I apologize for the extraordinarily late reply, but I am both slow
reading the lists and have had an open issue with Apple about this and
just reached resolution on the DNS portion today. I hated to reply
before I really knew what was going on.
The short answer is yes, reverse DNS is a huge issue. Continue reading
for the saga version.
The original ticket I opened with Apple was due to ridiculously slow
logins. Part of this was tracked down to poor disk maintenance, but
when we got that resolved my SE told me that logins were still too slow
for his taste. At that time we were at about 20 seconds from the login
button to dock. (That timing is with one computer logging into a G5
Tower server.)
Our DNS setup has been done through Active Directory, with a Windows
2000 DHCP server in the school district. Because of the dynamic DNS
nature of Active Directory, there was no way to appropriately issue
reverse DNS for the Macs, and DDNS updates for the Macs didn't look
likely without OS X Kerberized client authentication to the AD. We
attempted to isolate a portion of one network to test the theory, but
this reverse issue you mention, Michael, was the one that we couldn't
separate out.
A couple weeks back, our DHCP server had an unfortunate demise and we
moved it to a Windows 2003 Server, which has the option of updating
client DNS information regardless of client request. Suddenly, my OS X
machines with standard DNS info in the computer name (no spaces,
apostrophes, or other special characters from the DNS perspective)
started to automatically update. Any computer without such a name
remained unresolved.
The first opportunity I had to sit down and change all the computers
over was this morning. After doing that, my login button to dock time
is now in the 10-12 second range. Not all DHCP-DNS updates are
occurring yet due to the renewal of DHCP leases, but immediately login
times have been cut in half. My Apple SE wants to see 2-5 second times
instead, but I'm going to be happy with this as I have been fighting
the issue since September. We'll see if Tiger changes this at all, but
it will mostly be about playing nicer with others, not reducing the
dependence on DNS with whatever changes do happen.
HTH!
--
Gary Needham, Apple Systems Analyst
Kearney Public Schools, Kearney, NE
On Jan 31, 2005, at 10:07 AM, Perbix, Michael wrote:
I am becoming more of the mindset that proper Reverse DNS setup is
extremely important for Macintosh deployment on may levels, as well as
any non-Microsoft technology. I am also under the mindset that reverse
DNS is important in some aspects of Microsoft networking technologies,
but that also other Microsoft networking protocols may buffer you if
you
do not have Reverse DNS set up correctly.
Please tell me if I am on the right track with this thought...also, if
anyone can give me an indication as to WHAT on OSX directly relies on
proper Reverse DNS....
For instance, I know that AD requires Domain Controllers to have proper
Reverse DNS setup and such...I now know that ARD relies heavily on
proper Reverse DNS to look up machines and such, I have read about this
over the weekend in the ARD forums at Apple. Most of the problems we
have with ARD have been noted in the forums with one resounding
resolution...proper Reverse DNS.
So, with that in mind, can anyone else give me any ideas as to what
else
(Windows too if known) is flakey when proper Reverse DNS is not set up?
Thank you for your input.
FYI, I set up Reverse DNS zones for my student machine subnets, and ARD
seems to be responding quite well now, it starts up faster, and
computer
lists seem to behave. I am still in the testing phase though.
