Like a lot of businesses we use an internal OS X Server for a variety of functions — one of them is to provide a local caching DNS service.
Also like other business we use BIND’s ability to serve up ‘views’ to let us have custom internal web addresses reflecting internal servers.
Occasionally, we need to add a new address to our private view and I never remember to drop the TTL ( time to live ) down to a shorter period. (Actually remember is the wrong word — usually I don’t get any warning that a new internal address is needed :D ).
As I don’t do this on a daily basis I can never remember how I cleared out the DNS cache previously — hence this post.
TTL - Hurry up already!
So, I get stuck with the changes taking forever to propagate — which is frustrating. I’m usually impatient so rather than wait for the TTL to time out I like to help the DNS service along a bit. Sadly, for the impatient, the OS X server’s DNS service is a stubborn beast when it comes to caching a secondary domain (restarting the DNS it or even deleting and re-instating the secondary domain don’t help).
Cache anyone?
The first time I hit this problem I thought it was a cache issue, but which one? There are DNS caches everywhere in your modern computer experience, in your network interface ( eg. DSL router ), your network server and in your desktop OS ( eg. Mac OS X ) and in your browser ( eg. Safari, Firefox and Chrome ).
Clearing cache’s
Restarting a browser (ie. closing all windows and “Quit”ing the application) will usually clear it’s cache.
Rebooting your Mac in this day and age is a bit of an overkill (but it does work) — a simpler and quicker process is to open “Terminal” and type in:
> dscacheutil -flushcache
Simple huh? At this time I remember it’s none of those that are causing the problem…
Mac OS X Server DNS cache
You might be thinking that you could fire up the terminal on your OS X Server and use dscacheutil but that just clears the user cache not the cache of the DNS server.
Diagnosis
The big give away that the DNS server is “stuck”, for want of a better description, can be found in the DNS service log — which shows the serial number of domain it loads. When I may the change earlier today the domains serial number was automatically updated to the current date ( 2011053001 ) but the log shows this:
30-May-2011 14:09:02.456 zone problemdomain.com/IN/…: loaded serial 2011041101
Simple surgery
On the Snow Leopard Server you have to follow these steps:
Using “Server Admin” stop the DNS service
Open Terminal on your server and navigate to ‘/var/named/’:
List your directory ‘ls -al’
In there you will find a ‘bak’ file of the “stuck” domain ( see listing below ).
Delete the back file for the problem domain ( try a
sudo rm bak.problemdomain.com)Restart the DNS service
me:named: ls -altotal 0
drwxr-xr-x@ 5 root wheel 170 31 Jul 2009 .
drwxr-xr-x 29 root wheel 986 16 Feb 2010 ..
-rw-r--r-- 1 root wheel 1148 May 30 17:04 bak.problemdomain.com.
-rw-r--r-- 1 root wheel 195 31 Jul 2009 localhost.zone
-rw-r--r-- 1 root wheel 2878 31 Jul 2009 named.ca
-rw-r--r-- 1 root wheel 433 31 Jul 2009 named.local
It’s alive!
After following those 6 steps, now, when I check the DNS service log in Server Admin I see that the domain has transferred and loaded with the correct serial number:
30-May-2011 14:18:39.932 zone craigphillips.biz/IN/…: Transfer started.
30-May-2011 14:18:42.456 zone problemdomain.com/IN/…: loaded serial 2011053001
Now the next time it happens I just have to remember that I’ve written this all down (of course by then Lion will be out and I’ll probably have to figure it all out again).
{ Update
Depending on your external DNS configuration you may need to restart BIND to ensure it refreshes it’s cache with the changes you’ve just made.
I've been described as a lost technocrat or a wondering luddite, personally I just like everything that takes us forward.