Issues with .local Domain Name Resolution

Discussion in 'OS X Yosemite (10.10)' started by kennethson, Oct 20, 2014.

  1. kennethson macrumors newbie

    Joined:
    Oct 10, 2014
    #1
    The (fairly large) institution where I work is mostly a Windows shop, and therefore uses Active Directory. Our AD domain uses .local TLD, so many servers are addresses using our internal DNS with only .local hostnames.

    Since upgrading to Yosemite, myself and others in IT who are Mac users have found that Yosemite's behavior with these domain names is odd, to say the least.

    With most applications (e.g. browsers, Finder Connect to Server, ping from Terminal) using an FQDN like host.example.local will fail with a DNS timeout, however using just the hostname (host) with the domain (example.local) in the search domains works like a champ.

    This is almost certainly because Yosemite is being more strict about following RFC 6762, which generally prohibits the use of the .local TLD for non-Multicast DNS (Bonjour) purposes.

    So far, we are at a loss for how to mitigate this issue. While the "correct" course of action is probably to move the AD domain to something like example.private, that is a non-started for an organization supporting 30k+ users with only a small number of Macs in play.

    Has anyone else run into an issue like this, and if so, have you found any solutions?
     
  2. blenderman17 macrumors newbie

    blenderman17

    Joined:
    Jan 16, 2009
    Location:
    Baton Rouge
    #2
    I'm having this exact issue, but I'm not even sure where to start with a solution. Our servers are all Windows based and our IT department is solely a Windows operation, so I'm on my own trying to figure it out. I tried various ways of reconfiguring the SMB connection, but none have worked.
     
  3. mrdrlove macrumors newbie

    Joined:
    Oct 20, 2014
    #3
    Hi kennethson,

    thanks for the details. I did not know about the reserved word local.

    Yes, we have exactly the same issue.
    Also thanks for your hint with using not the FQDN.

    But, I also did not found a solution. I have searched many hours with google and Co. but no success.

    Thanks god we are planning a redesign of our AD-Infrastructure, so I can try to talk to the colleagues to using something different.

    If I get any further information that might help, I will be back here.

    Thanks.
    Regards,
    mrdrlove
     
  4. KlytusLord macrumors regular

    Joined:
    Apr 11, 2011
    #4
    I have not been able to get any of our Yosemite machines to join our domain/active directory, and I am guessing it is because of the .local issues mentioned here.

    I have not figured out how to access our local websites via Safari on Yosemite either. For example, we use the following pattern:

    dev.domain.local
    stable.domain.local
    test.domain.local
    etc.

    replacing the domain with the host (dev.host.local) has not helped, so I don't know what else to try just to get this work.
     
  5. ern.st macrumors newbie

    Joined:
    Jan 6, 2012
    #5
    I found that it suddenly worked when I added our domain "uv.local" in Network Preferences -> Advanced -> DNS -> Search Domains.
    (This can also be configured on your DHCP server.)

    Then I could browse to server01.uv.local :)
     
  6. kennethson thread starter macrumors newbie

    Joined:
    Oct 10, 2014
    #6
    Can you get there using the FQDN (i.e. server01.uv.local) or by using just the hostname (i.e. server01)?

    We all have our local domain in our search domains, and using only the hostname is the only way we can access these servers.
     
  7. kennethson thread starter macrumors newbie

    Joined:
    Oct 10, 2014
    #7
    Hopefully it will help if I use some better examples here. Say you have the following servers:

    mywebserver.myprivatedomain.local
    myfileserver.myprivatedomain.local
    mydomaincontroller.myprivatedomain.local

    If you add myprivatedomain.local to your search domains (see ern.st's post above), you should be able to access those servers by simply using:

    mywebserver
    myfileserver
    mydomaincontroller

    At least, that's the behavior we're seeing here.
     
  8. ern.st macrumors newbie

    Joined:
    Jan 6, 2012
    #8
    Yup. See my attachment. Your DNS server will of course need a record for the server you're trying to reach.
    Code:
    itc-mac-ernst:Desktop admin$ nslookup uvprint02.uv.local
    Server:		10.8.252.101
    Address:	10.8.252.101#53
    
    Non-authoritative answer:
    Name:	uvprint02.uv.local
    Address: 10.20.0.128
     

    Attached Files:

  9. kennethson thread starter macrumors newbie

    Joined:
    Oct 10, 2014
    #9
    Our DNS server have the records (as we've used them with no problems until Yosemite).

    I wonder what you get when you run

    Code:
    sudo discoveryutil mdnsactivedirectory
    in the terminal. We were seeing

    Code:
    Not Doing Active Directory
    but after running

    Code:
    sudo discoveryutil mdnsactivedirectory yes
    and having the output change to

    Code:
    Doing Active Directory
    we're able to use our FQDNs again!
     
  10. ern.st macrumors newbie

    Joined:
    Jan 6, 2012
    #10
    We're getting
    Code:
    Doing Active Directory
    But we haven't done any sort of special configuration for this nor enabled it with the "yes" command.
     
  11. kennethson thread starter macrumors newbie

    Joined:
    Oct 10, 2014
    #11
    Are your machines bound to the AD domain (assuming that you are, in fact, using one)? The machines we were having issues with were not, and we did get some (questionable) reports of other groups in the institution not seeing the issues, but they almost certainly have their machines bound to the domain.
     
  12. h4ck macrumors regular

    Joined:
    May 26, 2006
    #12
    we're having issues resolving .local domains since updating to Yosemite too.

    have made no other changes, just upgraded to 10.10.1.
     

Share This Page