Samba and DNS

Roberto João Lopes Garcia roberto at
Mon Sep 11 12:42:54 GMT 2000

At 10:39 08/09/2000 +0200, Ahmed RAHAL wrote:
> >
> > I have half of a class C assigned to my network (/25 netmask
> > and the reverse (PTR) records must be
> > maintained on my ISP's side. (no one wants the 'hassle' of
> > working out a scheme to delegate the in-addr-arpa. to us for
> > half the block) As it stands I have only asked
> > them to include the server's PTR so that I can ftp, etc. from
> > sites if I need patches or whatever.
> >

I suggest you to isolate your internal network from the Internet and 
provide access to the Internet through a firewall.

You can manage your internal DNS, which may have no ralation with yor ISP, 
and let the firewall to take care of internet conections.

This is more secure. You can implement a firewall yourself using free 
software available our buy it. I recomned the book "Building Internet 
FIREWALLS" from O Reilly for more info.

> > This works fine as I don't really need to advertise my various
> > Winx clients to the outside world but I see this error quite a
> > bit in the log.smb:
> >
> > [2000/09/07 15:34:52, 1] lib/util_sock.c:client_name(852)
> >   Gethostbyaddr failed for
> > [2000/09/07 15:44:34, 1] lib/util_sock.c:client_name(852)
> >   Gethostbyaddr failed for
> > [2000/09/07 15:45:03, 1] lib/util_sock.c:client_name(852)
> >   Gethostbyaddr failed for
> > [2000/09/07 15:49:11, 1] lib/util_sock.c:client_name(852)
> >   Gethostbyaddr failed for
> >
> > Now, what I understand is that this is because the reverse lookup is
> > failing (there are no PTR records for these machines at the ISP by
> > choice). What I am wondering is if I am suffering any kind of
> > 'performance' hit due to these lookup attempts when connections
> > are made to samba shares by various machines?
>  I guess that this reverse DNS request must take some time,
>and maybe slow down the connection process.
>The easy way around this is to provide the Unix machine's /etc/hosts
>file with the IP adresses so the lookup process (reverse Lookup in here)
>should be ultraquick !
>Watch out : that the normal lookup process goes
>first through /etc/hosts and then through DNS,
>else lookup would not fail, but take some time anyway
>Resolution order can be set on any unix machine.
>Ahmed RAHAL
>Taranis Services S.A.

More information about the samba mailing list