I have a MacBook Pro Early 2011 running Lion 10.7.4 (11E53)
I have installed an SSD instead of the optical drive, and encrypted both hard drives with FileVault2.
For some time now I noticed I can't access the apple.com servers, not even in Safari/Chrome/Firefox.
If I try to ping www.apple.com
it doesn't find the host, but when I do a dig apple.com
I get the informations.
It's very very strange, any ideas?
In the meantime I booted to recovery with cmd-R and reinstalled Lion but to no avail. Strangely though, in recovery there are no problems accessing the apple servers, because the Lion image was downloaded on the fly..
Later edit, results from dig apple.com any
and ping www.apple.com
➜ ~ dig apple.com any
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.7.3-P3 <<>> apple.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53874
;; flags: qr rd ra; QUERY: 1, ANSWER: 24, AUTHORITY: 6, ADDITIONAL: 6
;; QUESTION SECTION:
;apple.com. IN ANY
;; ANSWER SECTION:
apple.com. 3542 IN TXT "v=spf1 ip4:17.0.0.0/8 ~all"
apple.com. 86342 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010076647 1800 900 2016000 86500
apple.com. 86342 IN NAPTR 50 50 "se" "SIPS+D2T" "" _sips._tcp.apple.com.
apple.com. 86342 IN NAPTR 90 50 "se" "SIP+D2T" "" _sip._tcp.apple.com.
apple.com. 86342 IN NAPTR 100 50 "se" "SIP+D2U" "" _sip._udp.apple.com.
apple.com. 3542 IN MX 10 mail-in11.apple.com.
apple.com. 3542 IN MX 10 mail-in12.apple.com.
apple.com. 3542 IN MX 10 mail-in13.apple.com.
apple.com. 3542 IN MX 10 mail-in14.apple.com.
apple.com. 3542 IN MX 10 mail-in15.apple.com.
apple.com. 3542 IN MX 20 mail-in21.apple.com.
apple.com. 3542 IN MX 20 mail-in22.apple.com.
apple.com. 3542 IN MX 20 mail-in23.apple.com.
apple.com. 3542 IN MX 20 mail-in24.apple.com.
apple.com. 3542 IN MX 20 mail-in25.apple.com.
apple.com. 3542 IN MX 100 mail-in3.apple.com.
apple.com. 1731 IN A 17.149.160.49
apple.com. 1731 IN A 17.172.224.47
apple.com. 86342 IN NS nserver.asia.apple.com.
apple.com. 86342 IN NS nserver.euro.apple.com.
apple.com. 86342 IN NS nserver.apple.com.
apple.com. 86342 IN NS nserver3.apple.com.
apple.com. 86342 IN NS nserver2.apple.com.
apple.com. 86342 IN NS nserver4.apple.com.
;; AUTHORITY SECTION:
apple.com. 86342 IN NS nserver3.apple.com.
apple.com. 86342 IN NS nserver.apple.com.
apple.com. 86342 IN NS nserver2.apple.com.
apple.com. 86342 IN NS nserver.asia.apple.com.
apple.com. 86342 IN NS nserver.euro.apple.com.
apple.com. 86342 IN NS nserver4.apple.com.
;; ADDITIONAL SECTION:
nserver.asia.apple.com. 85475 IN A 17.82.254.3
nserver.euro.apple.com. 85475 IN A 17.72.133.64
nserver.apple.com. 85475 IN A 17.254.0.50
nserver2.apple.com. 85475 IN A 17.254.0.59
nserver3.apple.com. 85475 IN A 17.112.144.50
nserver4.apple.com. 85475 IN A 17.112.144.59
;; Query time: 5 msec
;; SERVER: 213.154.124.221#53(213.154.124.221)
;; WHEN: Tue Jun 19 08:08:40 2012
;; MSG SIZE rcvd: 918
And the ping:
➜ ~ ping -c 1 www.apple.com
ping: cannot resolve www.apple.com: Unknown host
➜ ~ ping -c 1 apple.com
ping: cannot resolve apple.com: Unknown host
Best Answer
Given that you've already checked your DNS and
/etc/hosts
and flushed the DNS cache usingit is quite possible you have malware on your machine. You have re-installed Lion which should take care of any file corruption issues, but may not remove malware if you recovered your user files from a backup. Double-check your network settings to ensure you are not using any proxies, but other than that, malware seems the most likely culprit.dscacheutil -flushcache
EDIT: It seems
dscacheutil -flushcache
no longer works to flush the DNS cache. Before we flush the cache the new way, let's take a look at it. Run:and then look at the system.log file. You can view it in the Console app under Files or you can view it in the terminal with
less /var/log/system.log
. Either way, mDNSResponder dumps a lot of information into the system.log as a result of that command, which should help pinpoint the problem. Search for "apple.com" in the results and see what you come up with. Then tryto actually flush the cache and try
ping www.apple.com
again.You have tried
dig www.apple.com
which correctly resolved to e3191.c.akamaiedge.net which is a CDN domain that will have different IP addresses depending on where you connect to the internet. Trynslookup www.apple.com
and you should get the same thing, e.g.So you should be able to ping www.apple.com, e3191.c.akamaiedge.net, and 23.11.77.15 (or whatever IP address you get from
dig
). (While it is true that many servers do not respond to ping requests, this server does respond and your problem isn't that you cannot get a response anyway, it's that you cannot resolve the domain name.) If you can ping some but not all, then you probably have a malware problem.There were a bunch of trojans circulating as video codecs that messed with DNS. I suggest getting a reputable malware scanner and checking your system.