DNS on OSX Lion

Question

I run a OSX Server (10.6) that runs a DNS server supporting several domains (A records, MX). All went smooth until two days ago, when I stopped receiving emails.

I didn't change anything to the server's configuration. I just don't know why this is. I pasted the DNS logs, hope this helps.

I just restarted the server but nothing changed. Please ask questions and I'll try to answer to the best of my knowledge.

Thanks!

08-Feb-2013 13:03:59.331 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 192.203.230.10#53
08-Feb-2013 13:03:59.333 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 192.58.128.30#53
08-Feb-2013 13:03:59.335 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 193.0.14.129#53
08-Feb-2013 13:03:59.337 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 192.5.5.241#53
08-Feb-2013 13:03:59.340 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 192.112.36.4#53
08-Feb-2013 13:03:59.342 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 198.41.0.4#53
08-Feb-2013 13:03:59.347 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 202.12.27.33#53
08-Feb-2013 13:03:59.349 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 199.7.83.42#53
08-Feb-2013 13:03:59.351 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 192.228.79.201#53
08-Feb-2013 13:03:59.353 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 192.33.4.12#53
08-Feb-2013 13:03:59.355 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 199.7.91.13#53
08-Feb-2013 13:03:59.357 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 192.36.148.17#53
08-Feb-2013 13:03:59.359 lame server resolving 'B.ROOT-SERVERS.NET' (in 'ROOT-SERVERS.NET'?): 128.63.2.53#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:500:3::42#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2d::d#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:7fe::53#53
08-Feb-2013 13:03:59.360 host unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
08-Feb-2013 13:03:59.397 success resolving 'B.ROOT-SERVERS.NET/AAAA' (in 'ROOT-SERVERS.NET'?) after reducing the advertised EDNS UDP packet size to 512 octets
08-Feb-2013 13:04:02.927 host unreachable resolving 'local/SOA/IN': 2001:7fe::53#53
08-Feb-2013 13:04:02.927 host unreachable resolving 'local/SOA/IN': 2001:500:2f::f#53
08-Feb-2013 13:04:02.928 host unreachable resolving 'local/SOA/IN': 2001:500:1::803f:235#53
08-Feb-2013 13:04:02.928 host unreachable resolving 'local/SOA/IN': 2001:dc3::35#53
08-Feb-2013 13:04:02.928 host unreachable resolving 'local/SOA/IN': 2001:503:c27::2:30#53
08-Feb-2013 13:04:02.928 host unreachable resolving 'local/SOA/IN': 2001:7fd::1#53
08-Feb-2013 13:04:02.928 host unreachable resolving 'local/SOA/IN': 2001:503:ba3e::2:30#53
08-Feb-2013 13:04:02.928 host unreachable resolving 'local/SOA/IN': 2001:500:3::42#53
08-Feb-2013 13:04:02.928 host unreachable resolving 'local/SOA/IN': 2001:500:2d::d#53
08-Feb-2013 13:05:03.329 host unreachable resolving 'local/SOA/IN': 2001:7fe::53#53
08-Feb-2013 13:05:03.329 host unreachable resolving 'local/SOA/IN': 2001:500:2f::f#53
08-Feb-2013 13:05:03.329 host unreachable resolving 'local/SOA/IN': 2001:500:1::803f:235#53
08-Feb-2013 13:05:03.330 host unreachable resolving 'local/SOA/IN': 2001:500:3::42#53
08-Feb-2013 13:05:03.330 host unreachable resolving 'local/SOA/IN': 2001:500:2d::d#53
08-Feb-2013 13:05:03.330 host unreachable resolving 'local/SOA/IN': 2001:7fd::1#53
08-Feb-2013 13:05:03.330 host unreachable resolving 'local/SOA/IN': 2001:503:c27::2:30#53
08-Feb-2013 13:05:03.330 host unreachable resolving 'local/SOA/IN': 2001:dc3::35#53
08-Feb-2013 13:05:03.330 host unreachable resolving 'local/SOA/IN': 2001:503:ba3e::2:30#53

From another machine, preferably outside your network, have you tried to resolve the MX and A records associated with your server? Also are you running IPv6 on this machine as from the DNS logs it appears to be trying to resolve IPv6 addresses and failing. — Sim, Feb 13 '13 at 11:30

score 0 · Answer 1 · answered Feb 10 '13 at 14:19

0

Look at your firewall settings.

Is there any chance that UDP port 53 is not allowed through to the system? Have there been any recent changes to the networking infrastructure?

answered Feb 10 '13 at 14:19

ewwhite

197,159
92
443
809

Port 53 isn't blocked. Online port check tools can see it. I don't really know if the ISP made any recent changes but to my network there weren't any changes made. Could it be the router's fault? (I haven't been very happy with it in a while). – Sorin Buturugeanu Feb 10 '13 at 20:48
1

Check also TCP port 53. – Laurentiu Roescu Feb 12 '13 at 20:12

score 0 · Answer 2 · edited Mar 20 '17 at 10:29

Situations like the one you describe might happen if you had several slave servers for your domains in addition to the one you are running yourself, then any error you may make might only reveal itself several days or weeks after the fact.

This has recently happened to the StackExchange network: they've relocated their master to a new IP-address, but forgot to update various zone and slave configurations. The result? Things worked just fine for a week (as per the expire field in the SOA record) as if nothing had ever happened, but then one day suddenly everything just stopped working all of a sudden.

http://stackstatus.net/post/41085475226/outage-jan-21th-2013
https://meta.stackexchange.com/questions/164444/dns-server-failure-for-all-stack-exchange-sites

Your included log doesn't seem relevant to the issue you're having, but the following may be a list of potential problems (note that depending on the configuration, a change you've made 4 whole weeks ago (or, depending on your SOA and TTL settings, potentially even years!) may still be relevant to the problems you've started experiencing only 2 days ago):

ports blocked by firewall
router settings have changed
ip-addresses have changed
the master has died weeks ago, slaves had their zones expire just two days ago
some changes at the registrar

The best way to troubleshoot (for domain serverfault.com) is run something like dig @ordns.he.net +trace serverfault.com from a remote location, and also dig +nssearch serverfault.com might be helpful, as well as dig +multiline SOA serverfault.com.

There are also many web-sites online that will do various DNS checks for you to help identify many potential problems.

DNS on OSX Lion

2 Answers2