Click here to return to the 'The .local domain and DNS issues' hint |
This is Post 1 of the series, and it concerns an interesting issue I worked recently. This will help in troubleshooting domain join scenarios during operating system deployment. The core issue is that a task sequence fails to join the machine to the domain during the Windows imaging process via Configuration Manager. Assessment:. Although Windows Server can operate in a workgroup (peer-to-peer) network, the product is intended to function in the context of an Active Directory Domain Services (AD DS) domain. I have a domain controller that I've just set up. As far as I can tell everything is working ok, but I don't seem to be able to join my machine to the domain. When I try, I get the following error: I have my DC is running DNS with a forward lookup for my router. In TCP/IP settings.
Today I was quickly testing out some config and needed to join a computer to my labs domain. So I booted up one DC and the machine in question however when I came to try to join it I got an error: I tried a research to no avail so I popped onto the DC and noticed the following error. But not the tricky part, how do I correlate (same userId, same sessionId) from domain.com to shop.domain.com honestly I am more concerned about both 'front-ends' sharing the same userId then the back-end, but maybe the back-end is needed as a 'AI user manager' or something to correlate things.
if you want still to use Rendezvous, choose an other local domain extension!
like .home or .myself ...
.local is reserved for Rendezvous usage, and you'll be sorry is it stop's working someday.
our entire network is based on this .local thing.
it's not a good solution just to change everything we run to .home etc
the windows admins don't see it as a solution... ;)
10.2 was an unpleasant surprise in this area... no more name resolution... :(
SOLUTION:
we just changed our LOCAL entries
in /etc/resolver/local
to list our local name servers and changed port to 53
seems to work again...
:)
matx
That's excellent! I wish I'd known about it before I'd renamed our domain. Where'd you find out about /etc/resolver/*?
And for the record, yes, this does break Rendezvous. I don't personally consider that a loss, but YMMV. Proceed with caution. ;-)
well, when 10.2 first came out and it broke our domain name resolution, we searched
hi and lo for a solution and found one on the apple discussion boards... someone had
figured this thing out (/etc/resolver/local). congrats to them. it works.
who needs rendezvous, not yet anyway.
Yes where did you find out about resolver? I never heard anything about it. Just checked mine and its says:
nameserver 224.0.0.251
port 5353
timeout 1
I don't know WHAT the heck that is....none of my info...
That's Rendezvous' 'Multicast DNS' information. Fortunately MDNS uses standard DNS queries, so replacing that info with your DNS server's ip and port 53 results in standard DNS queries being issued for the .local domain.
I tried dropping a foo.local file in that directory to see if subdomains would then resolve correctly, but it appears .local always gets processed first.
Not sure if this is related - but ever since upgrading to Jaguar I can no longer access my local machine via 'localhost'. I have a Linux box I have used for over a year with my DNS server and localhost has always worked for me. All the machines within my LAN or named with .lan conventions. If I want to access my local machine - I have to use the .lan defined name instead of localhost. I can watch it and see whats happening too - the local machine is querying the DNS server for a machine named 'localhost' and of course its not finding one.
Also - oddity in my /etc/hosts file - anyone have this also or can I get rid of it...
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
What is that last localhost entry for? I did not put it there - and it was not there before.
'::1 localhost' is the ipv6 version of 127.0.0.1, probably added by the network config tools
I have this entry in my /etc/hosts file too.
In addition, I have another DNS issue with Jaguar...
On my local network, I have my own DNS (Bind9) doing split horizon DNS (internal requests get results from one view, external requests get results from another view). In my Network PrefPane, I have my internal DNS listed first followed by two provided by my ISP. On a boot/restart everything works fine; my Mac gets DNS resolutions properly. But after the Mac goes to sleep, or sits for an extended period, it forgets about the internal DNS server and queries external servers. A re-apply in the Network PrefPane resolves the problem until the next time the Mac sleeps. No other non-Mac on my network has this problem (Win, Linux, *BSD).
Bizarre.
Out of curiousity, the next time your mac comes back from sleep, try running 'host some_machine your_mac' and see if you get a valid response. That should at least tell you if it's a bind/sleep issue, or an Apple resolver/sleep issue. My suspicion is that latter.
From playing around here, it looks like lookupd cycles throught the nameservers declared in /etc/resolv.conf until it finds one that works and then sticks with that nameserver until either it times out, or the modification date on /etc/resolv.conf is changed ('touch /etc/resolv.conf' as root is sufficient).
The host and nslookup commands, on the other hand, always start each query with the first server listed. That seems to be consistent with the resolv.conf man page. Yet another situation where 'ping foo' fails and 'host foo' succeeds.
So it looks like every time your system wakes from sleep, lookupd think its current nameserver choice has timed out and cycles to the next one. Since that server answers, you never get back to your internal server.
What I've done here is to setup a DNS cache machine which all the local machines use as their DNS server. The cache machine sends local queries to the local DNS server and everything else to my ISP's DNS servers. My resolv.conf only contains a single nameserver entry, so I've never hit this particular problem. Unfortunately I can't remember how to set this up in Bind (I switched to djbdns years ago), but it should be possible.
Hope this helps.
DNS servers are not ordered, have no priority. If you have more than one server, they must all present the same view of the DNS. This same issue arises with a VPN: you cannot have DNS servers that know about the VPN mixed with those that do not, or you will get inconsistent results.
Since I run a mixed network, I found it easier to add my Mac's address into my Winclones host file. That way everything resolves nicely without relying on the Mac being attached to the network.
This is easily one of the most boneheaded approaches to DNS I've seen from a vendor in a long while.
My experience with this is that 10.2 completely breaks hostnames like 'x.corporate.local', which is fundamentally wrong.
I have had to resort to mangling the /etc/resolver/local file to get my mac to access internal sites, which is a plain stupid thing for Apple to force its corporate customers to do.
Apple should realize that .local is a perfectly reasonable suffix for an internal LAN within a large organization, and that corporates actually USE it.
Check this out:
Mac OS X 10.3, 10.4: How to look up '.local' hostnames via both Bonjour and standard DNS
http://docs.info.apple.com/article.html?artnum=107800
Got this error message while working on domain server? This network error occurs when trying to join a computer to a domain. Unable to join to a domain even with the right domain name and network settings. This error occurs with Microsoft Windows 7, Windows 8, Windows XP, Windows Server 2003, 2008, 2012, and other Microsoft operating systems. Here is the one of the solutions that I used to get rid off this error message. Please follow the instruction below to fix.
01. Go to Windows Start Menu -> Run and then type cmd.
02. Type ipconfig/flushdns to reset.
03. Type ipconfig/registerdns to re-register.
04. Check if you still see that error message.
Hope this method helps you to resolve the problem. 🙂