DNS -infinite loop to time.apple.com

Hi Everyone,

I have several MAC OS X computers running version 10.6.4 that keep querying for time.apple.com.
I don't know where the problem is resides:

1) The computers that are asking for time.apple.com every few seconds?
2) My DNS server running on Windows 2008 Enterprise edition that keeps going to the internet to resolve the request for time.apple.com.

Why is it not cached after the first request? All other requests are cached like I expect them to be. Why are so many computers hitting the dns server so frequently?

Thanks
/Nick Rigas
sjsduserAsked:
Who is Participating?
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
I would recommend that you stop using Apple's NTP server and change to your Windows 2008 server for NTP.  I am assuming that you have Active Directory in place, of course.

Also, you 2008 server is most likely not a public and authoratative DNS server.  Because of this, it will always refer your clients to internet DNS for resolution.
0
 
strungCommented:
What IP address does your DNS server show for time.apple.com? Is it correct? I get 17.151.16.20.
0
 
strungCommented:
Apparently time.apple.com has four servers:
17.151.16.20
17.151.16.21
17.151.16.22
17.151.16.23
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
sjsduserAuthor Commented:
Hi,
We do have a time server running here.
Our Mac computers "should be" updating to it.
I notice that some don't have the correct plist file.
------------------------------------------------
nslookup time.apple.com
Server:  *****
Address:  10.X.X.X

Non-authoritative answer:
Name:    time.apple.com
Addresses:  17.151.16.21
          17.151.16.22
          17.151.16.23
          17.151.16.20
-----------------------------------------------------
What I don't understand is, everything worked before.
Suddenly I have 1000's of sessions in my firewall.
Each request for Time.apple.com creates another session.
Is there a known issue with DNS on Windows?

/Nick
0
 
strungCommented:
Why don't you set the Macs to sync with your server rather than time.apple.com?
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
That's what I suggested here http:#35129065 that he use his own internal NTP server.  This is the process that should be done if your Macs are integrated with AD.  Even it AD integration is not setup, use of your internal NTP server is recommened (I.M.O)
0
 
strungCommented:
Sorry, Nappy, I missed your message because my first message was posted almost contemporaneously.
0
 
sjsduserAuthor Commented:
Quick Update,

I've changed the time server to my local machine.
Will see if this make a difference.
I will need to wait till the Mac Server administrator comes back to push it out division wide.

It still does not explain why my server is not caching the results for time.apple.com. The dns server always forwarding the requests to the root hints.

/Nick
0
 
sjsduserAuthor Commented:
Our dns logs have this in the log over and over again

eg.

16/03/2011 11:10:25 AM 1628 PACKET 0000000038FB8B0 UDP Snd 10.24.2.254 6d17 R Q [8281 DR SERVFAIL] TXT (4)time(5)apple(3)com(0)

What does this mean?
0
 
sjsduserAuthor Commented:
and here is the first part when initially received by the dns server 9 seconds earlier

16/03/2011 11:10:16 AM 1A90 PACKET 00000000033EB790 UDP Rvc 10.24.2.254 6d17 Q [0001 D NOERROR TXT (4)time(5)apple(3)com(0)


0
 
sjsduserAuthor Commented:
More digging has revealed it also seems to be sending the request to

17.112.144.59 and 17.72.133.64 which appears to be nserver4.apple.com

Apple dns server I presume
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
When you say your "local machine" do you mean an NTP server on your network or are you pointing to the Mac itself?
0
 
sjsduserAuthor Commented:
Yes the time server has been changed from time.apple.com to our local time server.

It appears that time.apple.com does not have a TXT record and that is why those requests keep failing. But why does it keep requesting them?
0
 
nxnwCommented:
FYI, when I use dig @17.112.144.59 -t txt time.apple.com, I get, among other things,
;; ANSWER SECTION:
time.apple.com.            3600      IN      TXT      "ntp minpoll 9 maxpoll 12 iburst"
I wonder if the problem with the DNS query might be, either, a dirty cache or some misconfiguration of the DNS server.

That is a problem that should likely be sorted out in due course, but your primary issue has presumably been corrected by using your internal NTP server (as advised by nappy_d). As a general rule, clients should be using the same NTP server as the server they are using for authentication (not only with AD, but OD as well).

0
 
sjsduserAuthor Commented:
I ended up assigning computers to update to my local NTP server, then I edited each Apple Airport to update to my local time server and this resolved the issue.

/Thanks to everyone who participated.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.