DNS – Name Lookup Not Working After Snow Leopard Upgrade

domain-name-systemmac-osxssh

I think this started with the Snow Leopard update. Cleaned out the .ssh directory, still having the issue.

~: uname -a
Darwin california-example-com.local 10.0.0 Darwin Kernel Version 10.0.0: Fri Jul 31 22:47:34 PDT 2009; root:xnu-1456.1.25~1/RELEASE_I386 i386

~: ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009

~: ls -l ~/.ssh

~: nslookup nevada
Server:     10.94.62.3
Address:    10.94.62.3#53

Name:   nevada.example.com
Address: 10.94.62.3

~: ssh nevada
ssh: Could not resolve hostname nevada: nodename nor servname provided, or not known

Best Answer

I ran into the exact same problem and found a thread about a Mac mini having DNS issues on Apple's Discussions extremely helpful.

The crux of the issue: mDNSResponder seems to occasionally change the order of the DNS servers it queries and so if it queries your ISP's DNS servers first it won't get a proper record (or if you're using split DNS you'll get your public IP).

The best fix for this is to ensure (as you did) that only the required DNS servers are listed in your DNS settings. This may require removing the ISP DNS servers from your DHCP (as I had to do as well - all requests are forwarded through the local DNS server anyway).

The reason utilities like dig and nslookup will succeed as normal is they are using BIND and /etc/resolv.conf directly unlike the rest of the operating system.

For reference in Snow Leopard the DNS cache is now stored by mDNSResponder and in order to clear it you need to restart the process using sudo killall -HUP mDNSResponder. You can get more info (logging, dump internal state, etc.) by using different flags to the killall command.

"sudo killall -USR1 mDNSResponder" to enable operation logging.
"sudo killall -USR2 mDNSResponder" to enable packet logging.
"sudo killall -HUP mDNSResponder" to clear the DNS cache.
"sudo killall -INFO mDNSResponder" to dump mDNSRepsonder's internal state.

Source: Snoop Dogg on that same thread.

Related Solutions

DNS Reverse lookup not working

Okay you've said that direct queries against the NS are working and that it's your own ARIN assignment.

Assuming you haven't done so already, you will need to submit a request to ARIN to change the information that they hold for the assignment. Within this block of information are the nameservers delegated to handling reverse DNS for the netblock.

Once you have done this then hosts querying the root servers for ~xxx.in-addr.arpa will know to go to the RIR and then your own nameservers for the correct PTR information.

I can't give you the specific information about the ARIN change request. I'm trained on the other side of the pond and we do things slightly differently here ;)

SSH – Hangs Without Password Prompt, Works in Root or Other Accounts

The reason your ssh client hangs for your account but not for other accounts (root) is probably because there is something wrong with your ssh-agent. Either that the ssh-agent is not running or that its configuration is wrong in some way.

To have a confirmation of that, you can try the following:

unset SSH_AUTH_SOCK
ssh mylogin@myremoteserver.com

If you're then asked to input the pass phrase to your ssh_key it means you have an issue with your ssh-agent.

See also my post on this related question.

Best Answer

Related Solutions

DNS Reverse lookup not working

SSH – Hangs Without Password Prompt, Works in Root or Other Accounts

Related Topic