|
I purchased a Custom DNS, set Global Dynamic Hostnames (great tutorial), generated my TSIG key, update my Airport Extream Base Station and two mac clients with the TSIG key. Client #1 and the base station have records dynamically appearing in the DNS. However, mac client #2 does not. It is on the same network as client #1. I've rebooted a few times and waited for some time. Mac client appears almost instantly in DNS. Any ideas what is holding mac Client #2 back? |
|
Generally when an OS X client gets a refused response it's one of three things: 1) The server is actually refusing the update for administrative reasons; probably not the case here. 2) The client hasn't been configured correctly and has missing or incorrect credentials. You've likely triple-checked this already. 3) Something has gone wrong with the stored credentials. I'm not sure what causes this but sometimes the stored credentials can't be accessed by mDNSResponder (if you don't know what this is, don't worry) which results in the client sending messages with bad or missing signatures. To resolve this remove the credentials entered in Sharing, then open 'Keychain Access' and remove any 'DNS Key' keys containing your zone's name. Then reboot and re-enter the credentials in Sharing. Assuming you get the clients happily sending updates you may find that Wide-Area Bonjour still behaves a bit, to borrow your description, quirky. This is because WAB can work in either a real-time mode or a polling mode. In the real-time mode, traditional DNS caching is bypassed and when records on the server change the client is immediately pushed an update to it's query. In the polling mode, updates are picked up on by traditional DNS lookups which means waiting for both positive and negatively cached records to expire before changes can be picked up on by a client. Unfortunately this service doesn't support the extensions needed to do real-time updates so it only works in polling mode. Depending on what you're doing, this may be inconsequential or it may be a deal breaker. However these TXT records show up in the DNS records (so I assume my TSIG Key is working.) izenmike._afpovertcp.... http://izenmike._rfb._tcp.mydomain.com http://izenmike._sftp-ssh._tcp.mydomain.com http://izenmike._ssh._tcp.mydomain.com
Jun 04 at 06:00 PM
izenmike
When you say the records "show up", I take it that means you removed them and that they were added again? RR Type 16 is TXT and error -65553 means that the update was refused. Since you're trying to work out why izenmake doesn't show up as service (I'm assuming), for the moment, ignore the SRV and TXT records. The PTR records list instances of a service so what do you have for say http://_ssh._tcp.mydomain.com? It could be you're experiencing something similar to http://www.dyndnscommunity.com/questions/9498/wide-area-bonjour-browsing-doesnt-work-and-only-on.html.
Jun 05 at 03:57 AM
Andrew TJ
Andrew... thanks again. There are plenty of PTR records there (I have three macs, a basestation, and an express.) I guess where my confusion starts is where the SVR and TXT records come in? There are some SVR and TXT records that do not seem to have corresponding PTR records (like _rfb.) Do you have somewhere you can point me to clear it up for me? If you are looking for a beta tester... ;-) I already paid for a domain!
Jun 05 at 03:42 PM
izenmike
I'll have to write a proper outline of how the records work but in the interim I'll point you toward this answer. In short, the PTR records represent a list of services wherein each PTR records data points at a service instance. That service instance is made up of an SRV and a TXT record, the former provides the host and port and the later any service specific information. My guess is the problems are due to some combination of the updates being mishandled server side and/or DNS caching.
Jun 06 at 01:11 AM
Andrew TJ
Also re: testing, if you have your own server and strong sysadmin skills I can help you get dnsxd up and running with your own domain. If you're not a sysadmin by trade it's probably not for you yet though. Beyond that, I can set you up with a test zone on one of my domains but you would have no control and no service guarantees. If you, or I suppose anyone else reading this, is okay with that, drop me an email - I could use more testers :) Mods: If this is inappropriate, I completely understand and am happy to remove this comment.
Jun 06 at 01:45 AM
Andrew TJ
|
This seems to be a bit quirky. I can now get both systems on my network at least appear in the records of the DNS. Now the logs for both systems show:
Update http://_services._dns-sd._udp.mydomin.com. refused
and
Update http://mycomputer.mydomain.com. refused