Leopard Name Resolution Issues

Not strictly an "admin" question, except insofar as it has to do with
system settings, but I figure somebody on here might know about this. I was
messing with the "use dynamic global hostname" (hereafter, UDGH) settings
on a Leopard machine of mine, and although I turned UDGH off after I was
done messing with it, I seem to have somehow borked name resolution on my
machine. It seems that CNAME records in the tffenterprises.com domain,
which is where I was messing with UDGH, no longer resolve properly. Here is
some example output from "dig" and "ping" (on the same machine, with no
change in DNS server settings in between):

dmz@whitestar ~ =) dig babylon4.tffenterprises.com

; <<>> DiG 9.4.1-P1 <<>> babylon4.tffenterprises.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42517
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;babylon4.tffenterprises.com. IN A

;; ANSWER SECTION:
babylon4.tffenterprises.com. 3538 IN CNAME babylon4-tff.dyndns.org.
babylon4-tff.dyndns.org. 60 IN A 128.208.244.210

;; Query time: 93 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Nov 27 19:47:06 2007
;; MSG SIZE  rcvd: 98

dmz@whitestar ~ =) ping babylon4.tffenterprises.com
ping: cannot resolve babylon4.tffenterprises.com: Unknown host

I find this very odd, because it seems to me that my nameserver (which
happens to be the built-in caching nameserver of an AirPort Express, in
this case) is working fine - and on all the other machines connected to it,
the above ping works properly. I've run "dscacheutil -flushcache" to see if
maybe I had a bad directory services cache entry, but that didn't help...
and neither did a reboot.

Anybody have any idea what might cause this, or how I could start tracking
it down? I've tried resetting my TCP/IP settings from scratch, even to the
point of deleting my AirPort device and recreating it in the Network
preferences, and nothing seems to get rid of the problem.

-Dan

------------------------------------------------------------------
Daniel M. Zimmerman                                TFF Enterprises
1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
Tacoma, WA  98402  USA                      dmz@...
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

On Nov 27, 2007 7:52 PM, Daniel M. Zimmerman
<dmz-lists@...> wrote:
> Anybody have any idea what might cause this, or how I could start tracking
> it down?

This appears to be a server side issue, I experience the same thing:

Macintosh:~ JohnM$ dig babylon4.tffenterprises.com

; <<>> DiG 9.4.1-P1 <<>> babylon4.tffenterprises.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12458
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;babylon4.tffenterprises.com. IN A

;; ANSWER SECTION:
babylon4.tffenterprises.com. 3600 IN CNAME babylon4-tff.dyndns.org.
babylon4-tff.dyndns.org. 60 IN A 128.208.244.210

;; Query time: 746 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Tue Nov 27 20:30:44 2007
;; MSG SIZE  rcvd: 98

Macintosh:~ JohnM$ ping babylon4.ttfenterprises.com
ping: cannot resolve babylon4.ttfenterprises.com: Unknown host




--
Best Regards,

John Musbach
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

--On 27 November 2007 20:32:45 -0800 John Musbach <johnmusbach@...>
wrote:

> On Nov 27, 2007 7:52 PM, Daniel M. Zimmerman
> <dmz-lists@...> wrote:
>> Anybody have any idea what might cause this, or how I could start
>> tracking it down?
>
> This appears to be a server side issue, I experience the same thing:

(snip)

Odd. Very odd. I don't experience the same issue on any of the other
machines I own or have access to, Mac OS X or otherwise, both inside the
same local network and on other networks. Still, it's useful information to
know that it's not a completely isolated failure; I guess I'll double-check
my DNS server configuration (though I'm not expecting to find much there).

-Dan

------------------------------------------------------------------
Daniel M. Zimmerman                                TFF Enterprises
1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
Tacoma, WA  98402  USA                      dmz@...
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

On Nov 27, 2007 9:27 PM, Daniel M. Zimmerman
<dmz-lists@...> wrote:
> Odd. Very odd. I don't experience the same issue on any of the other
> machines I own or have access to, Mac OS X or otherwise, both inside the
> same local network and on other networks. Still, it's useful information to
> know that it's not a completely isolated failure; I guess I'll double-check
> my DNS server configuration (though I'm not expecting to find much there).

Not even the servers at dnsstuff.com can ping the server at that
address: http://www.dnsstuff.com/tools/ping.ch?ip=babylon4.ttfenterprises.com
so it definitely seems to be a server side issue



--
Best Regards,

John Musbach
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

--On 27 November 2007 22:27:40 -0800 John Musbach <johnmusbach@...>
wrote:

Actually, no. On looking again, you made a typographical error both in your
ping test and in the above URL:

> Macintosh:~ JohnM$ ping babylon4.ttfenterprises.com
> ping: cannot resolve babylon4.ttfenterprises.com: Unknown host

The hostname is "babylon4.tffenterprises.com" - note the 2 f's, like in my
email address. :)

The host is definitely pingable... from literally every machine I've tried,
other than the one poor Leopard client I described earlier.

-Dan

------------------------------------------------------------------
Daniel M. Zimmerman                                TFF Enterprises
1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
Tacoma, WA  98402  USA                      dmz@...
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

On Nov 27, 2007 10:41 PM, Daniel M. Zimmerman
<dmz-lists@...> wrote:
> Actually, no. On looking again, you made a typographical error both in your
> ping test and in the above URL:
>
> > Macintosh:~ JohnM$ ping babylon4.ttfenterprises.com
> > ping: cannot resolve babylon4.ttfenterprises.com: Unknown host

Oh oops, so sorry. Good catch! :)

One thing to try is set your dns servers to the following opendns servers:

208.67.222.222 and 208.67.220.220...

ping the hostname, then set the dns server back to the address of your
airport wireless device and try pinging again

--
Best Regards,

John Musbach
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

--On 27 November 2007 22:50:17 -0800 John Musbach <johnmusbach@...>
wrote:

> One thing to try is set your dns servers to the following opendns servers:
>
> 208.67.222.222 and 208.67.220.220...
>
> ping the hostname, then set the dns server back to the address of your
> airport wireless device and try pinging again

Believe it or not, I already tried that. It gave me the following truly
bizarre result:

dmz@whitestar ~/courses/current =( ping babylon4.tffenterprises.com
PING babylon4.tffenterprises.com.insttech.washington.edu (208.67.219.137):
56 data bytes
(successful pings)

As it happens, my DNS search path includes the following:

local
tffenterprises.com
insttech.washington.edu
washington.edu

So what seems to have happened with the ping is that the local resolver
couldn't find the host at the name I actually typed... so it decided to
tack insttech.washington.edu on the end, creating a nonexistent hostname
that OpenDNS's apparently-fundamentally-misconfigured DNS servers resolved
to their catchall address of 208.67.219.137 (going to
http://babylon4.tffenterprises.com.insttech.washington.edu/ to satisfy my
curiosity gave me a page that helpfully asked me if I was looking for the
University of Washington website - yay!).

So... same problem, it seems, regardless of the DNS server I'm using.
Definitely not a server-side issue.

Anybody have any ideas on client-side issues with Leopard's resolver that
might cause this sort of problem?

-Dan

------------------------------------------------------------------
Daniel M. Zimmerman                                TFF Enterprises
1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
Tacoma, WA  98402  USA                      dmz@...
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

On Nov 27, 2007 10:57 PM, Daniel M. Zimmerman
<dmz-lists@...> wrote:
> Anybody have any ideas on client-side issues with Leopard's resolver that
> might cause this sort of problem?

Here's how to flush the client side dns:
http://www.inertramblings.com/2004/05/11/mac-os-x-clearing-dns-cache/



--
Best Regards,

John Musbach
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

--On 27 November 2007 23:00:45 -0800 John Musbach <johnmusbach@...>
wrote:

> On Nov 27, 2007 10:57 PM, Daniel M. Zimmerman
> <dmz-lists@...> wrote:
>> Anybody have any ideas on client-side issues with Leopard's resolver that
>> might cause this sort of problem?
>
> Here's how to flush the client side dns:
> http://www.inertramblings.com/2004/05/11/mac-os-x-clearing-dns-cache/

Doesn't work on Leopard - the Leopard equivalent is "dscacheutil
-flushcache", which, as mentioned in my original message, I have already
tried. Several times.

It's _certainly_ a configuration issue of some kind - it's fairly obvious
to me that I somehow borked the configuration by playing with Bonjour
settings in the "use dynamic global hostname" panel, in a way that wasn't
fixed by turning that back off... I'm hoping somebody has a clue what kind
of issue.

-Dan

------------------------------------------------------------------
Daniel M. Zimmerman                                TFF Enterprises
1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
Tacoma, WA  98402  USA                      dmz@...
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

On Nov 28, 2007, at 2:05 AM, Daniel M. Zimmerman wrote:

Have you restarted your machine?

What steps did you take to implement this?

Did you run rndc-confgen to create a new key file to authenticate  
your Bonjour updates?

-dhan

------------------------------------------------------------------------
Dan Shoop
Computer Scientist
iWiring / U.S. Technical Services

shoop@...
AOL IM .................... iWiring
Nextel .................... 1-714-363-1174
Operations TOC (24/7) ..... 1-866-901-USTS
USTS Offices .............. 1-714-374-6300

For immediate response for urgent matters please speak to the Duty  
Officer
at the USTS Tactical Operations Center (above) who can reach me by  
radio.


_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

--On 29 November 2007 12:51:28 -0500 Dan Shoop <shoop@...> wrote:

>> It's _certainly_ a configuration issue of some kind - it's fairly
>> obvious to me that I somehow borked the configuration by playing
>> with Bonjour settings in the "use dynamic global hostname" panel,
>> in a way that wasn't fixed by turning that back off... I'm hoping
>> somebody has a clue what kind of issue.
>
> Have you restarted your machine?

Yes.

> What steps did you take to implement this?

The original borkage? Well, I did some reconfiguration on my DNS server to
add a new bonjour subdomain as per the instructions on dns-sd.org. I then
attempted to use the "use dynamic global hostname" to register a dynamic
hostname with my DNS server, but it didn't work, maybe because...

> Did you run rndc-confgen to create a new key file to authenticate your
> Bonjour updates?

...no, I didn't.

But after I did this and it didn't work, I removed the bonjour subdomain
and all references to it from the DNS server, and set the client to _not_
"use dynamic global hostname", and that's when I noticed that the problem
persists. I never did anything on the command line on the client over the
course of the entire episode.

(the problem, to reiterate in case people don't want to go back to the
beginning of the thread: the client can "dig", but cannot "ping", the host
"babylon4.tffenterprises.com" (which happens to be a CNAME to a dyndns.org
name)... the "ping" reports that the host does not exist. Other clients
using the same DNS server do not exhibit the problem.)

-Dan

------------------------------------------------------------------
Daniel M. Zimmerman                                TFF Enterprises
1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
Tacoma, WA  98402  USA                      dmz@...
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

--On 29 November 2007 13:57:10 -0800 "Daniel M. Zimmerman"
<dmz-lists@...> wrote:

> (the problem, to reiterate in case people don't want to go back to the
> beginning of the thread: the client can "dig", but cannot "ping", the
> host "babylon4.tffenterprises.com" (which happens to be a CNAME to a
> dyndns.org name)... the "ping" reports that the host does not exist.
> Other clients using the same DNS server do not exhibit the problem.)

Another followup on this. Poking around with scutil, I can see the
following:

root@whitestar ~ =) scutil
> show State:/Network/PrivateDNS
<array> {
  0 : bonjour.tffenterprises.com.
  1 : tffenterprises.com.
}

Now, if I clear that out (with a "d.init" followed by a "set
State:/Network/PrivateDNS"), the name resolution works again... but
unfortunately, it doesn't stay that way - for instance, if I enable "Back
to My Mac" (a feature which was working fine before all this started), I
end up with:

root@whitestar ~ =) scutil
> show State:/Network/PrivateDNS
<array> {
  0 : bonjour.tffenterprises.com.
  1 : tffenterprises.com.
  2 : dmz.members.mac.com.
}

So it's getting "bonjour.tffenterprises.com" and "tffenterprises.com" as
PrivateDNS entries, from _somewhere_... but I have no idea where, and I
haven't had any luck tracking it down.

So, now that I know exactly where in the system configuration the problem
lies... anybody have any suggestions on where the two offending entries
might be resurrecting from, and how I can purge them for good?

-Dan

------------------------------------------------------------------
Daniel M. Zimmerman                                TFF Enterprises
1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
Tacoma, WA  98402  USA                      dmz@...
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@...
http://www.omnigroup.com/mailman/listinfo/macosx-admin

So, now that I know exactly where in the system configuration the problem
lies... anybody have any suggestions on where the two offending entries
might be resurrecting from, and how I can purge them for good?

I also encountered this issue in Leopard 10.5.1 -  this is the procedure under which I resolved the issue. Hopefully it will work for you as well.
1. Open System Preferences
2. Open Sharing
3. Click Edit... under Computer Name
4. Check the checkbox next to Use dynamic global hostname
5. LEAVE ALL FIELDS under dynamic global hostname BLANK - there isn't any field validation
6. Click OK

The State:/Network/PrivateDNS key remains unchanged, but seems to affect the system configuration elsewhere allowing DNS resolution to succeed.

Jeff Hall wrote:

I also encountered this issue in Leopard 10.5.1 -  this is the procedure under which I resolved the issue. Hopefully it will work for you as well.
1. Open System Preferences
2. Open Sharing
3. Click Edit... under Computer Name
4. Check the checkbox next to Use dynamic global hostname
5. LEAVE ALL FIELDS under dynamic global hostname BLANK - there isn't any field validation
6. Click OK

The State:/Network/PrivateDNS key remains unchanged, but seems to affect the system configuration elsewhere allowing DNS resolution to succeed.

I encountered this same problem in Mac OS X 10.5.2.  I lost internet connectivity after fiddling with my sharing preferences and trying out the "Use dynamic global hostname" feature. I first noticed the problem when Firefox wouldn't load any web pages and Safari gave me a "you are not connected to the internet" error. I could still ping servers like google.com via the command line, but I could only surf the web by specifying the IP address of the server I wanted to connect to.

The previous post helped me fix this problem, although I had to modify step 5 of Jeff's solution. Instead of leaving all fields blank, I had to enter bogus information for each of the 3 fields (I used a single space character). I did not check the bonjour checkbox. When I clicked OK my name resolution issues disappeared! After it was fixed I went back and turned off the "Use dynamic global hostname" feature altogether.

Thanks for posting this thread or I may never have fixed this problem. BTW, does anyone know how to report this bug to Apple? I still have no idea what the feature is for, and this is a pretty serious bug for anyone that innocently tries it out.