Very Computer

We've noticed an unusual behavior with our Solaris boxes (various versions,
mostly Solaris 8).  Anytime we x-windows to one of them or open a session to
one of them via a NT box (for those unix servers running Samba, etc)...

...the unix box first does a reverse DNS lookup against the incoming IP
address.  If the reverse lookup fails, then the session fails (or more
accurately...never starts).

Is there any way to stop this behavior?  We do not want/need to put every
workstation in the reverse zone!

Please advise.

TIA
Daniel

This sounds like a TCP Wrappers option that you can disable.

Quote:>Is there any way to stop this behavior?  We do not want/need to put every
>workstation in the reverse zone!

Why not?  Just create names like pc01, pc02, pc03, etc.

--

Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

You may not want to, but you -need- to do that.  Or re-write your
applications which do the reverse lookup.

I believe you can fix this by add an entry in the /ect/hosts file.

Quote:> We've noticed an unusual behavior with our Solaris boxes (various
versions,
> mostly Solaris 8).  Anytime we x-windows to one of them or open a session
to
> one of them via a NT box (for those unix servers running Samba, etc)...

> ...the unix box first does a reverse DNS lookup against the incoming IP
> address.  If the reverse lookup fails, then the session fails (or more
> accurately...never starts).

> Is there any way to stop this behavior?  We do not want/need to put every
> workstation in the reverse zone!

> Please advise.

> TIA
> Daniel

On every one of the UNIX machines.  Whereas a -one- time entry in the DNS
zone file will fix the problem for -all- of those machines.

This can happen from tcpwrappers, as suggested above, but also happens
whenever you start a login shell because solaris logs the source machine
name and is trying to look it up. The session should eventually start but
it needs the DNS lookup to fail (a few times IIRC) before the session
starts and the wait is so long that the application making the connection
times out first.

At least that is the experience I've had with ssh. It works, but takes a
long time to get a login when connecting from another UNIX system but
windows systems timeout.

You pretty much have to have the reverse DNS entries in your DNS server (or
a hosts file). I haven't found any other way around it.

--
due to a significant increase in scams being sent to my e-mail address, I am
no longer makinging it available for direct replies.

I also experience this as well ... ssh, telnet, CVS ... etc.
The quick workaround for me was to remove the default gateway from the
network interface. After that, ssh, telnet, and CVS was quick.

hmm.  I appreciate all of the replies.  We'll do some testing and see what
sort of work-around we can find.  Putting entries in hosts files isn't an
option.  Period.  We're an enterprise, and we're talking 10,000+
workstations.  Not to mention that many/most of those workstations are DHCP,
so their IP is going to change periodically.  It's completely unreasonable
and unmanageable to maintain a hosts file for those stations.

But I hear what all of you are saying.  We'll see what we can brute-force,
and we may need to just come up with a completely new solution.

Thanks again.

Quote:> We've noticed an unusual behavior with our Solaris boxes (various
versions,
> mostly Solaris 8).  Anytime we x-windows to one of them or open a session
to
> one of them via a NT box (for those unix servers running Samba, etc)...

> ...the unix box first does a reverse DNS lookup against the incoming IP
> address.  If the reverse lookup fails, then the session fails (or more
> accurately...never starts).

> Is there any way to stop this behavior?  We do not want/need to put every
> workstation in the reverse zone!

> Please advise.

> TIA
> Daniel

10,000+ hand written labels is certainly a big deal.
But 10,000+ entries in a zone file is trivial to script.
Period.

John

It doesn't even need to be scripted.  BIND supports a $GENERATE directive
that automatically creates a numerical sequence of records that follows a
pattern:

$GENERATE 1-100 host$ IN A 192.168.1.$

--

Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.