Problem with Windows AD Domain & DNS

May 29, 2009 at 02:52:11
Specs: Mac OS X

I have some strange issue when trying to resolve a certain DNS hostname on an apple whithin a windows network.

The hostname is "scanner" and points to a network scanner. The scanner is not in the domain but only attached to the network. I defined the hostname->IP mapping manually in the PDC's DNS (The PDC also serves as DNS server in our network).

The apple is not in the domain, neither, but attached to the network. It gets its IP settings as well as DNS servers from the DHCP server, which is on our PDC, too.

Usually, names can be resolved successfully on the apple, but when I try to resolve "scanner", the DNS server says "SERVFAIL".

On windows clients that are part of the domain, I can successfully resolve the name. In this case, the very same DNS server does not respond with "SERVFAIL".

According to OpenDNS, SERVFAIL means an internal error, so why does the internal error depend on whether the client is a Mac or a Windows client? And how to solve this issue?

Thx, chiccodoro

See More: Problem with Windows AD Domain & DNS

Report •

May 29, 2009 at 07:18:03
1) There is no "PDC" in an active directory integrated domain......period. There are DC's (ie: domain controllers). PDC/BDC is Windows NT 4.0 (and earlier) nomenclature and does not apply to an AD environment.

2) This is not a networking issue. Therefore you should have posted this in the applicable forum (ie: Windows Server 2000/2003/2008).

Report •

May 29, 2009 at 07:36:31
Hello Curt

Sorry for the "P". Didn't know that.

Why is this not a networking issue? - As long as I don't know the more exact error source. Since it works for Windows clients, I cannot be sure whether the problem is on the server or rather in the client<->server communication, or even the client.

Report •

May 29, 2009 at 08:01:56
Lets make sure we have a clear picture here.

Only from the mac do you get servfail, correct?

Does a mac have the nslookup command or similar? Your first troubleshooting step would be to confirm its tcp/ip setting for dns is the same as the pcs. Second step is use nslookup [mac ip address] and see what gets returned.

Report •

Related Solutions

May 29, 2009 at 08:11:42
Hello wanderer

Yes, apple is the only problem client so far. It has an nslookup utitlity, and this is where I found the SERVFAIL issue:

nslookup scanner
;; Got SERVFAIL reply from, trying next server

The "next servers" are external ones who don't know "scanner", so the nslookup finally fails to resolve the name:

nslookup scanner
;; Got SERVFAIL reply from, trying next server

** server can't find scanner: NXDOMAIN 

Thx, chiccodoro

Report •

May 29, 2009 at 09:29:03
is your server or your router?

should point to server not router.

Report •

May 29, 2009 at 11:18:38
Why is this not a networking issue?

In your original post you said the following:

Usually, names can be resolved successfully on the apple, but when I try to resolve "scanner", the DNS server says "SERVFAIL".

As I read, and understand (correct me if I'm wrong) that statement, the mac is communicating on the network properly but isn't resolving the name of "scanner" while it is indeed resolving others.

If it is communicating properly on the network then it follows logically that it cannot be a network issue.

We have a few Mac's here where I work and they're always a problem to get working correctly in a Windows based, AD integrated domain.

If you open a terminal window on your mac and type:


and then open a command prompt window on a Windows based PC (that you know for sure is communicating properly) and type the following command:

ipconfig /all

and then compare settings you may find the answer to your problem. The only thing that should be different is the actual IP address. Subnet Mask, Default Gateway, and DNS address should all be identical. If any of those other three is different (like the DNS or gateway) then that's the problem.

Report •

June 1, 2009 at 22:46:47
Hello both is the server. The router is 101 in my case. These settings (DNS, gateway, IP&mask) are alltogether configured by DHCP, thus they are common to all clients on the network, also to the apple.

Just to summarize/repeat the issue:
* Resolving "normal" domain members works on windows clients.
* Resolving "normal" domain members also works on Mac
* Resolving the scanner works on windows clients.
* Resolving the scanner does not work on Mac.


Report •

June 2, 2009 at 08:07:37
add the entrie for the scanner into the local hosts file on the mac and it should resolve this problem.

Report •

June 2, 2009 at 08:24:43
Hello wanderer

This would work indeed, but to me it is not the ultimate solution. I want to have the entries on the central DNS server.

Report •

June 2, 2009 at 10:36:41
Eh? You already have the entries on the dns server. Something on the mac is preventing the read on just that entry but no others.

Firewall misconfigure or a rouge entry in the hosts file come to mind as a way of preventing this access on the mac.

Do the hosts file to see if it resolves the issue. Or if it doesn't then perhaps you have a bigger problem with the mac.

You could load wireshark and figure out where the mac's dns request for scanner is going.

Report •

June 2, 2009 at 23:58:24
Yeah, Wireshark is possibly the only tool that can really reveal the source of the issue... just as in so many other cases. Will try that ASAP.

Concerning the hosts file: I understood this as your proposal to get rid of this problem. I don't want to work around but rather solve it. Anyway you're right that this would be worthwhile to try just in order to locate the source of the problem.

Will post here as soon as I know more.

Report •

Ask Question