server stopped resolving dns for domain
I have a server that now refuses to resolve dns for the local domain (say xxx.local) Tcpdump shows no outgoing queries on port 53 for that domain. Nscd is not being used. Any other domain works just fine. So for example, I have a host called xxxdc1.xxx.local. Resolve.conf contains: search keech.local nameserver 192.168.0.235 "ping xxxdc1" does all the correct things (dns traffic visible, icmp responses). "ping xxxdc1.xxx.local" or "ping xxxdc1.xxx.local." does nothing. No dns traffic, just an eventual unknown host message. I can reboot the server tonight but I'm a bit suspicious that something else is going on. Any suggestions? Thanks James
I have a server that now refuses to resolve dns for the local domain (say xxx.local)
Tcpdump shows no outgoing queries on port 53 for that domain. Nscd is not being used. Any other domain works just fine.
So for example, I have a host called xxxdc1.xxx.local. Resolve.conf contains:
search keech.local nameserver 192.168.0.235
"ping xxxdc1" does all the correct things (dns traffic visible, icmp responses). "ping xxxdc1.xxx.local" or "ping xxxdc1.xxx.local." does nothing. No dns traffic, just an eventual unknown host message.
I can reboot the server tonight but I'm a bit suspicious that something else is going on.
Nevermind. I did an strace on ping and it's using something called avahi which is an mdns library/daemon which appears to have been installed with cups. Removed that and all the problems went away! James
.local is a reserved domain under mdns. http://en.wikipedia.org/wiki/Multicast_DNS You will have problems if you try to do a search under .local using a standard install of Ubuntu, Mac OS X, etc. These come installed with mdns as a standard feature. I ended up using .pri instead of .local on my home network for this reason.
.local is a reserved domain under mdns.
http://en.wikipedia.org/wiki/Multicast_DNS
You will have problems if you try to do a search under .local using a standard install of Ubuntu, Mac OS X, etc. These come installed with mdns as a standard feature.
I ended up using .pri instead of .local on my home network for this reason.
Ah. Thanks for that. It's a Microsoft domain and Microsoft loves .local. I'll have to set some packet sniffers running for mdns because I don't want it running anywhere. Thanks again James
James Harper <james.harper@bendigoit.com.au> writes:
I have a server that now refuses to resolve dns for the local domain (say xxx.local)
Knee-jerk reaction: .local is reserved for mDNS/DNS-SD crap, and GUI systems can get confused if you use it. Recommend .lan instead.
trentbuck@gmail.com (Trent W. Buck) writes:
James Harper <james.harper@bendigoit.com.au> writes:
I have a server that now refuses to resolve dns for the local domain (say xxx.local)
Knee-jerk reaction: .local is reserved for mDNS/DNS-SD crap, and GUI systems can get confused if you use it. Recommend .lan instead.
Apologies, I should have read the rest of the thread and seen this was already covered. But it does make me wonder -- what *is* the best practice for dealing with an AD-managed domain? Assume that AD is entrenched, you can't replace it with samba4, and it's (presumably) extremely nontrivial to change it to a different local domain, what do you do? The least worst solution I can think of is to ensure mdns/dnssd stuff is either not installed, or at least not in nsswitch.conf. That seems awfully prone to unexpected failure, though, as the OP showed.
Quoting Trent W. Buck (trentbuck@gmail.com):
Knee-jerk reaction: .local is reserved for mDNS/DNS-SD crap, and GUI systems can get confused if you use it. Recommend .lan instead.
Locally, I like to use invalid. for local-only DNS domains. All IETF-reserved TLDs: 'example.', 'invalid.', 'localhost.', and 'test.'. Those are guaranteed to _never_ crop up in any even vaguely standards-compliant software. I try to stay in the habit of putting the root dot at the end of FQDNs. That way, they're always valid and correct for use in arbitrary software including dig and host. Example: http://linuxmafia.com/pipermail/conspire/2013-March/007510.html
Rick Moen <rick@linuxmafia.com> writes:
Quoting Trent W. Buck (trentbuck@gmail.com):
Knee-jerk reaction: .local is reserved for mDNS/DNS-SD crap, and GUI systems can get confused if you use it. Recommend .lan instead.
Locally, I like to use invalid. for local-only DNS domains. All IETF-reserved TLDs: 'example.', 'invalid.', 'localhost.', and 'test.'. Those are guaranteed to _never_ crop up in any even vaguely standards-compliant software.
Ah, thanks for reminding me -- I had forgotten I started using .invalid at home a couple of years ago.
participants (4)
-
Brian May -
James Harper -
Rick Moen -
trentbuck@gmail.com