[Detrius]

I am having a bizarre DNS issue. I have my own DNS server set up with my own private domain. That's not the issue. That's been working fine for a while. The problem is that the first time I make a DNS request, the server won't give an answer. The second time, and each successive time (I assume until TTL kicks in), it works fine--for that one domain.


The only thing I've changed recently: I tweaked the syslog.conf file so that ipfw messages would be logged to /var/log/ipfw.log instead of the system.log. Also, I configured SSL for OpenLDAP and my web server. I don't see how this could have anything to do with my DNS server, though. I have another server at the office that recently started doing the exact same thing with the DNS. I made the same two changes, except the SSL isn't being used. There are no errors in the firewall log, and turning off the firewall doesn't make a difference.

Forward and reverse resolution still works fine for my local domain.

The only other thing these two servers really have in common is that they are on the same ISP--which may be related.


Any ideas?

[Detrius]

The answer: my recent changes were, in fact, unrelated. Recently, the root DNS servers started adding IPv6 resolution. Apparently, many people are having the same problem.

The solution: download and compile BIND 9.3. Replace /usr/sbin/named with the new one created by compiling the new version of BIND. In /System/Library/StartupItems/BIND/BIND, change the lines that launch 'named' to 'named -4'. This restricts your DNS server to use IPv4.