DNS problem in OSX Server 10.6

Discussion in 'Mac OS X Server, Xserve, and Networking' started by charlieatlantic, Oct 4, 2009.

  1. charlieatlantic macrumors newbie

    Joined:
    Oct 4, 2009
    #1
    Hello there,

    I wonder if someone can help me out. I'm slightly tearing my hair out.

    I seem not to be able to get DNS to work correctly on OSX Server 10.6 (and I had the exact same problem on 10.5 within the same network). I am running Server 10.6 on an XServe. Both DNS and DHCP are enabled. The XServe has a static IP address of 192.168.0.2. The network's Netgear router, with internet connection, has a static IP of 192.168.0.1. The rest of the IP addresses are dished out by DHCP on the XServe. This works correctly; any client machine in the network picks up its IP address from the DHCP server, and all the network information is correctly populated. Client machines thus have their IP address, default gateway, router and DNS information correctly provided by the DHCP server on the XServe.

    From each client machine it looks like this:

    IP: 192.168.0.x
    Default Gateway: 255.255.255.0
    DNS: 192.168.0.2
    Router: 192.168.0.1

    The XServer is the DNS server at 192.168.0.2. As I say, each client machine is aware of this. There are no other DNS servers on the network. The information configured in the DNS settings on the XServe are as follows [obviously I've replaced the real names for security reasons]:

    I have a Primary Zone - charlieatlantic.lan

    The XServe is called 'server'. I have thus set a DNS record for 'server' within that Primary Zone so that it points to 192.168.0.2

    This automatically set up the reverse DNS, so that:

    server.charlieatlantic.lan points to 192.168.0.2

    If I open terminal, and type 'ping server.charlieatlantic.com', it resolves correctly to 192.168.0.2 and the pings return as they should.

    Then I have set up the DNS forwarders with the two DNS server addresses which were provided by the ISP. (btw I know these work correctly, as if I enter either of them (rather than the server at 192.168.0.2) as the DNS server address on any client machine they will resolve, for example, www.google.com, and I have internet access.)

    From what I can gather, and from all the setup guides I've looked at, I'm not doing anything wrong. However, I have two problems:

    1) Unreliability: if I ping server.charlieatlantic.lan either on the server, or on any client machine connected to the same network (and thus taking its information from the DHCP), I only intermittently have it resolve to 192.168.0.2. Sometimes it works, sometimes it does not.

    2) No internet domain name will resolve from either the XServe or any client machine. Both have their DNS servers set to the XServe 192.168.0.2

    It seems that the DNS forwarder addresses are not working correctly in DNS. I really want the XServe to be the sole DNS provider, and for the external DNS servers I have listed in the forwarder box to deal with anything for which the XServe is not authoritative. In other words, I want each client machine to have only 192.168.0.2 as its DNS server and to send, say, google.com to that machine which then sends that request out to the external DNS servers provided by my ISP.

    I know that I can tell DHCP to dish out more than one DNS server, and perhaps have all three listed. This, though, in my experience is unreliable and messy.

    Finally, not sure if this is relavent, but the hardware configuration is that each device is connected to a switch. So the router, XServe, and each client machine are connected in directly to a switch.

    Any ideas where I should start troubleshooting?

    Thanks!

    charlie
     
  2. DHagan4755 macrumors 6502a

    DHagan4755

    Joined:
    Jul 18, 2002
    Location:
    Massachusetts
    #2
    Have you typed

    nslookup charlieatlantic.lan

    or

    nslookup 192.168.0.2

    You can also try:

    dig -x 192.168.0.2

    or dig charlieatlantic.lan

    You should see NOERROR on both of those commands. If you see NXDOMAIN then the DNS is misconfigured. By the way, ping will only let your computer know that there's a device on the network responding to that IP address, not that its forward and reverse lookup is working correctly.
     
  3. charlieatlantic thread starter macrumors newbie

    Joined:
    Oct 4, 2009
    #3
    Hi there,

    Thank you for the response. Here is what I found when I followed your instructions. I'd appreciate some help deciphering it! (Incidentally, I can access the server from a client machine using the server.charlieatlantic.lan address in the 'Server Admin' tool. Not entirely sure if that is relevant, but thought I'd add it in.)

    Results of what you kindly suggested.

    nslookup charlieatlantic.lan

    server:~ root# server:~ root# nslookup charlieatlantic.lan
    -sh: server:~: command not found
    server:~ root# ;; Got recursion not available from 192.168.0.2, trying next server
    -sh: syntax error near unexpected token `;;'
    server:~ root# ;; Got recursion not available from 192.168.0.2, trying next server
    -sh: syntax error near unexpected token `;;'
    server:~ root# Server:
    .Trash/ .sh_history Documents/ Library/
    .forward Desktop/ Downloads/
    server:~ root# Server:192.168.0.1
    -sh: Server:192.168.0.1: command not found
    server:~ root# Address:192.168.0.1#53
    -sh: Address:192.168.0.1#53: command not found
    server:~ root#
    server:~ root# ** server can't find charlieatlantic.lan: NXDOMAIN

    nslookup 192.168.0.2

    server:~ root# nslookup 192.168.0.2
    ;; Got recursion not available from 192.168.0.2, trying next server
    ;; Got recursion not available from 192.168.0.2, trying next server
    Server: 192.168.0.1
    Address: 192.168.0.1#53

    ** server can't find 2.0.168.192.in-addr.arpa.: NXDOMAIN

    dig -x 192.168.0.2

    server:~ root# dig -x 192.168.0.2

    ; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 192.168.0.2
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49785
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;2.0.168.192.in-addr.arpa. IN PTR

    ;; ANSWER SECTION:
    2.0.168.192.in-addr.arpa. 10800 IN PTR server.charlieatlantic.lan.

    ;; AUTHORITY SECTION:
    0.168.192.in-addr.arpa. 10800 IN NS server.local.

    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.2#53(192.168.0.2)
    ;; WHEN: Sun Oct 4 17:33:51 2009
    ;; MSG SIZE rcvd: 105

    dig charlieatlantic.lan

    server:~ root# dig charlieatlantic.lan

    ; <<>> DiG 9.6.0-APPLE-P2 <<>> charlieatlantic.lan
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22520
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;charlieatlantic.lan. IN A

    ;; AUTHORITY SECTION:
    charlieatlantic.lan. 3600 IN SOA server.charlieatlantic.lan. admin.charlieatlantic.lan. 2009100312 86400 3600 604800 3600

    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.2#53(192.168.0.2)
    ;; WHEN: Sun Oct 4 17:34:42 2009
    ;; MSG SIZE rcvd: 83

    My existing DNS entries

    Here is what I have in DNS, verbatim. In ZONES:

    Name Type Value
    0.168.192.in-addr.arpa. Reverse Zone -
    192.168.0.2 Reverse Mapping server.charlieatlantic.com
    charlieatlantic.lan Primary Zone -
    server Machine 192.168.0.2

    and in SETTINGS:

    Acceptive recursive queries from the following networks:
    none

    Forwarder IP Addresses:
    158.152.1.58
    158.152.1.43
    192.168.0.1

    -

    Pings

    Finally, just to show you what I get if I ping..

    server:~ root# ping server.charlieatlantic.lan
    PING server.charlieatlantic.lan (192.168.0.2): 56 data bytes
    64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=0.033 ms

    server:~ root# ping 192.168.0.2
    PING 192.168.0.2 (192.168.0.2): 56 data bytes
    64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=0.038 ms

    -

    Thanks for your help!

    charlie
     
  4. DHagan4755 macrumors 6502a

    DHagan4755

    Joined:
    Jul 18, 2002
    Location:
    Massachusetts
    #4
    Pings are absolutely irrelevant for this problem.

    Remove the forwarder IPs. Save. Make sure the only DNS entry that your clients are getting from the server's DHCP scope is that of your DNS server (192.168.0.2). Make sure your DNS server only has its own address as DNS.
     
  5. charlieatlantic thread starter macrumors newbie

    Joined:
    Oct 4, 2009
    #5
    Thanks for your continued help.

    Until tomorrow I only have remote access. Having done this, what would my next move be? The internet connection will obviously disappear when I do this; it is only there currently because the DHCP server has the external DNS servers listed as well as 192.168.0.2, and I have configured the XServe to point to the external DNS servers in addition to itself. With the XServe as sole DNS provider for both itself and the clients, how should I grant the server and clients internet access?

    Sorry to jump ahead, but I fear if I do this I'll lose the remote (internet contingent) access and thus not be able to effect the next step!

    charlie
     
  6. charlieatlantic thread starter macrumors newbie

    Joined:
    Oct 4, 2009
    #6
    Is this issue intractable?

    Do I take it that this is issue is intractable?

    charlie
     
  7. Sweetfeld28 macrumors 65816

    Sweetfeld28

    Joined:
    Feb 10, 2003
    Location:
    Buckeye Country, O-H
    #7
    OpenDNS

    Free, and has walk through guides to help you set it up.
     
  8. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #8
    Which does nothing to assist in getting users to resolve using the internal DNS server(s). He might as well point at his ISP's DNS servers.

    OP, your configuration is messed up:

    You have server.charlieatlantic.com as the PTR record and server.local as the nameserver. Get the records straight, so that:

    For both zones (charlieatlantic.net and 0.168.192.in-addr.arpa):

    SOA = server.charlieatlantic.net
    NS = server.charlieatlantic.net

    In zone charlieatlantic.net:
    A record for server.charlieatlantic.net = 192.168.0.2

    In 0.168.192.in-addr.arpa:
    PTR record for 192.168.0.2 = server.charlieatlantic.net

    Note, any changes require you to restart the DNS service.

    You can leave the forwarders in there, and remove the ISP DNS servers from your IP configuration.
     
  9. jim.arrows macrumors regular

    Joined:
    Dec 11, 2006
    #9
    Turn RECURSION on

    The answer is in your test results, it's telling you that recursion is requested but not available. Where the config says "Allow recursion from the following networks" instead of "None" you need to add your LAN subnet to the config; so 192.168.0.0/24 needs to be allowed.

    You can also remove the 192.168.0.1 from your list of forwarders since you said 192.168.0.2 is the only DNS server on the network. You only forward to another DNS server, not to a router -- but that's not causing your problems, it's the recursion that's the issue.
     

Share This Page