name on the client server using Directory Access and neither worked.

  The requirement is that references using your server's Fully Qualified Domain Name look up to its IP Address and its IP Address looks up to its Fully Qualified Domain Name. If your ISP does that for you, and does it correctly, Merry Christmas!
  All others must set up their own tiny DNS service to do the lookups. If you are behind an NAT firewall, you can Make Up whatever names you like and look them up locally, because they are invisible from the Internet.
  Remember that each workstation must have the address of the DNS available to it. It needs to be configured in the TCP/IP setup or dispensed via DHCP. If you use your own DNS (highly recommended) you must also dispense or configure the next upstream DNS (your ISP's DNS Address).
  "An Open Directory master requires properly configured DNS so it can provide single sign-on Kerberos authentication.
  Make sure DNS service is configured to resolve fully qualified DNS names and provide corresponding reverse lookups.
  DNS must resolve the fully qualified DNS name and provide reverse lookups for the Open Directory master server, all replica servers, and other servers that are members of the Kerberos realm.
  You can use the Lookup pane of Network Utility (in /Applications/Utilities/) to do a DNS lookup of a server's DNS name and a reverse lookup of the server's IP address.
  For instructions on setting up DNS service, browse Network Services Overview."
  -- from Server Admin 10.4 Help: Kerberos is Stopped on an Open Directory Master or Replica
  Message was edited by: Grant Bennet-Alder