« Group Policy Objects 201 | Main | How To Disable SMB Signing in SBS 2003 »

December 26, 2004

Fixing the ".local" Problem in Mac OS X 10.3

When Apple implemented Rendezvous in OS X, they chose to use a non-public domain naming scheme to keep Rendezvous traffic local. Unfortunately,".local" is exactly the naming scheme they chose, which happens to be the very domain structure Microsoft recommends for naming internal networks. No problem, right? Except that Rendezvous uses a multicast DNS lookup, and Microsoft DNS servers don't know how to respond to multicast requests. Hence, if you have a Windows ".local" domain with Macs, the Macs cannot use DNS to look up internal DNS resources.

There are a number of ways to work around this, but the best solution, short of renaming your Windows internal domain to somethin other than ".local", is to disable multicast DNS for the .local domain on the Mac. Here's how.

  1. If the Macintosh is getting its IP information from anywhere other than DHCP on the Windows server, configure DNS on the Macintosh
    1. Open System Preferences (Apple Menu -> System Preferences).
    2. Click the Network icon.
    3. Select Built-in Ethernet and click Configure.
    4. Enter the IP address of the Windows server in the DNS Servers field.
    5. Click Apply Now.
    6. If there is an address appearing next to the IPv6 Address field, click Configure IPv6, select Off from the Configure IPv6 drop-down menu.
    7. Click OK.
    8. Quit System Preferences.

  2. Enable unicast .local resolution
    1. Open the Terminal application (Macintosh HD -> Applications -> Utilities -> Terminal).
    2. At the command prompt, type "sudo su" (no quotes) and press Return.
    3. Type in the password for the current user account and press Return.
    4. Type "cd /usr/sbin" and press Return.
    5. Type "cat > EnableUnicastDotLocal" and press Return. You will not see a command prompt at this point.
    6. Enter the following four lines exactly as shown, pressing Return at the end of each line (the file is local.ONE not local.L):

      #!/bin/tcsh
      echo domain.local > /etc/resolver/local.1
      grep -v domain /etc/resolv.conf >> /etc/resolver/local.1
      echo search_order 2 >> /etc/resolver/local.1

    7. Press Control-D. The command prompt will appear again.
    8. Type "chmod +x EnableUnicastDotLocal" and press Return.
    9. Type "/usr/sbin/EnableUnicastDotLocal" and press Return.
    10. Type "cat /etc/resolver/local.1" and press Return. You should see "domain local" and the IP address of the server listed in the output, which will look similar to the following:
      domain.local

      search domainname.local

      nameserver 192.168.16.2

      search_order 2

    11. Press Control-D and quit the Terminal application.

Posted by Q at December 26, 2004 06:28 AM