Safari/Firefox Site not found errors


Numerous people have [posted](<br%20/>%0Ahttp://discussions.info.apple.com/webx?14@101.TyczaANxCsQ.1@.689ef4f7) to the Apple discussion board regarding “site not found” errors, and web browsers requiring two attempts to load a page. This was REALLY annoying me, so I started doing some digging to see what was wrong. When I broke out tcpdump, I noticed that OS X was sending AAAA record ( these are the IPv6 equivalent to an IPv4 A record ) requests to my DNS server:

$ sudo tcpdump -i en1 -vvvv -n -e port 53

[ ... ]

08:51:49.710240 00:0d:93:83:1d:73 > 00:03:ba:05:9d:9f, ethertype IPv4 (0x0800), length 73: IP (tos 0x0, ttl 64, id 29629, offset 0, flags [none], length: 59) 192.168.1.8.49428 > 192.168.1.1.53: [udp sum ok] 20324+ AAAA? www.apple.com. (31)
08:51:49.712412 00:03:ba:05:9d:9f > 00:0d:93:83:1d:73, ethertype IPv4 (0x0800), length 171: IP (tos 0x0, ttl 64, id 20532, offset 0, flags [none], length: 157) 192.168.1.1.53 > 192.168.1.8.49428: 20324 q: AAAA? www.apple.com. 1/1/0 www.apple.com. CNAME[|domain]

Now, why Safari is causing the name resolution libraries to query “www.apple.com” when I visit www.cnn.com is beyond me ( I will have to do some more digging). Since I am on a pure IPv4 network, I tried disabling IPv6 in the network preferences tab to see if it would stop sending AAAA record requests. This was not the case, and I still had trouble loading pages. While reviewing the latest errata on the OpenBSD errata page, I came across the following:

“BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in cases where IPv6 connectivity is non-existent. This results in unneccessary timeouts and thus slow DNS queries.”

Well hot dog, this seems to align with what I was seeing and experiencing!!!! I applied the patch to my OpenBSD name server, restarted named, and the problem seems to be fixed. Several of the folks on the discussion board also mentioned hard coding the DNS servers, which may or may not fix the issue ( if this is a BIND specific issue, then your ISP will need to patch their servers). Once I get some additional time, I will check to see if this is BIND or OpenBSD specific. Stay tuned!

This article was posted by Matty on 2005-01-16 00:04:00 -0400 -0400