Hello, On Tue, Mar 2, 2010 at 00:12, Chris Buechler <cbuech...@gmail.com> wrote: > On Mon, Mar 1, 2010 at 9:45 AM, Scott Ullrich <sullr...@gmail.com> wrote: >> On Mon, Mar 1, 2010 at 2:38 AM, Aarno Aukia <aarnoau...@gmail.com> wrote: >>> Hello, >>> >>> I just found out my new mac os x 10.6 snow leopard machine seems to >>> have problems with DNS TTL 0, dnsmasqs default TTL for local entries >>> (http://www.mac-forums.com/forums/os-x-operating-system/164649-snow-leopard-keeps-dropping-dns.html#post912124). >>> Adding " --local-ttl 1" to the dnsmasq $args in /etc/inc/services.inc >>> (around line 634 on this 1.2.3-rc3 nanobsd) seems to work out the >>> issues, although I'll keep testing it for some more time... >> >> That does not make any sense to me. I have quite a number of Macs and >> do not see this issue. >> > > It's only for local entries, and I bet you (and most others) don't > resolve entries off the firewall's hosts file. A TTL 0 is a bit > unusual in that scenario, it should be safe to set it to 1 for > everything. I committed that change to 2.0.
At the end, the problem was snow leopard querying both A and AAAA records, with the A record being answered correctly locally and the AAAA record being forwarded externally. The external answer to the AAAA is the public CNAME, which points to a public dyndns-name with only A records. Thus it had 2 different A records and (after some timeout) the second A record was preferred (although IMHO it should be ignored since it was an answer to an AAAA query...). The solution was to add --local= with my domain (which, incidentally, is already there in /etc/inc/services.inc, only commented out) to dnsmasq to not forward any (esp. AAAA) queries externally. Should that be added as a checkbox to services_dnsmasq.php ? -Aarno -- Aarno Aukia Atrila GmbH Switzerland --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org