Wifi Internal DNS Failing
Situation:
On our wifi iPhone/iPod Touch devices correctly receive DHCP information.
Access to the outside world works well with addresses resolving correctly.
However these devices cannot browse to internal names - only the underlying ip address.
Why?
Additional Info:
The DNS servers provided by DHCP are both internal.
Windows PC's using identical DHCP settings (served from the same server) resolve internal and external addresses successfully.
Changing the DNS servers to an external source is not an option as we want to use the Apple devices to access internal content.
this sounds pretty much like my problem at http://discussions.apple.com/thread.jspa?threadID=2534692&tstart=0. Is it possible your internal DNS zone is called <something>.local?
Similar Messages
-
Help
WiFi only works close to router, DNS fail, Signal Bars present but Safari says no Internet, I've deleted and re-added through to reset and full reset, I had no problem with 4.3.2 only 4.3.3 both my iPhone4 and my iPad2. I am now beside router - no problem, but go 20 metres and WiFi becomes unstable. Only way to get either to work is disable WiFi either as a Hot Spot or turn it off and use the 3G connection. This worked with 4.3 & 4.3.2 what has gone wrong? I raised it at the Apple Store in Belfast as a problem but was told that there was no problem with Apple but I must have a faulty router - yeah - that's a lot of faulty routers, my home, my office, my holiday home, Starbucks, my friends house, my son's house. I've tried all the 'fixes'. I think it is a plan to force us to buy Apple RoutersTwo ways out, I added two more Belkin Access Points in my house in Spain so that I'm not more than 10Mtrs away, (Reinforced Concrete & solar glass 2010)
I bought 3 Apple Airports, 1 x Extreme and 2 x Express (1 as a hard wired AP, 1 as an extender) for my other house (Brick construction 1930's)
Everthing now works perfectly, as I said 'an apple plot', so either blast them with signal or visit your nearest apple store.
Early beta iOS5 (iPad) is also much inproved in Beta 3, I have not had any problem with 'Lion'
Happy hunting!
john -
Internal DNS resolution issue - almost all external sites working
I administer an Xserve running 10.5.8 Server. This client is running internal DNS due to a few internal services (iChat, mail, VPN, etc) - but his website, of the same domain, is hosted externally at a hosting provider. This is where I'm running into odd problems. For examples:
ichat.company.com - 10.0.1.100 (when inside the network, also has FQDN on Internet)
mail.company.com - 10.0.1.100 (same as above)
www.company.com - xxx.xxx.xxx.xxx (the actual public IP address of the web server at the host)
Do I need to do it this way? If I don't define the "www" record internally, and point it to the external IP of the hosting provider for the website, the clients inside the network can't see the website, because the internal domain services aren't answering the "www" question and won't hand off to the internet records. It's frustrating because every time the client has a subdomain added to his website, i have to add a record on his internal DNS or it won't resolve at his office. example:
newdomain.company.com - xxx.xxx.xxx.xxx (public IP of the web host, or it fails)
Is there a way to have internal DNS for a domain answer most but not all questions for the domain?
- BillJust as an aside, you could potentially setup a subdomain for the internal systems, e.g. 'corp.company.com' and setup the internal services in this domain - ichat.corp.company.com, mail.corp.company.com, etc.
Then to get to the internal systems users use those .corp.company.com hostnames and the rest of .company.com gets sent upstream.
It may or may not be sufficient for your needs. This kind of model works well for static users that only work in the office but may not work so well for mobile users. -
Is anyone set up to use anycast for internal DNS?
Good Afternoon,
I've been considering using Anycast to provide some redundancy for internal DNS lookups. Configuring DNS and subsequent slave zones in Leopard is easy enough and as I understand it, Anycast is just a way of configuring routers so that one IP address can resolve to many different machines.
I see some of the benefits of using Anycast in that we can have the same 2 dns ip addresses in perpetuity and that as long as one node is up, people will be able to get out.
So my question to you guys: Has anyone done this? If so, is there anything I need to look out for before I start? Is there something you wish you'd known before you started down this path.
I'd love to hear your experiences and read any documentation you might have kept. I thought Mr Hoffman's write up on his DNS services was really excellent btw.
Cheers,
daveDo you have a particularly large infrastructure?
IP Anycast is usually implemented via BGP announcements from your router(s), with each router using the BGP tables to determine the 'best' server to use. If you're doing this for internal DNS then that assumes you're already running IBGP.
Even then, BGP is a pretty dumb protocol - all it does is say 'hey, here's how to get to a.b.c.d IP address'. It has no idea whether the specific server/service you're after is available at that address.
In other words, even if you setup IP Anycast via IBGP you'll still have clients routing to a dead server unless you can somehow update your BGP tables when a server goes down. Not a trivial task for most routers.
It sounds like what you really want is more load balancing than IP Anycast. There are numerous load balancers than can do this. Another option (if your DNS servers are physically close) is to use some kind of failover process so that the second server assumes the role (and IP address) of the first server should it fail (and vice versa). That option is built-in to Mac OS X Server (although it takes a little command-line jiggling to get it working).
Then again, the whole point of defining multiple DNS servers on the client is that the client will automatically fail over to alternate servers if it doesn't get a response from the first - in other words, the clients already have built-in failover for DNS (although the user will notice lookup delays when the primary server is offline). -
DNS in DHCP Pool (Internal DNS issue)
I know that we can setup multiple DNS server under DHCP pool. But I like to make sure the order.
I have multiple branch offices.
Let us say that Branch 1 office has a router with 10.30.1.1 as default gateway.
Our internal DNS is 10.0.0.1 and 10.0.0.2 as Pri and Sec.
My order of DNS server is like below.
1. gateway
2. internal DNS
3. public DNS provided by ISP
I saw couple of issues that when I put internal DNS first. Particular situation is when IPsec is not working, users could not access internet through domain name because they had internal DNS which is not reachable.
But, when gateway is first order, I am not sure whether user are able to access internal website because gateway DNS doesn't have internal DNS records.
So, my question is that. what should be the best order for DNS setup under DHCP among default gateway, internal DNS and public DNS? Our current setup doesn't have even gateway address, it only has internal DNS addresses only.
ip dhcp pool ccp-pool1
network 10.30.1.0 255.255.255.0
domain-name test.org
default-router 10.30.1.1
netbios-name-server 10.30.1.1
dns-server 10.30.1.1 10.0.0.1 10.0.0.2 24.25.5.60Thank you, Richard.
You are right. when I setup router IP for DNS server in DHCP pool. it did not work.
Let me ask regarding external DNS forwarding.
I like to know the process of exteranl DNS.
User --> Internal website --> OK with internal DNS
User --> External website --> Internal DNS forwarding to External DNS
We have our own external DNS (ns), in this case, if external DNS (ns) is down, every branch users are not able to resolve any external IP because internal DNS can't get reply from external DNS?
2nd question)
IPsec is split-tunneled, but in this case, every DNS request goes internal DNS which is located in HQ and goes back through IPsec? Usually Split tunnel doesn't go internet traffic through IPsec but internet directly.
3rd Question)
what is for ip name-server x.x.x.x when I setup ip name-server 8.8.8.8 and I tried to ping 8.8.8.8 from router, it didn't work. Am i missing something?
https://supportforums.cisco.com/thread/230711
Thanks for your time and knowledge. -
Internal DNS - emailsrvr.mydomain won't resolve, IP does - www works.
Internal Mail won't resolve to emailserver domain, but LAN ip is fine
Hey gang, longtime reader first time poster.
After wrestling with this issue, i'm about out of ideas.
Here's my setup.
Leopard server 10.5.4, running OD master (all rocking),
AFP, Firewall, DNS, (mobile) network home directories.
I'll call this "xserve.mydomain.com "
Its NAT'd IP is 192.168.1.102.
It's a FQDN, kerberos is running and happy, all is well.
There are about 12
clients, each with a desktop (imac) and laptop (macbook).
I have a second (windows 2003 sbe) server hosting the following
services: Exchange and Web (for now).
I'll call this winsbe.mydomain.com
Its NAT'd IP is 192.168.1.101
My External DNS setup is this.
Our DNS hosting is done by our registrar (network solutions).
We own 4 static IPs from our ISP.
One IP is for our router/firewall providing NAT
to internal clients, and the xserve is on DMZ, with
its OSX firewall service turned on.
One IP is for the
windows server. (the last two, if you've been counting, are unused .
Via Network Solutions "advanced DNS", I have our zone
configured. "xserve.mydomain.com" points to its WAN
IP (66.xxx.xxx.198).
www points to 66.xxx.xxx.194.
MX records refer to "winsbe.mydomain.com" via
WAN IP 66.xxx.xxx.194 as well.
All outside services resolve correctly.
IE, i can hit the website and send/receive email from mydomain.com.
My internal DNS as setup as this:
primary zone= mydomain.com
nameserver= xserve.mydomain.com
mx record= winsbe.mydomain.com
xserve.mydomain.com has an A record to LAN IP.
winsbe.mydomain.com has an A record to LAN IP.
www is a CNAME record to winsbe.mydomain.com. <----i'm not sure about this one but it works.....
My forwarder IP points back to my Router (which seems to give me better performance than using ISP
DNS from here..)
I know this is working fine insofar as the webserver, as
an nslookup (www.mydomain.com) internally resolves www to 192.168.1.101.
mydomain.com and www.mydomain.com hit the webserver internally
on client browsers. rock.
Again, forward AND reverse nslookups internally resolve to winsbe.mydmain.com/92.168.1.101
Here is my guess as to my problem,
my internal hostname + a record for the windows server the same as the MX record
which has an alias from www.
I think it's getting effed in there somewhere?
If I setup email clients with the windows server LAN IP rather than
the domain "winsbe.mydomain.com" it all works fine.
I'd frankly be willing to half-*** it with this solution,
but each client will require a mobile computer, so we can't have that
I feel like i'm on the right track, but
just can't make the breakthrough.
Am I barking up the wrong tree here?
Here is a last question,
I have my firewall/router as the "Forwarder IP Address"
in the last page of Settings in server admin. When i put
my ISP's DNS servers, i always get a 2 second delay
for any web query on any client.
I have "127.0.0.1" as the first DNS entry in xserve Network Preferences.
The xserve is the only DNS entry in the client computers.
This isn't a "bad practice" or anything is it?For the curious, my named.conf below (haven't messed with it):
// Include keys file
include "/etc/rndc.key";
// Declares control channels to be used by the rndc utility.
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.
// Default controls
controls {
inet 127.0.0.1 port 54 allow {any; }
keys { "rndc-key"; };
options {
include "/etc/dns/options.conf.apple";
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
// query-source address * port 53;
// a caching only nameserver config
logging {
include "/etc/dns/loggingOptions.conf.apple";
// Public view read by Server Admin
include "/etc/dns/publicView.conf.apple";
// Server Admin declares all zones in a view. BIND therefore dictates
// that all other zone declarations must be contained in views. -
Internal DNS server and NAT routing issue.
Hi -- I am not terribly experienced with DNS and I am running into an issue that I can't seem to resolve. My company.com DNS information is hosted by an outside ISP for email, web, etc... but I have configured an A record there to point to the public IP to my mac os x server (server.company.com).
We have a cisco router configured with one to one NAT from the public IP to the internal IP for our server in a 192.168.15.x subnet. The same router is running DHCP and and NAT on that subnet under a different public IP provided by our ISP.
Our server is running DNS with recursion and has a "company.private" zone set up for internal services and machine names. Thus, the server is accessible via "server.company.com" from the outside and "server.company.private" from the private LAN.
The problem is that I would like to be able to access some services simply via "server.company.com" both inside and outside the private network. Now, accessing the "server.company.com" services from the private lan does not work because the name resolves to the external IP and the external IP cannot be used internally due to NAT.
Is there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
I know that I could manually duplicate all entries for our domain from my ISP and host the same entries for internal clients, but it would be much easier to only have our server handle requests for itself. The server is running OS X Server 10.4.11.
ThanksIs there a way to configure my internal DNS server to respond with the appropriate private address when receiving a query only to "server.company.com" and forward requests on for anything else on "company.com"?
Ordinarily, no. Once your server thinks it is responsible for a zone (e.g. company.com) then it will answer all queries for that domain and never pass them upstream. Therefore you'd have to replicate all the zone data, including all the public records, and maintain them both.
The one possible exception to this (I haven't tried) is to create a zone for server.company.com that has your internal address. In theory (like I said, I haven't tried this), the server should respond to 'server.company.com' lookups with its own zone data and defer all other lookups (including other company.com names since they're not in a zone it controls). Might be worth trying. -
Access website with same name as internal dns...
Hi there
I've set up a server with internal dns zone as 'example.com' with the machine name being 'server.example.com'
Everything has been going well, but we cannot now access our externally hosted website at 'www.example.com' I now realise from looking at other posts on the web that perhaps I should have not used the same dns address internally as is used externally, but we have plans to bring mail servers in-house and so thought that this would be the correct way to go.
Can anyone offer advice on the correct way to resolve this?
ThanksFrom what you're saying then, I need to change the DNS host name of the internal network to example.net or similar.
You can use a level within your own domain, such as server.internal.example.com, where server is the host name and internal identifies a host within your network, and example.com is a domain you own. Larger networks use this construct to identify hosts within a corporate site or a particular building, such as www.corp.example.com, www.frobnitz.example.com and www.boston.example.com.
I assume it doesn't matter if I don't own the domain example.net?
Do not use a domain that you do not have permission to use.
Only use domains you own (best), or domains that will never be activate.
It's best if you use a domain you own or a subdomain of a domain you own, or (less desirably, but functional) use a Top Level Domain (TLD) string that will never be a domain (a completely made-up domain such as server.tvkiddomain where tvkitdomain is a text string that will never match a real domain such as .COM or .NET or .BIZ or .TRAVEL or the country codes or the gazillions of these TLD strings that are coming on-line. (That there are TLDs coming on-line makes this somewhat more risky; you can end up using a domain you don't own of somebody lights up a matching TLD.)
The second parallel domain is small cost and simple, particularly as you need few or no services for it from your registrar. (When I buy domains for a site, I usually purchase several TLDs around the domain -- such as the classic big three .COM, .NET and .ORG -- and then have these available for just this sort of purpose. It's easier to buy these up front than to add them later, given the usual domain squatting that can happen. And it's not much money. And it's flexibility for later network activities, and far easier to describe and to support.)
Will the changeip command change the DNS name of machines that I've set up, so that server.example.com will be renamed server.example.net? I assume I'll need to unbind and rebind any client machines that I've bound to the server?
changeip would be the tool I'd use, yes. And I'd reconnect, yes. There's a DNS command around that flushes the DNS caches on the clients; you'll also need to clear that.
Prior to Leopard, on each DNS client:
sudo lookupd -flushcache
Leopard DNS cache flush, on each DNS client:
sudo dscacheutil -flushcache
Thanks for the pointer to the other post, was helpful, but I think that changing the internal DNS host name will be the simplest option...
IMO, the simplest option is to avoid domain name collisions and to avoid domains you don't own; to maintain the basic operations and assumptions of DNS.
Bad DNS is one of the few things you can do that can screw up other hosts and other sites on the Internet. -
New Asa 5505... Anyway to set up behind home router with no internal DNS?
Since the home router is the DNS server, the Asa has no internal DNS which is probably the cause of no internet. Is there any way around this?
Can you not simply use the ASA as the DHCP server and include the DNS server in your DHCP configuration ?
Jon -
DNS resolution on Anyconnect - multiple different internal DNS servers
All,
We have multiple different internal windows AD domains within our network, that currently do not replicate their DNS zones between them.
Is there anyway with an ASA/anyconnect VPN to create a configuration so the ASA inspects the DNS lookups from a user connected via the anyconnect VPN client, and route it to a defined internal DNS server?
For example I have three internal AD domains site1.com with a dns server ip of 1.1.1.1 , site2.com 2.2.2.2, site3.com with a dns server ip of 3.3.3.3, when a user VPN's in and performs a dns lookup for the name server1.site1.com the ASA see's it is for site1.com and routes the lookup to 1.1.1., however when a user performs a dns lookup for server1.site2.com, the asa see's its is fro site2.com and routes the DNS lookup to 2.2.2.2.
Any thoughts on alteratives to over come the problem also welcome and/or if anyone can point me to a link that explains the function of "mulitple DNS server groups, which is located in the ASDM interface under Remote Access VPN->DNS (as I have not been able to find a plain english explanation of the function as I am unsure if this does what I am looking for)
ThanksHi Dominick,
I have a solution for your problem. You will need to log into the CLI of the WSA and issue the following commands:
s370r01.csw> dnsconfig
Currently using the local DNS cache servers:
1. Priority: 0 10.9.8.8
Choose the operation you want to perform:
- NEW - Add a new server.
- EDIT - Edit a server.
- DELETE - Remove a server.
- SETUP - Configure general settings.
- SEARCH - Configure DNS domain search list.
[]> localhosts <----- Hidden Command
Local IP to Host mappings:
Choose the operation you want to perform:
- NEW - Add new local IP to host mapping.
- DELETE - Delete an existing mapping.
[]> new
Enter the IP address of the host you are adding.
[]> 10.1.1.1 < -------- IP of the M series
Enter the canonical host name and any additional aliases (separate values with spaces)
[]> Host name of the M series. Hit enter until you get back to the command prompt and type commit then enter.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator -
CAS array internal DNS IP address best practice
Hi, Just a question about a best practice approach for DNS and CAS arrays.
I have an Exchange 2010 Org. I have two CAS/HUB servers and two MBX servers. My external DNS (mail.mycompany.biz) host record points to a public IP address which is NAT'd to the internal IP address of my NLB CAS cluster. I maintain a split brain
DNS. Should the internal DNS entry for mail.mycompany.biz also point to the public IP address or should it point to the internal IP address of the NLB cluster?A few comments:
The reason you have split DNS is to do exactly these sort of things: inside users hit the inside IP and outside users hit the outside IP. You'll have to look at your overall network design to see if it makes sense for users to take this shortest route
to the services, or if there is value in knowing all users simply take the same path.
You should not be using the same DNS name for your web services (e.g. OWA) as you are for your CAS array. This can cause very long connection delays on Outlook clients, not to mention overall confusion in your design. Many orgs will use something
like "outlook.domain.com" for the Client Access Array and "mail.domain.com" for the web services. Only the later of these two need to be exposed to the internet.
Keep in mind, Exchange 2013 dramatically changes this guidance. There is no more CAS array, and the
recommended design is to use dedicated namespaces for each web service.
Mike Crowley | MVP
My Blog --
Planet Technologies -
I have an OS X 10.6.8 Server with DNS and Mail running on it.
The internal domain does not match the external domain.
Users can send and receive IMAP email on iPhones, iPads and laptops whilst outside the network using 'mail.mydomain.com' with corect account details.
A and PTR lookups resolve correctly using the internal domain on the server and the external domain on the internet.
webmail.mydomain.com also works perfectly outside the network but is unreachable using https://webmail.mydomain.com:443 internally - and it should.
There is a ALIAS set up in the servers DNS that points webmail.mydomain.com (external) to server.mydomain.com (internal).
I am using a ZyXel P-660HN-F1Z Router with the firewall turned off and all the port forwarding correct... otherwise the external mail wouldn't work!
Previously we used a BT 2wire Gateway that didn't do anything clever - but all the mail worked internally and externally.
Is it my router config, or the DNS on the server screwed?
Would really love some help.
Thanks
SimonThere's not enough information to be sure of your configuration.
it would seem appropriate to set up your external domain - I'll refer to that external domain as example.com as your mydomain.com is a real and registered domain - as the MX record for your internal domain which I'll refer to as example.net.
With this configuration, there would be no internal definitions (A machine records or CNAME alias records for any of the example.com hosts in your internal DNS services.
If you're using the same example.com domain both within your local network and a second example.com implementation on a second and separate and external DNS server configuration, then you'll need to reference all the hosts directly in both places; in your internal DNS services configuration, and you'll need to replicate all definitions of all hosts in your external DNS services configuration.
See if your internal network can ping (if that's enabled) or telnet into port 25 or such using your external domain name, as that'll tell you if your router is smart enough to pass packages destined for your public static IP address back into your network.
Your internal hosts should all references ONLY your local DNS server on your LAN, and NO other DNS servers. Again, your internal hosts should reference ONLY your internal DNS server, and should not also reference your ISP DNS or other external DNS servers.
There's a list of internal DNS services setup information here, and there are also links from that article to articles around setting up external DNS services; DNS inside your firewall, and DNS outside your firewall. -
Internal error: Failed to get GenericServlet
I'm using iPlanet 4.1sp7. I'm getting "Internal error: Failed to get GenericServlet" errors when I try to use jsp's. I've tarred and copied a working iPlanet from Sol7 to this Sol8 system and still the same error. CLASSPATHs seem fine. Any tips on where to start?
Hi,
Please check belows things.
1. Did you use supported JDK version with iWS 4.1sp7.
2. Whether did you able to run sample(HelloWorld) jsp.
3. Confirm that classpath as added in jvm12.conf or context.properties and restarted the server.
4. Try to run same jsp in different version of iWS.
Still did you face problem, let me know last 10 lines in error log.
Thanks,
Dakshin.
Developer Technical Support
Sun Microsystems
http://www.sun.com/developers/support. -
I have a new HP Officejet 6500A plus. I cannot get it to connect to my Airport Extreme V5.6. It see the wifi signal but Fails on "Filtering" and possibly the channel. Does anyone know how to reset or reconfigure filtering and channel on the old airports?
This is a part of the larger MacBook Pro connectivity issue. There are several related threads dealing with the MBP's networking problems. If your unit is suffering from this type of difficulty, good luck ... (or a long ethernet cable)
(PS Everybody please make noise on this one so apple comes up with a solution.)
< Edited by Host > -
My internal drive failed after a year of hard use. It's still under the extended warranty, and wondered if I could take it to a local Apple store and have them replace it. Would they be able to do it inhouse (Japan) or have to ship it back to the states? Would they even replace the drive or is this something I have to do myself? There is a store called Sofmap in Akihabara that stocks 2.5 SATA drives, and I can look on http://www.xlr8yourmac.com for a list of drives that others have had success with.
If I had to do this myself, how easy or hard is it to get the old drive out, and the new one in? I'm handy with tools as I used to have a G4 tower, and installed lots of aftermarket parts in it.
Computer is a US model bought in Tennessee Oct 2007.
TIA!Hi,
It's very simple to replace the drive. No more taxing than adding additional RAM.
As for your warranty question (AppleCare?), only the people honouring the warranty can answer those questions for you, so I'd recommend contacting them directly.
We're just users like yourself here so it doesn't matter if someone claims yes and another claims no
Maybe you are looking for
-
My SAFARI KEEPS CRASHING STATING THAT IT QUIT UNEXPECTEDLY DUE TO CT_PLUGI
HELLO MY SAFARI KEEPS CRASHING DUE TO CT_PUG-IN PLUGINS. PLEASE HELP! Process: Safari [257] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 5.0.4 (5533.20.27) Build Info: WebBrowser-75332027~2 Code Type: X86
-
Read-only access to weblogic console in WL 6.1sp2
Is there a way to restrict a user to read-only priv. on the weblogic console? Either by using acl's or other means. Thanks in advance, Brown
-
Transfer of material from sales order stock to subcontractor
Iam having subcontracting operation in routing. But i am not able to transfer of material from sales order stock to subcontractor when i do 541 movement
-
Hi, I am developing a Flash game using as3, I chose flex Builder with an AS3 project. Now I am thinking that if selecting the project to be a flex project instead of as3 project I would have a lot of flex functionality like a swf loader,preloaders an
-
Big trouble with multiple forms in a page and submit - commit buttons
Hi Thank you for reading my post I have created a menu system based on a sample 61 at http://radio.weblogs.com/0118231/stories/2004/09/23/notYetDocumentedAdfSampleApplications.html so , on each page i have a form that contains my menu system , when i