I had a very annoying problem with a Mac in an Active Directory domain. It's not completely solved but it's much better...
What you may wonder?
Well my Mac at work would hang for long periods of time any time I needed to authenticate like at the logon screen or to unlock a the screen saver or connect to a network share.
An important part of the problem is the domain is something.local so my mac is mac.something.local and the domain controller is dc.something.local.
I couldn't solve the problem completely but I do have a fairly satisfying workaround which could be fleshed out into a full fledged workaround.
Basically the mac when querying for dc.something.local would use mDNS and should to the subnet rather than asking the DNS server specified by DHCP.
In wireshark I'd see something like this.
Mac -> mDNS: Give me the A and AAAA record for dc.something.local
Mac -> correct DNS server: Give me the AAAA record for dc.something.local
DNS server -> Mac: No AAAA record for dc.something.local
wait....
timeout....
fail.
So Snow Leopard is being dumb and despite ipv6 being disabled and being given a DNS server to ask via DHCP, it's asking the wrong questions to the wrong places.
Solution? None found.
Workaround? Yes! I have a Linux server on the network and it happens to be running some old version of Fedora (these instruction should work on newer Fedora's and CentOS and RHEL's of the world) and the service called avahi-daemon installed.
That program talks mDNS and and reply. In a file called hosts in /etc/avahi I put in the following gems.
::ffff:0:192.168.1.2 dc.something.local
::ffff:0:192.168.1.100 mac.something.local
192.168.1.2 dc.something.local
192.168.1.100 mac.something.local
That has the nice effect of causing the mDNS requests to timeout immediately because it gets a reply to the AAAA request (it doesn't seem to matter that the ipv6 address isn't accessible because again I turned off ipv6). Also, it gets the ip4 address immediately and it can also resolve itself. (oh my mac is has a reserved ip in DHCP so this works for me) I can even get my Kerberos tickets nearly instantly.
I have another file server though and connections take a day and a half too... or at least they did.
I just added
::ffff:0:192.168.1.3 filesrv.something.local
192.168.1.3 filesrv.something.local
And boom, fast connection times.
Wishlist for the internet time. I would really like someone to write a program that would listen to for mDNS requests in a given something.local domain and query the answer via the normal unicast DNS server and then reply over mDNS with the real answer and the fake ipv6 answer so it will work for any given host on my network. Bonus points if it's safe enough to run right on the DNS server (which in this case is the Windows Domain Controller) so I don't need a third party to the DNS conversations.
