OS X and DNS
When an OS X box boots and gets a DHCP LAN address, how does it register with DNS?
Does OS X register a forward and reverse name by default?
Is there another place to enter a DNS name besides the "Sharing" System Pref Pane?
In the Terminal, does the shell command prompt show a local computer name or is it a network DNS name? (see below)
Example: danstranathan:~ dstranathan$
My account name is the "dstranathan", but is the "danstranathan" coming from the computer name locally (in Sharing System Pref Pane), or is it getting the "dstranathan" from DNS?). Yes, I do have my computer name in the Sharing System Pref Pane as "dan.stranathan.domain.com" (FQDN), but sometimes the Terminal "thinks" I have a different computer/DNS name. I am wondering if its a local problem or a DNS issue.
Does OS X register a forward and reverse name by default?
Is there another place to enter a DNS name besides the "Sharing" System Pref Pane?
In the Terminal, does the shell command prompt show a local computer name or is it a network DNS name? (see below)
Example: danstranathan:~ dstranathan$
My account name is the "dstranathan", but is the "danstranathan" coming from the computer name locally (in Sharing System Pref Pane), or is it getting the "dstranathan" from DNS?). Yes, I do have my computer name in the Sharing System Pref Pane as "dan.stranathan.domain.com" (FQDN), but sometimes the Terminal "thinks" I have a different computer/DNS name. I am wondering if its a local problem or a DNS issue.
Comments
Just putting a domain.com name in the computer name does not, in any way shape or form, place your computer into a DNS entry anywhere. That's just for Rendezvous/AppleTalk. Period.
The files pertaining to DNS in the etc dir are resolv.conf and hostconfig. These are updated when you do changes though the sytems prefs network panel but changes to the file (and a reboot) also change the config. You need to know what your doing tho as you can easily remove yourself from the network.
Dobby.
NOT from here:
/etc/hostconfig is for configuring local services
/private/var/resolv.conf is for DNS server entries
Dobby.
????
I have this funny feeling you're not quite sure how DNS works?
A DNS server holds a table of computer names and IP addresses. It allows clients to look up the IP based on name, and vice-versa. These entries have to be manually put into place. The DNS server has to essentially be up 24/7, available to everyone on the Internet, and above all, reliable. (This is why many people just farm out this service to another company for a fee.) You have to register a domain name with ICANN, give them the IP of the DNS server, and make it all official.
When you enter in a DNS server in Network Preferences, you're telling your computer where to go to find out about all the *other* computers out there in the world. That DNS server then goes out and finds the info it needs for your request, from all the other DNS servers out there. It's strictly one way - your computer is looking up information. That's it. It doesn't share information back.
Dynamic DNS changes *one* thing... it allows the IP of an entry to change. It doesn't do anything magic. DynDNS lets a computer which is already in the table to say "Hey! My IP changed! here's the new one!"
The Shared Computer name has *NOTHING* to do with *ANY* of this. You can't just put gloriath.werock.com in there have it show up on the Internet. Nor does this have anything to do with AD.
You simply can't have your computer show up on the internet this way, sorry.
The closest one can do to what you're asking is to use Rendezvous, which uses the established .local top level domain (like .com or .org), to create a temporary domain behind whatever router you're connected into. (.local is blocked by every router, so you can't see anyone not on your local subnet for instance.) It'll only work for the LAN though, it, again, doesn't make internet wide names.
When I enter a name in the Sharing Pane of OS X (example: "powermac1"), it eventually shows up in DNS using the nslookup or dig commands (from any computer on my LAN). My question is *how*. I'm just curious to how the DHCP or DNS services captures the Mac's name, ect. I'm trying to understand the order of events that occurs when a Mac boots and registers with local DNS. Obviously this is a 2-way street, since the Mac is PUSHING its name into a DNS table somehow. If I change the computer's name in the Sharing Pref Pane, eventually the Mac's name is changed in DNS (this can be proved by simply doing a forward or reverse lookup in the Terminal, or even looking at the DNS records on the DNS server if you have access to do so)
Im not refering to DNS on the Internet (registered domain names, propagating and replication of DNS names, etc). I am refering to DNS in a localized, private LAN environment.
The reason I asked about Active Directory is because our AD Domain Controllers are tightly integrated to our Windows based DHCP and DNS servers. Leave no stoned unturned when learning I always say...
Originally posted by Kickaha
Er...
Just putting a domain.com name in the computer name does not, in any way shape or form, place your computer into a DNS entry anywhere. That's just for Rendezvous/AppleTalk. Period.
This is not true. While AppleTalk and Rendezvous (OpenTalk) do use these fields for discovery and local link connections, DNS can grab this data as well. Even the Terminal's shell sessions will use the "Computer Name" field from the Sharing Pane as it's "host name". The reason know is because I have been doing lots of DNS experiments on my LAN of 200+ Macs and I can recreated and reproduce this situation at will. Im just trying to find concrete info as to the "magic" that makes this all happen. There must be an order of events at a system level that decides where to pull the name from to register with DNS. It can look in lots of places, including the AD Plugin, Sharing Pane, and a couple of the /etc files too (hostconfig, etc).
Keep in mind I am not referring to manually-entered static names in DNS (i.e.; computer names that are manually added by a DNS admin like important L:AN resources such as server names, etc). Im referring to normal end-user desktop workstation names, computers that have dynamic IPs from DHCP servers, etc.
But in no way will it allow people outside your LAN to find your machines.
Seriously, I think you've got a misconception on how DNS works, versus how names are universally resolved. Tools such as nslookup and dig use the internal resolution system in MacOS X - OpenDirectory. OD can look in many different places to find names: NetInfo, flat files, AD, DNS, LDAP, and... mDNS. It wouldn't matter *WHERE* the name was defined, nslookup and dig would return the info, since OD is doing all the work behind the scenes. (And, likewise, Terminal will use the correct name.)
When you enter in a name in the Sharing Prefs, it is distributed via mDNS (ZeroConf, Rendezvous, OpenTalk, whatever you want to call it). Every machine gets a cached list of all other machines on the LAN, and as machines come online, that info gets propagated, and as they go offline, it goes stale. There is no DNS that 'snags' the info. DNS isn't used. mDNS is. It's an unfortunate clash of terminology.
mDNS = a group of people all passing notes around to share information
DNS = a central information booth handing out answers
Make sense now?
I understand everything you are stating. I want to know how the Computer Name on a Mac gets "into" local DNS without manually adding it.
I can run nslookup tools on my Windows PCs and get the name of any Mac based on its IP (a forward lookup) or a Macs IP based on its hostname (reverse lookup). The PCs are not using AppleTalk or Rendezvous and the Macs dont use WINS or NETBIOS, thus it must be DNS that is returning the Macs name to the PC, right?
Isnt it possible for the os x client to respond with it's host-name to a DHCP and the DHCP server takes the DHCP ack packet from the Mac client and updates the DNS server? The same thing is done on the windows side, right? ("Computer Name").
I'm just trying to confirm that the DHCP or DNS server is getting that name from the Sharing Prefs Pane and not somewhere else like a cache, etc.
Originally posted by dstranathan
I guess you dont understand my question. Sorry if Im not explaining this well.
I understand everything you are stating. I want to know how the Computer Name on a Mac gets "into" local DNS without manually adding it.
*sigh* It doesn't.
I can run nslookup tools on my Windows PCs and get the name of any Mac based on its IP (a forward lookup) or a Macs IP based on its hostname (reverse lookup). The PCs are not using AppleTalk or Rendezvous and the Macs dont use WINS or NETBIOS, thus it must be DNS that is returning the Macs name to the PC, right?
*m*DNS. *m*DNS. Windows has it too. It's not anything sekrit, most every OS has it in one form or another. Apple's implementation just happens to be excellent, and ties in with a couple of other open technologies in a clever way to form Rendezvous... but the backbone is still mDNS.
Isnt it possible for the os x client to respond with it's host-name to a DHCP and the DHCP server takes the DHCP ack packet from the Mac client and updates the DNS server? The same thing is done on the windows side, right? ("Computer Name").
No, and no.
I'm just trying to confirm that the DHCP or DNS server is getting that name from the Sharing Prefs Pane and not somewhere else like a cache, etc.
The DHCP/DNS server doesn't ever 'get' that information. It has nothing to do with the lookup process in this case. mDNS does. That's what you're not seeing.
Are there any ways to fix this?
Kent
WIndows Server 2003 has DDNS enabled by default. That's great! If you plug in a machine, and get a new DHCP address, the DNS server will eventually get your hostname, and add you to the DNS lookups, for a PRIVATE LAN DNS. Gee, that's really cool.
Here's the problem: If you happen to plug in to the network and get a DCHP address that has PREVIOUSLY been registered in the DDNS server to a different hostname, the Windows Server 2003 DDNS server DOES NOT update the hostname for reverse lookups. Confused? Here's an example at my current place of work (identical issue in my last place of work). Note that the "mymacsystem" name has been verified/updated using scuitil --set HostName, and the IP address for "mymacsystem" is 10.82.787:
Last login: Thu Sep 3 11:21:03 on ttys001
MYMACSYSTEM:~ lindem01$ nslookup mymacsystem.somecompany.com
'Servert10.88.8.16
Addresst10.88.8.16#53
** server can't find mymacsystem.somecompany.com: NXDOMAIN
MYMACSYSTEM:~ lindem01$ nslookup 10.82.7.87
Servert10.88.8.16
Addresst10.88.8.16#53
87.7.82.10.in-addr.arpaname = someothercomputer.somecompany.com.
This IP had previously been used by "someothercomputer", but has been used by me (I've checked it daily) for almost two weeks. What the heck is going on? Well, the Windows 2003 DDNS server isn't updating the reverse lookups for the Mac clients. Don't tell me DNS is broken, or this is misconfigured, unless you ALSO tell me how to fix it on the Server. At my last job we had to MANUALLY go in to the DNS lookups and DELETE BY HAND all the wrong entries. Of course, a flush/scour/clean of released IP addresses won't work, as this address is active - the name is just wrong.
Thanks...
In your Directory Utility on OS X, you "bind" yourself to the directory services in your AD domain. This binding is done by a network administrator. This allows your OS X box to work just like a Windows workstation. This is technology licensed by Apple from Microsoft. All your name resolutions, etc. work just like a Windows workstation afterwards.
http://www.makemacwork.com/bind-to-active-directory.htm
http://images.apple.com/business/sol..._Directory.pdf
Google > asking questions with different aliases in a forum.
In your Directory Utility on OS X, you "bind" yourself to the directory services in your AD domain. This binding is done by a network administrator. This allows your OS X box to work just like a Windows workstation. This is technology licensed by Apple from Microsoft. All your name resolutions, etc. work just like a Windows workstation afterwards.
http://www.makemacwork.com/bind-to-active-directory.htm
http://images.apple.com/business/sol..._Directory.pdf
This is, in fact, utterly incorrect. Binding to AD does not affect the inherent functionality of a system when related to DNS. All it does is provide authentication services for user accounts that exist within the domain, unless the domain schema has been extended to support Apple specific LDAP schema, at which point it would also provide management services for the system, such as, say loginwindow appearance.
This is, in fact, utterly incorrect. Binding to AD does not affect the inherent functionality of a system when related to DNS. All it does is provide authentication services for user accounts that exist within the domain, unless the domain schema has been extended to support Apple specific LDAP schema, at which point it would also provide management services for the system, such as, say loginwindow appearance.
Interesting discussion. I don't think 5 years ago that Kickha understood what DDNS actually is and how it works.
Anyways, I'm afraid you're incorrect here. Check your DNS for the following settings:
AD integrated zones
Only allow secure updates.
If these two options are set then the Macs MUST be a member of the domain for DDNS to work. If they are not members of the domain then DNS will not allow them to use DDNS. So, binding Macs to the domain may in fact have an impact on DNS
Interesting discussion. I don't think 5 years ago that Kickha understood what DDNS actually is and how it works.
Anyways, I'm afraid you're incorrect here. Check your DNS for the following settings:
AD integrated zones
Only allow secure updates.
If these two options are set then the Macs MUST be a member of the domain for DDNS to work. If they are not members of the domain then DNS will not allow them to use DDNS. So, binding Macs to the domain may in fact have an impact on DNS
Ok - I'm a bit cheeky with my answer - it's not "absolutely incorrect", but just binding a Mac to AD does not suddenly turn it into a PC functionally. In fact, your answer led me to a fairly good document in Microsoft Technet that implies (because they don't state it explicitly) that the DDNS updating happens in the Windows OS client via the Windows DHCP Client Service - so a client-side application is doing the updating on the Windows DNS server.
As I am the Mac admin and not a Windows Sysadmin, I can't check my DNS settings in Server 2003 - I don't have access. However, given the context that all of my Macs are bound to Active Directory and that the DNS servers do not dynamically update hostnames for reverse lookups for Mac (one list I saw excluded XP Home/Vista Home, and Windows prior to 2000 as well as Mac OS X, Linux and other Unix-based OSs) it still brings me to my question, which goes back some of the older questions, which still begs for a reply from someone who has a working solution.
Is there a way for the Mac to update the existing DNS entries (that does not involve manually editing/deleting each Forward and Reverse DNS entry on the Windows DNS server)? An application that provides similar behavior to Microsoft's Windows DHCP Client Service.
Thanks...
The point is, in every Windows environment it is the server that is responsible for how records get updated. This is a security feature and the ONLY way to secure DNS against pollution.
We have Macs in our environment and do not have any issues with DDNS.
The issue you're having can also be experienced with networked printers that use DHCP.
Would you, please, give us a step-by-step recipe to fix this so that we can hand it to the IT un-believers? I ask this because I keep getting the "Oh, you have a Mac - that's a client side issue."
Also, when the IT folks do MS Updates on the server, do these settings get reset to the default "off state"?
Thanks!
Yes, Windows computers can run an ipconfig/registerdns to update its DNS record every time it gets a new lease. The client is smart enough to do this automatically. However, this is a setting that you enable on the DHCP server. There are settings on the DHCP server that enable this to happen. Have your Windows Admin ensure that these settings are enabled
The point is, in every Windows environment it is the server that is responsible for how records get updated. This is a security feature and the ONLY way to secure DNS against pollution.
We have Macs in our environment and do not have any issues with DDNS.
The issue you're having can also be experienced with networked printers that use DHCP.