Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1324
  • Last Modified:

DNS -infinite loop to time.apple.com

Hi Everyone,

I have several MAC OS X computers running version 10.6.4 that keep querying for time.apple.com.
I don't know where the problem is resides:

1) The computers that are asking for time.apple.com every few seconds?
2) My DNS server running on Windows 2008 Enterprise edition that keeps going to the internet to resolve the request for time.apple.com.

Why is it not cached after the first request? All other requests are cached like I expect them to be. Why are so many computers hitting the dns server so frequently?

Thanks
/Nick Rigas
0
sjsduser
Asked:
sjsduser
  • 7
  • 4
  • 3
  • +1
1 Solution
 
nappy_dCommented:
I would recommend that you stop using Apple's NTP server and change to your Windows 2008 server for NTP.  I am assuming that you have Active Directory in place, of course.

Also, you 2008 server is most likely not a public and authoratative DNS server.  Because of this, it will always refer your clients to internet DNS for resolution.
0
 
strungCommented:
What IP address does your DNS server show for time.apple.com? Is it correct? I get 17.151.16.20.
0
 
strungCommented:
Apparently time.apple.com has four servers:
17.151.16.20
17.151.16.21
17.151.16.22
17.151.16.23
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
sjsduserAuthor Commented:
Hi,
We do have a time server running here.
Our Mac computers "should be" updating to it.
I notice that some don't have the correct plist file.
------------------------------------------------
nslookup time.apple.com
Server:  *****
Address:  10.X.X.X

Non-authoritative answer:
Name:    time.apple.com
Addresses:  17.151.16.21
          17.151.16.22
          17.151.16.23
          17.151.16.20
-----------------------------------------------------
What I don't understand is, everything worked before.
Suddenly I have 1000's of sessions in my firewall.
Each request for Time.apple.com creates another session.
Is there a known issue with DNS on Windows?

/Nick
0
 
strungCommented:
Why don't you set the Macs to sync with your server rather than time.apple.com?
0
 
nappy_dCommented:
That's what I suggested here http:#35129065 that he use his own internal NTP server.  This is the process that should be done if your Macs are integrated with AD.  Even it AD integration is not setup, use of your internal NTP server is recommened (I.M.O)
0
 
strungCommented:
Sorry, Nappy, I missed your message because my first message was posted almost contemporaneously.
0
 
sjsduserAuthor Commented:
Quick Update,

I've changed the time server to my local machine.
Will see if this make a difference.
I will need to wait till the Mac Server administrator comes back to push it out division wide.

It still does not explain why my server is not caching the results for time.apple.com. The dns server always forwarding the requests to the root hints.

/Nick
0
 
sjsduserAuthor Commented:
Our dns logs have this in the log over and over again

eg.

16/03/2011 11:10:25 AM 1628 PACKET 0000000038FB8B0 UDP Snd 10.24.2.254 6d17 R Q [8281 DR SERVFAIL] TXT (4)time(5)apple(3)com(0)

What does this mean?
0
 
sjsduserAuthor Commented:
and here is the first part when initially received by the dns server 9 seconds earlier

16/03/2011 11:10:16 AM 1A90 PACKET 00000000033EB790 UDP Rvc 10.24.2.254 6d17 Q [0001 D NOERROR TXT (4)time(5)apple(3)com(0)


0
 
sjsduserAuthor Commented:
More digging has revealed it also seems to be sending the request to

17.112.144.59 and 17.72.133.64 which appears to be nserver4.apple.com

Apple dns server I presume
0
 
nappy_dCommented:
When you say your "local machine" do you mean an NTP server on your network or are you pointing to the Mac itself?
0
 
sjsduserAuthor Commented:
Yes the time server has been changed from time.apple.com to our local time server.

It appears that time.apple.com does not have a TXT record and that is why those requests keep failing. But why does it keep requesting them?
0
 
nxnwCommented:
FYI, when I use dig @17.112.144.59 -t txt time.apple.com, I get, among other things,
;; ANSWER SECTION:
time.apple.com.            3600      IN      TXT      "ntp minpoll 9 maxpoll 12 iburst"
I wonder if the problem with the DNS query might be, either, a dirty cache or some misconfiguration of the DNS server.

That is a problem that should likely be sorted out in due course, but your primary issue has presumably been corrected by using your internal NTP server (as advised by nappy_d). As a general rule, clients should be using the same NTP server as the server they are using for authentication (not only with AD, but OD as well).

0
 
sjsduserAuthor Commented:
I ended up assigning computers to update to my local NTP server, then I edited each Apple Airport to update to my local time server and this resolved the issue.

/Thanks to everyone who participated.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 7
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now