How to fix when I can nslookup and dig an internal hostname, but I cannot ping or ssh to the internal machine?
I can nslookup and dig an internal hostname, and I get a rapid response, but I cannot ping or ssh to the server. All external hostnames work fine for both ping, ssh, dig or nslookup.
ssh -vvv xxxx-xxx-xxxx-1.xxx.xxxx.net
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/gregcain/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/Users/gregcain/.ssh/[email protected]:22" does not exist
debug2: ssh_connect: needpriv 0
ssh: Could not resolve hostname xxxx-xxx-xxxx-1.xxx.xxxx.net: nodename nor servname provided, or not known
I've done a lot of searching on the net, and on this site, and it appears it's got something to do with mDNSresponder. I've added two stanzas to /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
-AlwaysAppendSearchDomains <- this shouldn't matter, since I am using FQDN.
-NoMulticastAdvertisements <- I believe this one disable bonjour broadcast
I've also tried turning off mDNSResponder, but then name resolution fails outright. If I add entries to /etc/hosts, then I get working name resolution. But I need to be able to connect to DNS.
I'm pretty confident our DNS is setup correctly, as it works for everyone around me. I've also spun up a linux VM, and I'm able to connect as I would expect, using the same /etc/hosts and /etc/resolv.conf.
Any suggestions would be greatly appreciated.
UPDATE - > nslookup
set all
Default server: 10.xxx.xxx.xx1
Address: 10.xxx.xxx.xx1#53
Default server: 10.xxx.xxx.xx2
Address: 10.xxx.xxx.xx2#53
Set options:
novc nodebug nod2
search recurse
timeout = 0 retry = 3 port = 53
querytype = A class = IN
srchlist = corp.amdocs.com
Starting from Lion (except Yosemite between 10.10 and 10.10.3), the command for flushing the DNS cache is:
$ sudo killall -HUP mDNSResponder
There is a solution at https://superuser.com/questions/326848/strange-ns-behavior-on-os-x-cant-connect-to-ssh-server.
Neither digg nor nslookup will hit your server, they both query the DNS servers.
What are the results of pinging the server?
When you run the nslookup you can configure a DNS server to use, and also query which DNS server you're using.
Run nslookup without an argument to get into interactive mode, then enter 'server' to see which DNS server you think you're using. If you have an local authoritative server that's incorrectly setup, you'll fail internally, but work externally which will hit a different DNS server ultimately.
Also, you can check your ARP cache - this will show you the MAC - IP mappings within your subnet. Assuming you're on the same subnet, once you've pinged, you might see something odd in there. (run arp -a for a listing of the ARP cache)