Snow Leopard Reverse DNS

hello,
I've set up an A record and the system created a reverse PTR record. Internally, when I do nslookups, the A record and reverse PTR records come up fine. But from the outside, the DNS server refuses to serve.
** server can't find 210.94.104.66.in-addr.arpa: REFUSED

And now 10.6 server only allows localnets and localhost
Sure, that's the default, but you can change that.
Be wary of turning on recursive in Server Admin for a private server, though. There is no concept of access control, so BIND will start to answer all your zones - both internal and external - to anyone who asks.
It's fine to do if you're only supporting local clients, but as soon as you open the public door to your DNS server you really have to think about the setup.
BIND can handle this through views - an internal view with your private zones and a separate public view with your public domains, but you can't do this via Server Admin. It requires getting under the hood, editing your named.conf directly and not using Server Admin for any element of DNS management (lest it overwrites your zone controls).
From this side of the keyboard it's impossible to tell how versed you are in DNS, so this might all be basic detail to you, but just in case it isn't, beware.

Similar Messages

  • Nslookup Snow Leopard Server DNS problems

    I have a mac mini that I'm trying to turn into a snow leopard server. Attached to the mac mini I have three external hard drives which act as back ups to our mac book pro laptops. I have installed the server software and downloaded all the updates and I can see the drives on the server and I can acess the external drives and backup to them with out a problem. The issue that I have is that when I run nslookup I get an error message which tells me that it can't find my name and that I need to rerun so software commands.
    I'm also unable to run either dns or podcast producer which was the main reason for buying the server software. I have a static ip address and believe I have configured everything correctly but I just can't seem to sort out the DNS and problems.
    Any thoughts - thanks
    Russell

    This is the Discussions > Mac OS X v10.6 Snow Leopard > Installation and Setup forum. Your questions involve Mac OS Server, which is a different OS product. Thus, you will get better results posting to the Apple - Support - Discussions - Mac OS X Server forums.

  • Snow Leopard Server DNS setup

    Where is there a step by step setup for making my Snow Leopard Server with DNS? Essentially, I am looking to setup a mail server but seem to be missing what information I need to gather from the folks that host my domain and how to point traffic to my network.

    When I started setting up my first Mac OS X Servers a few years ago I had to completely retrain my brain because the MacOS does not follow the traditional nomenclature of Windows Active Directory and DNS setup. That being said like AD for Windows MacOS relies very very heavily on a healthy and properly running DNS system, both internally and externally. So one great resource I found was about 10+ hours of training on Leopard Server over to Lynda.com. I think you can sign up for a month long membership but it's well worth the investment if your looking for some basics thru advanced setup of Leopard Server. Now SLS is much much easier at the setup and deployment and some of the fundamentals of the setup interface have changed greatly (as an improvement) but the videos are still very applicable.
    Basically it comes down to the following steps in order to get your website/e-mail/wiki services working.
    1. Purchase your .whatever with a registrar, godaddy, doster, network solutions ect...
    2. Make sure you have a fully routable PUBLIC IP address from your ISP that you can assign to the WAN (internet side of your router)
    3. Contact your ISP and ask then to create an rDNS entry for your .something to the IP address they assigned you. Usually this will look like xxx.xxx.xxx ---> mail.mydomain.com when you test later on.
    4. Modify the DNS records with your registrar to point the MX & A record to your new IP. You will log in create an A record for mail.mydomain.com ---> xxx.xxx.xxx (your public IP on router) and then you will create an MX record for e-mail which will simply be mail.mydomain.com with a value of 10 (there is usually a screen for this).
    5. Once all the DNS is setup and working properly (Can take several days for these changes to take affect and be visible by your ISP) then you can begin the configuration of your router. You will need to determine what IP internally you want your Mac to be. Usually 10.0.0.1 or 192.168.1.1 or other and document that. Program your router to port forward ports 25,110, 80, 143 to the IP that you decided your Mac will be at so those services will be publicly available to you to user. Otherwise nobody will ever be able to send you e-mail or visit your site.
    6. This is a good time to check your work and settings by visiting www.mxtoolbox.com and you verify your rDNS (setup by ISP) and your DNS (Setup by you) before beginning your setup of OS X SLS. If everything checks out then start the install if not STOP HERE and fix it because it will haunt you in the long run.
    7. Start the install of SLS and at some point the system will get you to the screens at which you input your domain information. If all was setup properly up to now SLS will auto-populate the domain and local hostname of your Mac Server. U can change the local hostname if you wish but the domain name information should reflect your rDNS and A record information of mail.mydomain.com and you can hit next and proceed with the rest of the install.
    8. Once up and running you will need to make a small adjustment to the alias of your e-mail. For some reason the engineers at Apple left a flaw in (my opinion) that is as such. Whenever you send e-mail it will go as [email protected] instead of what you really want which is [email protected]. So follow this post below and you will be all fixed up in a jiffy.
    http://discussions.apple.com/message.jspa?messageID=10110723#10110723
    Hope this helps.

  • Snow Leopard and DNS problems

    Hi
    I read a lot about SL and DNS problems while accessing websites. It seems that you have to put your DNS server in system settings/network so that you don't get the error message "can't connect to the internet' in your browser window. My problem is that I change locations with my mac quite frequently (home, uni etc) so whenever I am a a new location I have to go to the network settings and manually put in the DNS server. Why do I have to do that with SL when it worked completely fine before the upgrade to SL?
    Cheers
    Martin

    waschbaer22 wrote:
    That is exactly what is happening. The problem with my DHCP server at home is that it doesn't submit the DNS address to the computer somehow. That's why I have to put it in manually each time I reconnect the MB at home after I had it at uni. Once back at uni I then have to go into the settings and delete my manually added home DNS server. Right after that the uni DNS server address appears automatically. So I guess that is just how SL now works and I have to live with it, right? However, why do we need a DNS server anyway to connect to the internet. I thought a DNS server just facilitates the connection to websites but I didn't know that it is crucial.
    You should really try to figure out why your home router isn't providing you with a DNS server address and fix that. It could be a firmware issue, or it could be as simple as you have things set up so that one must manually be set up in the router, and one is not.
    You are also misinformed as to DNS' importance.
    DNS is the service that translates names - say "apple.com" - to the IP addresses - say "17.149.160.49" - that your machine needs to be able to connect to any site.
    Without being able to resolve names to addresses, you have to manually specify numeric IP addresses for everything - effectively meaning you will be unable to use the Internet.

  • Snow Leopard and DNS/AD problem

    Here's a good one. We have an equal number of Macs & PCs on a small (c. 20 seats) office network, with a W2008 server acting as Domain Controller, AD, DNS and DHCP server, as well as fileserver. Most, but not all, of the Macs are bound to the AD, all of them need to connect to it to access files. All the Macs are running 10.6.6.
    Last week, 2 Macs stopped being able to connect to the server, both by ethernet and wirelessly. They therefore created self-assigned IP addresses. By manually assigning IP addresses, they can access other network shares but lost Internet connectivity since they aren't connecting to the DNS server. In desparation, I reinstalled the OS from scratch on one machine. It worked for a day, then stopped being able to connect to the AD server again.
    This week, my MacBook Pro started to do the same, so now it's serious.
    All 3 affected machines were bound to the AD server. But so are others which aren't affected. When you plug the ethernet cable in there's a momentary connection which then drops. When I ping the server, I get 'Permission denied', so it seems to be a permissions issue.
    AppleCare say the Macs can't be at fault. My external W2008 server support team say the same about the server.
    Anyone any idea what on earth is going on?

    You might want to use something like Wireshark to see what's actually happening on the network. There's all sorts of things that can cause this. The most common one is that a network switch's routing tables have become fubar'ed and the switch needs to be reset. The symptoms that you see when this happens are that certain packets are simply dropped by the switch for particular systems or particular ports.
    Another possibility is Windows DHCP service has locked up. You wouldn't notice on a computer until the DHCP lease has expired (and you may be using leases that are a month long, for example). Computers would, after their lease is up, negotiate renewal of the lease with the DHCP service, but if the service fails to renew, the computer is supposed to give up it's IP. Windows systems, by default, will not follow the rules and if a lease expires and negotiation fails, they'll just carrying on using the expired info. Without DHCP info, they won't be able to connect to AD, the DC, or make DNS queries.
    If you assign them static IP addresses, why not assign them static DNS address too? System Preferences > Network. Click on the "Advanced..." button, select the DNS tab, and add your DNS servers (and outside ones, if you like) to the list.

  • Snow leopard vulnerability to malware?

    i bought snow leopard boxed from a mac store and installed it two days ago. i twice had to search for and install rosetta, something i have never had to do before. (i am running a dual intel G5 machine.)
    this morning while browsing the new york times with safari, a pop up window appeared warning me of a virus infection from "protection-check07.com", which redirected to "http://sex-and-the-city.cn/" before i could close the browser. i have "block pop up windows" turned on in safari. later today a search query at google was refused because my "network or computer" was sending "spam inquiries".
    i assume i have been infected with malware such as confickr, but i have never had an infection before and the timing immediately after installing snow leopard concerns me. has anyone encountered malware or suspicious network or disk activity in the days immediately after installing snow leopard?

    First off, you are running a Mac Pro, not a PowerMac (can't run SL on G5s). Programs that relied on PowerPC code you now have to option install Rosetta (should only be needed to do once).
    SQL-injection; feeding malware via ads is very common, though I have never once seen it happen running IE8 x64 with Windows Vista/7.
    I use one browser for safe browsing and locked down. Easy to do with Firefox using NoScript and one or two other extensions, and to limit or prevent java and plug-ins.
    *'drive-by' infection*
    http://www.abuse.ch/?p=1801
    I wonder if the changes in Snow Leopard to DNS make for more vulnerable in some way. Snow Leopard doesn't have any real portection.

  • Creating a versatile DNS and redirection service on Snow Leopard Server

    For the few of us who use Snow Leopard Server as a main DNS for our small network, the following is a workflow that I would like to share with the board for creating redirection services to not just sites found on the locally hosted apache but also external sites.
    +IF you are adding a second domain name, the reverse domain lookup will not appear and you will need to add a Machine/A record with the fully qualified domain "domainname.com." (don't forget the . at the end) into the new zone and it will point to the "server" Machine/A record ip address.+
    *DNS Portion* : (ServerAdmin > DNS > Zones >
    Add Zone > Primary > Create a fully Qualified Domain name and dns "server" in the Machine / A Record
    Create the (add Record > Alias/ CNAME) subdomain pointing to the server.domainname.com e.g. (library)
    *Web / Apache Portion :*
    Create a new site (ServerAdmin > Web > Sites > Plus button)
    With General > host name exactly as spelled in above subdomain in full (library.domainname.com)
    Select Web Folder where the site is hosted
    If you are creating a redirection, create a folder on the server, add an index.php (with the script below)
    Add Alias with the same subdomain as number 2
    _PHP script :_
    <?php
    $location = "http://example.net";
    header("Location: ".$location, "301 Moved Permanently");
    ?>
    // Edit the "http://example.net" to which ever e.g. "http://apple.com"
    _Alternatively you can also mask the page with :_
    <html>
    <head>
    <title>Same Title As Your Homepage</title><!-->incase they have javascript turned off<!-->
    <script type="text/javascript"><!-->changes title bar to match title on current page in frame<!-->
    function changeTitle()
    if (top.frames['main'].document.title)
    top.document.title=top.frames['main'].document.title;
    </script>
    </head>
    <frameset>
    <frame name="main" src="http://actual-url.anotherhost.com/page.html"scrolling="auto" target="main" ONLOAD="changeTitle();"><!-->You need the onload handler to make the javascript work<!-->
    <noframes>
    <body>
    Place a suitable message here for people with browsers that can't read frames.
    </body>
    </noframes>
    </frameset>
    </html>

    Ok, local DNS services (unicast DNS) are typically straightforward to set up, very useful to have, and can be necessary for various modern network services, so I'm unsure why this is even particularly an open question.  Which leads me to wonder what other factors might be under consideration here; of what I'm missing.
    The Bonjour mDNS stuff is certainly very nice, too.  But not everything around supports Bonjour, unfortunately.
    As for being authoritative, the self-hosted out-of-the-box DNS server is authoritative for its own zone.  That's how DNS works for this stuff.
    And as for querying other DNS servers from that local DNS server (or, if you decide to reconfigure it and deploy and start using DNS services on your LAN), then that's how DNS servers work.
    And yes, the caching of DNS responses both within the DNS clients and within the local DNS server is typical.  This also means that there is need no references to ISP or other DNS servers on your LAN for frequent translations; no other caching servers and no other forwarding servers are required.

  • Setup DNS in Snow Leopard HELP!!!!!!!

    I would like to have step by step instructions on setting up DNS in Snow Leopard.
    Now I can setup DNS in Leopard Server with my eye's closed, but SLS is giving me
    trouble.
    The only service I have running at present is DNS.
    The problem is SLS what to enter in the nameservers zone field.
    I am using readsrv for the server name, when setup asks for a dns name I entered macbook.com
    So the final FQDNS should read readsrv.macbook.com.
    Also how does the Reverse DNS setup in SLS ???
    Leopard Server would automatically create this field, but I do not see this in SLS DNS Settings.
    I get this error in terminal.
    macbook:~ sls$ sudo changeip -checkhostname
    Primary address = 192.168.1.30
    Current HostName = macbook.com
    The DNS hostname is not available, please repair DNS and re-run this tool.
    Thank you all in advance, please help me out.
    Message was edited by: Mike Darland

    Here, you'll want to get a registered domain or use something severely unlikely to get issued as a real domain (host.mikedarland or some other such domain), unless you're tied in with the folks that have the macbook.com domain registered. Folks are activating new top-level domains (TLDs) like .travel. I'll refer to the domain and the zone example.com here, as this is an RFC-preferred domain name for (duh) an example domain.
    Get a good and restorable backup of your disk before you start.
    Launch Server Admin.
    Select the target server, select DNS, stop DNS.
    Select Settings.
    Select the forwarding server(s) as your upstream ISP DNS server(s).
    Select Zones.
    Clean out all of the zones you see there.
    Add a forward primary zone for example.com. (note that trailing dot), and select the DNS server for that zone as 192.168.1.30 or whatever the address of your host. (And as an aside, I'd get out of 192.168.0.0/16 just as soon as I could manage it, as that messes up VPN routing if/when you get there.)
    You'll get a reverse zone created gratis.
    Add an A record for hostnames; here using "hostname".
    For testing: aim one of your clients at the DNS server at 192.168.1.30 (or whatever the IP address) via explicit selection in Network Preferences or such. Aim dig hostname.example.com, and (presuming that kicks back an address), aim a dig -x w.y.y.z query to test the reverse translation.
    After you have it all working, aim your clients at the box via explicit specification for via DHCP setting. Do not reference the ISP settings directly.

  • How to resolve network issue or dns to access web page on snow leopard server?

    I have my network setup like as follows:
    internet > router 1 > ethernet ports > switch > router 2
    I have a mac osx snow leopard server connected to "router 1", but it is so slow when accessing a web page hosted on the server from a browser on a workstation connected to either router 1 or router 2?
    Is there a problem with my network setup or maybe because I changed the name to newservername.local?

    @Jeff and @Camelot,
    I think it is a DNS issue.  I completely reset the DNS settings on server and the local name with the steps below, but now cannot access the site hosted on the server at all
    I used a modified version of http://www.mkahn.com/2010/09/configuring-dns-on-mac-os-x-10-6-snow-leopard-serve r-for-hosting/ to reset the server set
    1.  Stop DNS Service in Server Admin
    2.  Close Server Admin
    3.  Obtain 10.6 DNS Default files (below)
    4.  Overwrite the DNS files with DNS Default files:
    /etc/dns/loggingOptions.conf.apple
    /etc/dns/options.conf.apple
    /etc/dns/publicView.conf.apple
    /var/named/named.ca/etc/named.conf
    /var/named/named.local
    /var/named/localhost.zone
    5. Restart your server
    All machines have 1ms ping responses within the network including this snow leopard server that I am trying to setup.  There is another test web server that return pages instantly within this network so I doubt it is a network issue, but a DNS issue.

  • Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

    Summary:
    After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
    Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
    Configuration:
    Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
    Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
    -> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
    DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
    en0: fixed public IP address -> controller.example.com
    en1: 192.168.1.254 -> controller.cluster
    -> 18 agents with AFP and Xgrid agent activated:
    en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
    VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
    _*Detailed problem description:*_
    After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
    Configure IPv4: Using PPP
    IPv4 address: 192.168.1.201
    Subnet Mask:
    Router: 192.168.1.254
    DNS: 192.168.1.254
    Search domain: cluster
    From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
    The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
    After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
    Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
    Configure IPv4: Using PPP
    IPv4 address: 192.168.1.202
    Subnet Mask:
    Router: (Public IP address of my VPN server)
    DNS: 192.168.1.254
    Search domain: cluster
    From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
    I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
    Any help is welcome!!!

    I would suggest taking a look at:
    server admin:vpn:settings:client information:network route definitions.
    as I understand your setup it should be something like
    192.168.1.0 255.255.255.0 private.
    at least as a start. I just got done troubleshooting a similar issue but via two subnets:
    http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0

  • DNS Configured-Best Practice on Snow Leopard Server?

    How many of you configure and run DNS on your Snow Leopard server as a best practice, even if that server is not the primary DNS server on the network, and you are not using Open Directory? Is configuring DNS a best practice if your server has a FQDN name? Does it run better?
    I had an Apple engineer once tell me (this is back in the Tiger Server days) that the servers just run better when DNS is configured correctly, even if all you are doing is file sharing. Is there some truth to that?
    I'd like to hear from you either way, whether you're an advocate for configuring DNS in such an environment, or if you're not.
    Thanks.

    Ok, local DNS services (unicast DNS) are typically straightforward to set up, very useful to have, and can be necessary for various modern network services, so I'm unsure why this is even particularly an open question.  Which leads me to wonder what other factors might be under consideration here; of what I'm missing.
    The Bonjour mDNS stuff is certainly very nice, too.  But not everything around supports Bonjour, unfortunately.
    As for being authoritative, the self-hosted out-of-the-box DNS server is authoritative for its own zone.  That's how DNS works for this stuff.
    And as for querying other DNS servers from that local DNS server (or, if you decide to reconfigure it and deploy and start using DNS services on your LAN), then that's how DNS servers work.
    And yes, the caching of DNS responses both within the DNS clients and within the local DNS server is typical.  This also means that there is need no references to ISP or other DNS servers on your LAN for frequent translations; no other caching servers and no other forwarding servers are required.

  • DNS problems with Snow Leopard

    I have had this problem for a long time, but it is especially annoying me today. My Mountain Lion iMac (2012 model) is slow to establish an internet connection when it wakes from sleep. My Snow Leopard machine has a much crisper and reliable connection. And, once the connection on the iMac balks ("you are not connected to the internet"), it takes longer than it should to correct itself. I can get to new sites (ones I haven't tried) more quickly than I can with the ones that failed. That's why I think this is a DNS issue.
    But there's more. The Apple-provided software actually takes the connection down almost always. The App Store and iTunes will almost certainly bust the connection. If I try to listen to a sample on iTunes, it will invariably stall at midpoint, say it's buffering, and then crap out. Lots of "Error -1009" messages (or something like that). What should I do?
    When I get a connection going, as with Netflix or something streaming, it's generally stable. That's why it's only an aggravating problem and not quite a deal breaker. But still, why am I turing to a Snow Leopard machine to get my work done?
    Thanks for your help!
    [Other details: I use a lousy 2Wire router from ATT, which has always been somewhat sketchy with the connection. I stopped using Safari because, for some reason, it has a higher success rate than Safari. Just weird and no one has had an answer.]

    Thanks, Barney. I've put these in and will let you know if things get better. My first check seemed better, but you know how these things go. I seem to remember putting the Google addresses in before and seeing the problem return. I can't say I really understand what DNS does.
    Also, I added the DNS servers, but there is still a greyed out "Search Domain" listed as gateway.2wire.net, which, obviously, is a domain assocaited with this router.
    I'll give you points once I figure out if this is a solutuion.

  • Configure DNS on Snow Leopard for private NAT with Open Directory

    I am needing to set up DNS on Snow Leopard server 10.6.4 for use with Snow Leopard clients only. On the server, I have two IPs, one public connections outside the network, and one private within the NAT range. DNS was not originally set up on the server, but Open Directory was (sort of). I've demoted the server from OD master to stand alone, but still can't get this to work.
    This server is only for setting up and using Open Directory + NetInstall services inside the network. In effect, it isn't serving web pages and isn't registered with our upstream DNS. What I am assigned to do is get Open Directory to set up user profiles and network shares and home directories. So, what I need is this -
    a basic DNS config I can do in Server Admin that will set up DNS to resolve to the local server NAT IP for Open Directory purposes;
    and provide DNS for outside the OS X server for the specified Snow Leopard clients.
    DHCP is running (but the clients were configured with static IPs in the NAT range). This serves as the DHCP server for the entire network (Windows + Mac clients that aren't in the static NAT range).

    Thanks for your replies. I realize I'm not making clear the way this network is configured . Also, the only services running on the Snow Leopard server are (at this time):
    dhcpd - in the 10.136.31.x range;
    dns - same as before;
    planned to add are:
    Open Directory (for network logins)
    Software update;
    Web (only on the 10.136.31.x Ethernet);
    mySQL (localhost only - for moodle);
    NAT is not set up on the Snow Leopard server itself. We have an outside router, a Cisco 2811. This router provides routing for both the public IP range, and the NAT range is configured in this router. The forwarding dns is located in LR and Fayetteville. So what I need is dns on Snow Leopard to forward outside queries to the state DNS servers, and resolve the local NAT IP only for Open Directory and a set of Snow Leopard clients.
    Is this going to be possible?

  • Configure DNS on Snow Leopard Server for Web Hosting

    Hi Everyone,
    I put together an article on my blog about Snow Leopard DNS setup for web hosting. http://www.mkahn.com/?p=279
    I'll be revising it over the next few weeks to make it more informative based around feedback. Let me know if you have any questions or trouble setting up DNS on Snow Leopard Server for web hosting.

    Thanks for your replies. I realize I'm not making clear the way this network is configured . Also, the only services running on the Snow Leopard server are (at this time):
    dhcpd - in the 10.136.31.x range;
    dns - same as before;
    planned to add are:
    Open Directory (for network logins)
    Software update;
    Web (only on the 10.136.31.x Ethernet);
    mySQL (localhost only - for moodle);
    NAT is not set up on the Snow Leopard server itself. We have an outside router, a Cisco 2811. This router provides routing for both the public IP range, and the NAT range is configured in this router. The forwarding dns is located in LR and Fayetteville. So what I need is dns on Snow Leopard to forward outside queries to the state DNS servers, and resolve the local NAT IP only for Open Directory and a set of Snow Leopard clients.
    Is this going to be possible?

  • Changes in DNS resolution in Mac OS X Snow Leopard

    Disclaimer: Apple does not necessarily endorse any suggestions, solutions, or third-party software products that may be mentioned in the topic below. Apple encourages you to first seek a solution at Apple Support. The following links are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use the information below at your own discretion.
    There have been two major changes in DNS resolution in Mac OS X Snow Leopard as compared to Mac OS X Leopard and previous releases, and this tip is intended to explain them.
    1) User-specified DNS servers, if any, are now used to the exclusion of all others
    DNS server addresses may be manually-specified by users via the Networking preference pane by selecting the active interface (e.g. AirPort, Ethernet, etc.), the clicking the "Advanced…" button in the lower right hand corner of the window, and selecting the "DNS" tab.
    DNS server addresses may also be provided by a DHCP server.
    In Mac OS X Snow Leopard, if any DNS servers are manually specified, they will be the only DNS servers consulted; any DNS servers specified via DHCP will be ignored
    This differs from Mac OS X Leopard and previous releases of Mac OS X, as in those releases, if DNS servers were specified manually as well as provided via DHCP, the manually-specified server(s) would be queried first, and if those requests failed, requests would then be sent to any DNS server(s) specified via DHCP.
    This means that in Mac OS X Snow Leopard, if queries to manually-specified DNS servers fail, the request will be considered to have failed and no DHCP-specified DNS server will ever be queried.
    Users may encounter this because at some point a DNS server (which is no longer functioning or reachable) was manually set in a work or other environment and they had forgotten about it since the previous behavior was for failed requests to "fall through" to DHCP-specified servers.
    Because of the change in behavior, those same systems will fail to resolve any DNS requests in Mac OS X Snow Leopard.
    2) mDNSResponder does not honor DNS server ordering
    While not explicitly documented, in Mac OS X versions earlier than Snow Leopard, DNS servers, whether specified manually or via DHCP, were queried in the order they were provided. For manual specification, this means in the order shown in the appropriate Network preferences pane tab, and for DHCP users in the order specified by the DHCP server.
    This is no longer true in Mac OS X Snow Leopard; instead mDNSResponder now seems to occasionally change the order in which it queries DNS servers from that in which they were specified.
    This has caused some users issues when DNS servers are specified in a specific sequence.
    For example, say your network has two DNS servers, a main server at address 192.168.100.1, and a secondary server at 192.168.100.2, which is normally only to be used if the primary DNS server fails as it is slower and/or has a slower link to the Internet.
    If they were specified in that order, past versions of Mac OS X would query them in that order, and unless a failure occurred contacting the primary server, the second server specified would never be contacted.
    In Mac OS X Snow Leopard, under various conditions mDNSResponder will instead decide to route all DNS queries to the second DNS server specified, perhaps as a method of routing DNS queries in a round-robin fashion.
    Nevertheless, this behavior is unexpected to most users, and may cause issues if the previous behavior was expected.
    The only workaround is to realize that Mac OS X Snow Leopard treats all specified DNS servers as being equally capable and to specify DNS servers, either manually or via DHCP, accordingly.
    This is the 1st version of this tip. It was submitted on November 15, 2009 by William Kucharski.
    Do you want to provide feedback on this User Contributed Tip or contribute your own? If you have achieved Level 2 status, visit the User Tips Library Contributions forum for more information.

    This tip is now ready for publication.

Maybe you are looking for

  • In Need of a good Notes App for taking Notes in Mathematics.

    I am a college student and do everything on my iPad now. I take notes on my iPad, but in math I need to draw my notes. Anyone else take math notes on their iPad 2? What app works best for you? I've bought three different apps and they are difficult t

  • No join in the query involving 2 tables

    Friends, I saw a strange plan for one query in TESTING DB today. Although 2 tables are involved i dont see any join , NL/HJ/SMJ !! Can you please tell why this might be happening? Note: i am not facing any performance issue but curious to know what t

  • ESS W-4 Online

    Hello we are planning on implementing W-4 Withholding services via ESS and we were wondering what companies are using this service successfully and if they have had any issues from an audit prospective. Since a hard copy of the form cannot be placed

  • Using p_trace=YES

    One of my pages was very slow to render and I suspected a query region on the page. So, after the page loaded, I went to the Location bar in the browser, added &p_trace=YES to the URL and hit Enter. I ran tkprof on the resulting trace file and it sho

  • Firefox blocking adobe flash player download

    mozila firefox doesn't allow me to download adobe flash player