Strange DNS lookup problems
 

I experience strange DNS lookup failures with my 10.2.6 box.

I've set up a Debian Linux box as our router/firewall. Before that we had a hardware router/firewall with which I had no problems.

The problem is sometimes a domain works, sometimes I get an immediate "server not found". The same domains work from all of our windows boxes using the same router and the same name servers. So this can't be an issue with the linux box, right?
If I do a manual domain lookup there's no problem and I can reach the hosts via their IP adresses. It doesn't matter which browser I use, and the same things happen with Mail and Sherlock. I really have no explanation for this bahaviour. Maybe someone else has?

Why don't you try doing a dump on the network when such an event occurs. Maybe you can determine what is happening from looking at the actual communication with the boot server. What configuration are you using, DHCP or static IP? Does this problem occur momentarily or does it last? Could it be a problem with the browser? If you are using IE, try using Safari to see if the same behaviour is experienced.
AtomicTuesday

You mean tcpdump? I tried to but I think I don't have enough geek genes to really understand that. You might ask why I try to setup a firewall then, but hey, everyone has to start somewhere.

We use static IP adresses. 192.168.1.0/24.

The problem lasts, but it's always different. Sometimes I can't connect to e.g. macosxhints.com while I can connect to versiontracker.com. Sometimes it's the exact opposite. Or I can open all my Mac links in tabs and they all work. I try this with all my Linux links and 75% of them don't work. Then again, let's say ten minutes later, it's the other way round (is that correct english?).

It doesn't matter which browser I use. Normally I use Safari but I also tried Mozilla, Explorer, OmniWeb, Opera. And as I said, it also happens in Mail and Sherlock.

Maybe this is something for a linux forum?

dnstracer
 

You could try the 'dnstracer' utility, which is available via fink. Using it, especially with the "-v" option, might tell you what is happening when the DNS is failing.

It sounds to me like certain DNS queries are not getting past your Linux router for some reason.

I tried dnstracer but it gives me nothing but stars. Am I a complete idiot?

What I can understand from tcpdump is that the name server gets queried and I get an answer. But that's all I can understand.

Sounds the same to me, but why are they getting through from our windows boxes? How do the DNS queries differ when made from a windows box? I hate things working on our windows boxes not working on our Macs.

I don't know why it would do that but it might be an indication of failure. Does that happen all the time or only when your Mac is having DNS problems?

Here's what it gives on my system:
First off, are you sure that your Windows boxes aren't just using previously cached results from the DNS server?

Try doing a 'traceroute' to your DNS server to see if the basic nectwork connectivity is there. (You siad that you see a reponse from the DNS server whne using tcpdump, so it seems like this is not the issue, but mybe worth doing anyway.)

Try doing 'nslookup www.macosxhints.com' (or whatever other machine you are having trouble in getting DNS lookup for)
Try the same thing from your Window boxes (nslookup should exist on Windows NT & XP, for others you may have to download it)

This happens all the time and it doesn't matter if I try a host that's currently working or one which doesn't.
Also the problems are there all the time but always with different hosts.
I tried dnstracer on my Mac as well as on the firewall itself. Both with the same results. So I think the firewall is blocking some outgoing traffic that prevents dnstracer from working. I'll try to figure out what that is.
I'm quite sure, since I tried this mostly with mac related sites of which I know the windows user is surfing to.

I'll try the suggested nslookups and traceroutes tomorrow because I'm not at work anymore now :) .

Thanks for your help.

Make sure the firewall is configured to allow UDP 53 from the DNS servers to pass..

olealf, are you saying that this behaviour is experienced in a single machine, while the other macs do not? I suggested doing a dump on the network since it could help us in determining what is going on. You can most probably get a free packet sniffer for windows from versiontracker.com. With it do a dump on the windows machine interface. Bring the output here. As well, do a dump for a mac which is experiencing the said behaviour, and bring that here also. Then we can examine what is happening. DNS is really composed of very few steps. The machine making the request, and the DNS server responding to the request. Of course, that DNS server may need to make its own requests to a higher level DNS server when it does not have a specific URL in its database. Maybe the errors are occuring at this stage.
Tuesday

My suggestion is to try and debug this from the linux box and capture the inbound traffic from the mac and the outbound traffic on the internet side.

See: http://www.linuxjournal.com/article.php?sid=6446

for a pretty good explanation of how to use tcpdump. It's best to filter the traffic for that host only so:

tcpdump -i <your LAN Interface> -nn host <IP address of MAC> and port 53 -w mac.log


tcpdump -i <your ISP interface on Linux>> -nn host <IP address of MAC> and port 53 -w ISP.log


Note the filtering on host and port. If you don't see much, then remove the port filter. Also, 2 log files are written, one for each interface on the linux box. Name doesn't matter as long as unique and identifiable.

If you can put a pointer to these files via web, some of us can look at them to see if there are any clues.

network issues like this are nearly impossible to debug without adequate data and we end up guessing. remember Gene Krantz's statement to flight controllers when Apollo 13 had that explosion: "Work the problem people... don't make it worse by guessing"...:).

I just remembered. If you have NAT enabled, the IP address on the outbound side will not be the Mac's, so just filter on port 53.

sorry for the confusion.

Did I say this is strange? I came to work today and the problem seems to have disappeared :confused:. So I cannnot recreate the problem anymore. All hosts seem to work.
I had this problem for four days now and I didn't change any configuration on both machines neither yesterday nor today. I didn't even reboot. Maybe posting here cures things magically?
Anyway for this afternoon we hired a Linux geek. Maybe he can tell what's going on. I'll post here what he finds out.
Also I'll do the tcpdumps as soon as the problem reappears.

If this wasn't the case, wouldn't that mean that all DNS queries fail?

dgovoni, I posted my reply before reading yours.
No problem, I think I can't be more confused than I am already.

They should yes, but if your firewall is flaky or your rulesets poor, possibly not. It could be that your primary/secondary DNS were flaky, & someone finally noticed & restarted bind (or the machine).

Ah, now that you said that, I remember two weeks ago our provider's DNS had serious problems. They said they were solved, but...

Okay, it's back again. I just could do a tcpdump while I couldn't reach www.oreillynet.com.
Here's what it gives me on my Mac: Bad thing is I can't do it on one of our windows boxes right now, cause these machines are used by my boss. He's not here right now, so I can't just install something on one of his boxes while he's away...

Another one with www.deskmod.com:

The linux geek was were, replaced my firewall config with his own and the problem remains. Now I at least know that my firewall config wasn't that bad but still no solution... Archive and install time?

Check you network port configuration on the mac and make sure built in ethernet is first in the list or the port you are using is first.
Maybe create a new location on the mac and see if that helps.

Ethernet is first and the only one.

Created a new location to no avail.

Thanks for all your help here.

And the Risk of asking about the simplest and non DNS
 

RE: And the Risk of asking about the simplest and non DNS...

Did you try swappping IPs with one of the Windows boxes (known working bet access).

Although Both Mac and PC are capable of on the Fly Ip changes (sake of argument reboot both).

*If I had to take a guess you have a system out their that scummed your Macs Ip Address.

There of course could be better more DNS oriented explanations but until you elimate the IP as a possible issue, or it could be like banging your head against a wall.

I think you can go to the port configuration and uncheck the ethernet port then apply changes then check it and apply the changes again. This will turn the ethernet off and then on again and it should get a new dhcp lease. Simmilar to the ipconfig /renew in windows. That might keep you from having to restart the whole machine.

Have you tried entering the dns servers manually on the mac, under the network prefs? It could possibly be the setup of the dhcp server on the linux box. Check your /etc/dhcpd.conf file and make sure your dns servers are entered correctly. There should be a line like this one.

option domain-name-servers 0.0.0.0, 0.0.0.0;

where 0.0.0.0 is one of your dns servers. By entering them directly into the network prefs it won't matter if the dhcpd on the linux box is correct. I have a linux gateway setup and I had the same problem now that I think about it. It uses a program called dnsmasq which if I understand right it acts like a dns server by caching dns requests, if it doesn't know the answer it forwards it to the real dns server, but I always had trouble with my macs until I added the line option domain-name-servers to the dhcpd.conf file on the linux box, or manually entered the dns servers on each of my macs.

When you have the problem on your mac go to the terminal and type cat /etc/resolv.conf to see if the dns servers are listed in that file, they should be there.

anthlover:

I didn't swap IPs yet, but that might indeed be worth a try. I'm not quite sure if I understand what you mean by that. You mean another system in our network interfering with my system? The possibility of that would be very small since I also had the problems with only one other system up (beside the Linux box of course). This is our Filemaker Server which is also using TCP/IP and with which I can communicate without any problem. So I'm still guessing this is a DNS issue. I remember once having read about problems with the way Mac OS X is doing its DNS queries but I couldn't find it.

keithcal:

We use static IPs and I think anthlover adviced me to reboot just to be sure although it should be the same as deactivating and activating the interface.

Hey kethcal, editing your post while I'm answering is confusing... ;-)

The linux router doesn't provide any DHCP services (yet).
I already checked /etc/resolve.conf. Looks just fine.

If you do an nslookup on the same machine for an (name) address that you cannot connect to from your web-brower, do you get an address or is the address unknown?

And have you flushed your arp cache?

As I said, manual lookups work fine AND I can reach the domains via their IPs.

I didn't flush my arp cache and I don't know how to do that.

*If I had to take a guess you have a system out their that scummed your Macs Ip Address

I think he means that you might have 2 computers with the same ip address on your network, which could create a lot of problems.

sorry about the edit i got interupted a few times and then remembered a few things

No, this is not the case and no problem with your editing.

Is it just one mac having the problem?

Yes, but the other Macs run Mac OS 9.2.2.

Have you tried setting up another user account to see if possibly one of the prefs files are corrupt?

Good idea. I should have already tried that as one of my first steps... will check it out on monday.

Just out of curiosity, is the "DNS Servers" field in your Network Settings on your OSX box set to the the IP address of your router/firewall? If not, I suggest you try putting your router/firewall IP address in the "DNS Servers" field. That might should solve your problem.

Just to keep you up to date:

Creating a new user didn't work.

I also tried the router as my DNS which didn't work at all.

My arp cache had only 2 entries. One obsolete which I flushed and a correct one for our linux router which I didn't flush. Should I?

Strange DNS lookup problems
 

I'm experiencing the same DNS problems on different MacOSX 10.3.3, but the same problem was on the previous releases (since 10.1).
When I'm trying to load one page in any browser, the first attempt fails while the second goes fine.
The problem appears only the first time I access one site. It seems as the timeout of the resolver is too short.
Watching with tcpdump I've found that the right IP is retrieved after 5 seconds, while the browser has already given the error.
If I retry to reload the page a second time there's no error since the IP is in the local DNS cache and the resolving process is a lot faster.

If I use a different Operating System on the same network there's no problem.

My local DNS is set to make recursive query starting from ROOT servers.
The file named.ca (containing addresses of root servers) is up to date.
I've tried also to set up a DNS which make query to our ISP provider, but the result is the same.

I'm looking for some settings to extend the timeout of the local resolver, but I didn't find any.
It seems there's not such option looking at "man resolver".

Have you, Olaf, resolved your problem?

Thanks!

No, I did a complete reinstall of my system and everything went fine again (frustrating).

Also, I think you have a different problem (beside the strangeness). If I remember correctly, my DNS queries went fast but wrong (host not found). So no timeout issue.

Maybe you have a general network issue. Are local network services running fine?

Good luck.

I've made some tests using tcpdump.

In the first I'm loading from a browser the page www.direzione.it on a host named skinner. The DNS (BIND 9.2.2) is on the server itchy and both are on the same domain pc.ibn. Both have Mac OS X 10.3.3.
From the browser I get the error. I think the problem is from the lookup request www.direzione.it.pc.ibn made just after 3 seconds, while the right resolution of www.direzione.it ended 4 seconds after the first request.

10:32:44.186194 IP skinner.pc.ibn.58526 > itchy.pc.ibn.domain: 23276+ A? www.direzione.it. (34)
10:32:44.891146 IP skinner.pc.ibn.58526 > itchy.pc.ibn.domain: 23276+ A? www.direzione.it. (34)
10:32:45.596308 IP skinner.pc.ibn.58526 > itchy.pc.ibn.domain: 23276+ A? www.direzione.it. (34)
10:32:46.301386 IP skinner.pc.ibn.58526 > itchy.pc.ibn.domain: 23276+ A? www.direzione.it. (34)
10:32:47.006632 IP skinner.pc.ibn.58527 > itchy.pc.ibn.domain: 60276+ A? www.direzione.it.pc.ibn. (41)
10:32:47.007236 IP itchy.pc.ibn.domain > skinner.pc.ibn.58527: 60276 NXDomain* 0/1/0 (88)
10:32:47.017220 IP skinner.pc.ibn.58528 > itchy.pc.ibn.domain: 26358+ A? www.direzione.it. (34)
10:32:47.722339 IP skinner.pc.ibn.58528 > itchy.pc.ibn.domain: 26358+ A? www.direzione.it. (34)
10:32:48.355875 IP itchy.pc.ibn.domain > skinner.pc.ibn.58526: 23276 2/2/0 CNAME direzione.it., A h217-220-37-123.albacom.net (122)
10:32:48.356118 IP itchy.pc.ibn.domain > skinner.pc.ibn.58526: 23276 2/2/0 CNAME direzione.it., A h217-220-37-123.albacom.net (122)
10:32:48.356252 IP itchy.pc.ibn.domain > skinner.pc.ibn.58526: 23276 2/2/0 CNAME direzione.it., A h217-220-37-123.albacom.net (122)
10:32:48.356351 IP itchy.pc.ibn.domain > skinner.pc.ibn.58526: 23276 2/2/0 CNAME direzione.it., A h217-220-37-123.albacom.net (122)
10:32:48.356513 IP itchy.pc.ibn.domain > skinner.pc.ibn.58528: 26358 2/2/0 CNAME direzione.it., A h217-220-37-123.albacom.net (122)
10:32:48.356841 IP itchy.pc.ibn.domain > skinner.pc.ibn.58528: 26358 2/2/0 CNAME direzione.it., A h217-220-37-123.albacom.net (122)
10:32:48.357326 IP skinner.pc.ibn.58529 > itchy.pc.ibn.domain: 55820+ AAAA? www.direzione.it. (34)
10:32:48.424937 IP itchy.pc.ibn.domain > skinner.pc.ibn.58529: 55820 1/1/0 CNAME direzione.it. (116)
10:33:04.762767 IP skinner.pc.ibn.58530 > itchy.pc.ibn.domain: 2815+ A? itchy.pc.ibn. (30)
10:33:04.763116 IP itchy.pc.ibn.domain > skinner.pc.ibn.58530: 2815* 1/3/2 A itchy.pc.ibn (136)
10:33:04.779614 IP skinner.pc.ibn.58531 > itchy.pc.ibn.domain: 13152+ AAAA? itchy.pc.ibn. (30)
10:33:04.779846 IP itchy.pc.ibn.domain > skinner.pc.ibn.58531: 13152* 0/1/0 (71)


In the second test I used a PC with Windows XP as the host client, xp-sistemisti. I load www.comune.trieste.it. The resolution lasted more than 6 seconds, but the page loaded correctly.

10:56:40.253811 IP xp-sistemisti.pc.ibn.optima-vnet > itchy.pc.ibn.domain: 52+ A? www.comune.trieste.it. (39)
10:56:41.247560 IP xp-sistemisti.pc.ibn.optima-vnet > itchy.pc.ibn.domain: 52+ A? www.comune.trieste.it. (39)
10:56:42.248373 IP xp-sistemisti.pc.ibn.optima-vnet > itchy.pc.ibn.domain: 52+ A? www.comune.trieste.it. (39)
10:56:44.251174 IP xp-sistemisti.pc.ibn.optima-vnet > itchy.pc.ibn.domain: 52+ A? www.comune.trieste.it. (39)
10:56:46.579730 IP itchy.pc.ibn.domain > xp-sistemisti.pc.ibn.optima-vnet: 52 1/2/0 A 195.120.252.3 (110)
10:56:46.579848 IP itchy.pc.ibn.domain > xp-sistemisti.pc.ibn.optima-vnet: 52 1/2/0 A 195.120.252.3 (110)
10:56:46.579936 IP itchy.pc.ibn.domain > xp-sistemisti.pc.ibn.optima-vnet: 52 1/2/0 A 195.120.252.3 (110)
10:56:46.580021 IP itchy.pc.ibn.domain > xp-sistemisti.pc.ibn.optima-vnet: 52 1/2/0 A 195.120.252.3 (110)
10:56:47.032921 IP xp-sistemisti.pc.ibn.optima-vnet > itchy.pc.ibn.domain: 53+ A? www.retecivica.trieste.it. (43)
10:56:48.025720 IP xp-sistemisti.pc.ibn.optima-vnet > itchy.pc.ibn.domain: 53+ A? www.retecivica.trieste.it. (43)
10:56:49.027109 IP xp-sistemisti.pc.ibn.optima-vnet > itchy.pc.ibn.domain: 53+ A? www.retecivica.trieste.it. (43)
10:56:49.122807 IP itchy.pc.ibn.domain > xp-sistemisti.pc.ibn.optima-vnet: 53 1/2/0 A server3-mediatechnologies.it.net (115)
10:56:49.122924 IP itchy.pc.ibn.domain > xp-sistemisti.pc.ibn.optima-vnet: 53 1/2/0 A server3-mediatechnologies.it.net (115)
10:56:49.123011 IP itchy.pc.ibn.domain > xp-sistemisti.pc.ibn.optima-vnet: 53 1/2/0 A server3-mediatechnologies.it.net (115)


If I use nslookup to make query from the command line of skinner (the mac host) the resolution is always correct.

This problem outlined above arises only if the resolution is a bit slow, more than 3 seconds I suppose. The DNS on itchy is configured to have recursion true and no forwarding.
Using our ISP DNS as forwarder, the problem seems to disappear just because most of lookup requests are faster than 3 seconds. But the problem still exists! I've made a lot of tries to find a domain not in the cache of our ISP DNS, but still the error is here.
The link is www.leo.ru. The DNS is on server luke.

10:51:31.167678 skinner.pc.ibn.58864 > luke.srv.ibn.domain: 60110+ A? www.leo.ru. (28)
10:51:31.872757 skinner.pc.ibn.58864 > luke.srv.ibn.domain: 60110+ A? www.leo.ru. (28)
10:51:32.577880 skinner.pc.ibn.58864 > luke.srv.ibn.domain: 60110+ A? www.leo.ru. (28)
10:51:33.283006 skinner.pc.ibn.58864 > luke.srv.ibn.domain: 60110+ A? www.leo.ru. (28)
10:51:33.988311 skinner.pc.ibn.58865 > luke.srv.ibn.domain: 42405+ A? www.leo.ru.pc.ibn. (35)
10:51:33.988882 luke.srv.ibn.domain > skinner.pc.ibn.58865: 42405 NXDomain* 0/1/0 (82) (DF)
10:51:33.997389 skinner.pc.ibn.58866 > luke.srv.ibn.domain: 51331+ A? www.leo.ru. (28)
10:51:34.702504 skinner.pc.ibn.58866 > luke.srv.ibn.domain: 51331+ A? www.leo.ru. (28)
10:51:35.407703 skinner.pc.ibn.58866 > luke.srv.ibn.domain: 51331+ A? www.leo.ru. (28)
10:51:36.112843 skinner.pc.ibn.58866 > luke.srv.ibn.domain: 51331+ A? www.leo.ru. (28)
10:51:36.818294 skinner.pc.ibn.58867 > luke.srv.ibn.domain: 64162+ A? www.leo.ru.pc.ibn. (35)
10:51:36.819250 luke.srv.ibn.domain > skinner.pc.ibn.58867: 64162 NXDomain* 0/1/0 (82) (DF)
10:51:36.819867 skinner.pc.ibn.58868 > luke.srv.ibn.domain: 27984+ AAAA? www.leo.ru. (28)
10:51:37.524977 skinner.pc.ibn.58868 > luke.srv.ibn.domain: 27984+ AAAA? www.leo.ru. (28)
10:51:38.230081 skinner.pc.ibn.58868 > luke.srv.ibn.domain: 27984+ AAAA? www.leo.ru. (28)
10:51:38.935210 skinner.pc.ibn.58868 > luke.srv.ibn.domain: 27984+ AAAA? www.leo.ru. (28)
10:51:39.640475 skinner.pc.ibn.58869 > luke.srv.ibn.domain: 11970+ AAAA? www.leo.ru.pc.ibn. (35)
10:51:39.641021 luke.srv.ibn.domain > skinner.pc.ibn.58869: 11970 NXDomain* 0/1/0 (82) (DF)
10:51:40.825388 luke.srv.ibn.domain > skinner.pc.ibn.58864: 60110 1/2/0 A master.chemforum.ru (108) (DF)
10:51:40.825555 luke.srv.ibn.domain > skinner.pc.ibn.58864: 60110 1/2/0 A master.chemforum.ru (108) (DF)
10:51:40.825700 luke.srv.ibn.domain > skinner.pc.ibn.58864: 60110 1/2/0 A master.chemforum.ru (108) (DF)
10:51:40.825911 luke.srv.ibn.domain > skinner.pc.ibn.58864: 60110 1/2/0 A master.chemforum.ru (108) (DF)
10:51:40.826052 luke.srv.ibn.domain > skinner.pc.ibn.58866: 51331 1/2/0 A master.chemforum.ru (108) (DF)
10:51:40.826186 luke.srv.ibn.domain > skinner.pc.ibn.58866: 51331 1/2/0 A master.chemforum.ru (108) (DF)
10:51:40.826318 luke.srv.ibn.domain > skinner.pc.ibn.58866: 51331 1/2/0 A master.chemforum.ru (108) (DF)
10:51:40.826506 luke.srv.ibn.domain > skinner.pc.ibn.58866: 51331 1/2/0 A master.chemforum.ru (108) (DF)

Is there any way to force the local resolver not to do the query with the local domain attached?
My /etc/resolv.conf now contains just:
nameserver 192.168.0.2

The DHCP server gave me the domain pc.ibn.
I dropped it from DHCP and the lookup queries to www.direzione.it.pc.ibn. disappeared, but if the process lasts more than 3 seconds the browser gives me an error.

Where can I set the resolver timeout?

Not much help I know, but I've got the same symptoms under X 10.3.2. I have a router/firewall built into my DSL modem, with DNS abilities and perhaps thats is causing extra delays? Regardless, its certainly very annoying!

I thought I had the problem licked when I lowered my MTU. At the time that I did this it seemed to help with pages timing out (some page items were not loading). Now if a page is not doing anything with a few seconds, I have to give it a hurry up.... a fix would most welcome!

not that it's much help either, but i experienced exactly the same thing when setting up a network for a friend...

a powermac g4 and a laptop running xp are both set up to access the internet through a third party wlan DHCP router (t-online crap).. the laptop manages without any promlems, the mac occasionally fails, but instantly manages to load the page on a second try... i tried new DNS servers, static or dynamic IPs and a lot of voodoo, to no avail...

also the g4 looses the connection on sleep-wake and only gets it back by changing settings, but that seems to be a widespread issue with airport.

++ christoph ++

Strange DNS lookup problems
 

I hoped to get something looking at lookupd. That's the responsable of resolving dns query, but it seems to have a timeout of 30 seconds:

skinner:~ root# lookupd -configuration
ConfigSource: default
LookupOrder: Cache NI DS
MaxIdleServers: 4
MaxIdleThreads: 2
MaxThreads: 64
TimeToLive: 43200
Timeout: 30
ValidateCache: YES
ValidationLatency: 15
_config_name: Global Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Host Configuration

LookupOrder: Cache FF NI DS
_config_name: Service Configuration

LookupOrder: Cache FF NI DS
_config_name: Protocol Configuration

LookupOrder: Cache FF NI DS
_config_name: Rpc Configuration

TimeToLive: 60
ValidateCache: NO
_config_name: Group Configuration

TimeToLive: 300
ValidateCache: NO
_config_name: Initgroup Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Network Configuration


It's possible to change the Timeout parameters (see man lookupd) creating a file /etc/lookupd/global with just a line:
Timeout 10

Then you have the kill the running process lookupd. It restart by itself.
Just look with lookupd -configuration to see if the parameter has changed.

Sorry I couldn't test it, since my network and dns now is fast.

Slow DNS lookups on Mac OS X
 

I've had this problem on several different macs in my soho net. It came down to being across a slow-ish bursty (Satellite IP) Internet connection.

Every first DNS lookup takes longer than one second. Then the response comes back, and if I try to reload the page a second time, it's gets the IP immediately and loads normally. While I could tolerate this behavior, it was annoying.

After reading this thread, I went and found /etc/resolver/local

$ cat /etc/resolver/local | grep timeout
timeout 1
$

I then edited the file and changed the timeout:
timeout 10

And now DNS lookups take a better pause to accomodate a slow WAN link on mac os x.

Slow DNS lookups on Mac OS X
 

I've tried to raise the timeout value in /etc/resolver/local, but it seems not to go better. Maybe I need more testing.

I've found another workaround. I duplicated the nameserver line in /etc/resolv.conf, so the query to dns is sent more than once.

domain pc.ibn
search srv.ibn pc.ibn
nameserver 192.168.0.2
nameserver 192.168.0.2
nameserver 192.168.0.2

With just one line the error answer come out after 2-3 seconds. With 2 lines the timeout become 5-6 seconds and so on.

Thanks, folks! That was the answer I've been looking for about changing the timeout value. Only I think the place to make the change would be:

/etc/lookupd/agents/DNSAgent/global

based on the lookupd man page. This file and much of that path don't exist in the default configuration. Also, the default value is supposedly 30 seconds, so setting a timeout value >30 would be the thing to try.

I believe the "/etc/resolver/local" mentioned above (with the 1 second timeout) is meant for Rendezvous lookups in the .local domain, so in general I wouldn't expect it to affect Internet lookups.


edit - I set a timeout value of 60, and restarted successfully. Since I haven't experienced much in the way of timeout troubles anyway, perhaps someone who is would be willing to try this?

It works for me with some modifications
 

I created /etc/lookupd/agents/DNSAgent and wrote a file called global in there that contains one line: Timeout 60

Here is my lookupd -configuration:
ConfigSource: file://etc/lookupd
LookupOrder: Cache NI DS
MaxIdleServers: 4
MaxIdleThreads: 2
MaxThreads: 64
TimeToLive: 43200
Timeout: 30
ValidateCache: YES
ValidationLatency: 15
_config_name: Global Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Host Configuration

LookupOrder: Cache FF NI DS
_config_name: Service Configuration

LookupOrder: Cache FF NI DS
_config_name: Protocol Configuration

LookupOrder: Cache FF NI DS
_config_name: Rpc Configuration

TimeToLive: 60
ValidateCache: NO
_config_name: Group Configuration

TimeToLive: 300
ValidateCache: NO
_config_name: Initgroup Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Network Configuration

Timeout: 60
_config_name: DNSAgent Configuration

As you can see from the last line, the new config is being read - but I still timeout on URL's that are not cached and even sometimes on known URL's that are experiencing some weird latency.

I tried putting a global file with the same contents at /etc/lookupd and my config looks like this:

ConfigSource: file://etc/lookupd
LookupOrder: Cache NI DS
MaxIdleServers: 4
MaxIdleThreads: 2
MaxThreads: 64
TimeToLive: 43200
Timeout: 60
ValidateCache: YES
ValidationLatency: 15
_config_name: Global Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Host Configuration

LookupOrder: Cache FF NI DS
_config_name: Service Configuration

LookupOrder: Cache FF NI DS
_config_name: Protocol Configuration

LookupOrder: Cache FF NI DS
_config_name: Rpc Configuration

TimeToLive: 60
ValidateCache: NO
_config_name: Group Configuration

TimeToLive: 300
ValidateCache: NO
_config_name: Initgroup Configuration

LookupOrder: Cache FF DNS NI DS
_config_name: Network Configuration

Timeout: 60
_config_name: DNSAgent Configuration

and it worked. So maybe that is a better path.?

**Just a note: my particular situation is that I am three hops away from my DNS server. When I am at home, where I am only one hop away I never have this issue.**

There was a hint that I have not been able to locate quickly, suggesting that IPv6 issues are responsible for the lookups taking so long. Several people have fixed the problem by disabling IPv6 in /etc/hostconfig. The hint refered to this page:
http://www.codepoetry.net/archives/2...bledip_dns.php. I have yet to reboot to see if it fixes the problem.

I am having the same problems using the middle click on my mouse to open new tabs, i hope they fix this soon.

http://docs.info.apple.com/article.html?artnum=106799
 

This is what I found on the Apple Website. http://docs.info.apple.com/article.html?artnum=106799

I changed the DNS server as specified (checked an windows machine to find the DNS servers). Since then I do not have internet issues anymore.

Interestingly, I just unplugged my ethernet connection to my netgear firewall/router and plugged ny G4 running 10.3.5 directly into my router and was able to access sites that were previously not reachable. So obviously the router and 10.3.5 are mixing well. Also, 10.3.7 apparently fixes this issue but at the loss of quartz extreme in older macs.