DNS A record changes suddenly

[trice]

One of our xserves (actually the head of our OD setup) is not playing nice with DNS, which is currently running on a Windows 2003 box. After adding an A record to DNS and creating the corresponding pointer record, the xserve (or dns I’m not really sure which) will then promote itself to a subdomain within the current DNS domain. For example if the name of the DNS Domain in the forward lookup zone is SCHOOL.K12.NY.US and the name of the server is APPLE. An A record can be added for APPLE.SCHOOL.K12.NY.US and the appropriate pointer record gets created. However after about a second or two the recently added A record changes to a subdomain in SCHOOL.K12.NY.US So it would now be possible to add A records to APPLE.SCHOOL.K12.NY.US
Now clearly this is not something we want to happen and is proving to be annoying when using such things as workgroup manager. Forward and reverse lookups are however still working and everyone is able to log in and get their home directories. This only started happening within the past week or so and only on this one machine. It was working fine before that and is currently working fine on other machines with similar setups (the obvious exception being that these other machines are OD replicas and not masters). As of today (5/6/08) the machine has all of the latest updates, though the problem started occurring before the updates were done. The xserve is pointed at the correct DNS server and its hostname is set to Automatic in the hostconfig file. The only thing I found strange in the logs was this entry [i]target=enable-network: disabled[/i] and some times this one ERROR: Only name server claiming responsibility for [i]Server Name.. [/i]But the machine in question can still get on the internet and do everything else. Changeip -checkhostname also returns no errors.
This has never happened before on any of our previous OD Masters. Something to note too – it seems like it only happens with the particular name of this server. If we try to add another A record with the same IP and different name it seems to work fine. So we thought that this name might have once belonged to another computer (though no one ever remembers naming anything even remotely close to this) and its somehow cached in DNS (which is Active Directory Integrated) or WINS. However a thorough search of DNS and WINS found nothing. Scavaging for old records and clearing the cache also didn’t help. I’ve googled my brains out and found no answers – Apple Enterprise support also said they had never heard of this before. Any thoughts on what might be wrong that won’t involve a huge fight with the Windows admin or renaming our OD setup?
tom

[khiltd]

The two things that would help the most would be paragraphs and the contents of your named.conf and relevant zone files.

[premiermac]

Is the OD Master running DNS also? Or are you only getting DNS from the network?

[trice]

Both the OD Master and the Clients are getting their DNS from the Windows Box. So even if I were to start DNS on the master the clients would still be affected.
Everything still works for the most part, but its just some things that are getting thrown off, such as connecting via workgroup manager from administration machines. Not to mention this isn’t what should be happening anyway. And again this A record just changes within Windows DNS, so I don’t know if its something in windows or something else causing it to change.

tom

[premiermac]

Please post forward and reverse lookups for your Xserve. Be sure to use lookupd if 10.4 or dscacheutil if 10.5.

[trice]

lookupd -q host -a name [i]FQDN of my server[/i]

interface: 5
ip_address: [i]Returns Correct IP[/i]
name: [i]Returns correct FQDN[/i]

lookupd -q host -a ip_address [i]IP of My Server[/i]

ip_address: [i]Correct IP[/i]
name: [i]Correct Reverse Mapping[/i]
ptrdname: [i]Returns correct FQDN[/i]

[premiermac]

Ok, so what’s the problem then? I don’t understand what exactly is not working.

[trice]

Exactly, I don’t understand either and everything is working, well mostly. The problem is not with DNS resolutions for the most part, if you read the original post again you will see the problem is with the DNS record changing types. The A record for the server changes to a subdomain within our current DNS structure. For example, we have a domain called domain.com We add a A record for this server so we have server.domain.com That A record promotes itself to a subdomain within our domain. So now we have server.domain.com as a subdomain within our domain to which (if we wanted) A records, reverse records, etc could be added. Not a good thing as far as pure DNS resolution since sometimes something resolve to server.server.domain.com.

tom

[khiltd]

[i]server.domain.com[/i] [b]IS[/b] a subdomain of [i]domain.com[/i], so you’ll need to define what “promotes itself to a subdomain” means at the very least.

[trice]

Ok let me see if i can explain it more clearly – bear with me this problem doesn’t make a whole lot of sense to me either and this has yet to be documented anywhere as far as I can tell

We have a domain in our Forward lookup zone on our Windows 2003 DNS Server. Lets call this domain EXAMPLE.COM. So going into our DNS Server you would open the forward lookup zones and see EXAMPLE.COM. There is also a corresponding reverse lookup zone for this domain. In EXAMPLE.COM I can add A records, MX records, etc etc. Including the A record for our open directory master. This record now reads opendirectorymaster.example.com A few seconds after adding that A record it changes to a subzone within EXAMPLE.COM

So initially we have

 Forward Look Up Zones
&nbsp&nbsp&nbsp&nbsp&nbsp EXAMPLE.COM&nbsp (A Record) opendirecotrymaster

then it changes to

 Forward Look Up Zones
&nbsp&nbsp&nbsp&nbsp&nbsp EXAMPLE.COM
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp OPENDIRECTORYMASTER

So now if i wanted to i could actually add an A record within the opendirectorymaster zone to someting like server.opendirectorymaster.example.com. Clearly not what I want to have happen.

Does that clear it up?

weird right?

[trice]

Except that this machine is not 10.5 its a 10.4.11 server and its not bound to AD. Our DNS is however Active Directory integrated.

tom

[khiltd]

You still haven’t defined any of these terms you seem to be misusing and you’re not posting any zone files, so I’m assuming this spontaneous “promotion” of which you speak is related to something in Windows 2003’s GUI. That would certainly explain why I have no idea what you’re talking about.

Why do you think the server should prohibit you from adding A records for this domain?

[trice]

Yes – I’m assuming it is related to the Windows 2003 GUI, which is where the DNS is currently running. I can’t find anything specifcially wrong in any of the 2003 logs or files. If you would like to see the specific contents of any Windows 2003 DNS file the please let me know what you you like to see and which files. Again this is a Windows 2003 DNS server running Windows 2003 DNS not OS X DNS or any other version of BIND. And I never said I couldn’t add A records, the A record adds itself fine each and every time I add it, but rather that the A record I add keeps changing.

[trice]

one more thing – as i mentioned previously the DNS is active directory integrated so the DNS information is stored in the active directory database NOT in zone files – and the windows admin has not be so forthcoming about letting me poke around in that database to extract the info i need – another reason why more infor hasn’t been readily forthcoming

[khiltd]

I’m sure that somebody here has some experience with Windows 2003’s DNS server, but you would probably have better luck elsewhere since this really doesn’t seem to be a Mac issue at all.

[Author]

Posts