[Samba] slowness in samba4 AD
L.P.H. van Belle
belle at bazuin.nl
Fri May 21 14:29:26 UTC 2021
Windows uses DNS "UPDATE" operations, specified in RFC 2136.
If the computer is an Active Directory member, it will authenticate the updates using GSS-TSIG
(specified in RFC 3645 and MS-GSSA).
Updates sent by standalone systems are unauthenticated.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Allen Chen via samba
> Verzonden: vrijdag 21 mei 2021 16:01
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] slowness in samba4 AD
>
>
> On 5/20/2021 8:29 AM, Marcos Ariel Negrini via samba wrote:
> > Hi Rowland:
> > Was something that was evaluated, and in my case I agree
> with what you
> > comment; I'm going to bring it up again to see if we change that.
> >
> > I have a doubt when you say that windows clients can modify
> their dns
> > records; are you referring to the generation of the A record when a
> > computer joins the domain? or in some other situation a
> computer can
> > somehow modify dns information within the dc's?
> > In our case the A records are not generated automatically in the
> > domain join, is this because we are not doing the domain join using
> > the dns of the dc's directly?
> In my settings, windows PC points to company DNS server, and
> company DNS
> server forwards AD query to AD DC.
> When I move PC around(to different vlans with different IP
> address), the
> A record in AD DC gets updated within half a hour or so.
> When I join a PC to my domain, the A record gets added in AD
> DC immediately.
> I don't know how windows PC update the A record in DC: does it go
> through company DNS or go to AD DC directly? (I am using Samba 4.8.12)
>
> Allen
>
> > Regards
> >
> > Translated with www.DeepL.com/Translator (free version)
> >
> > El 19/05/2021 a las 16:56, Rowland penny via samba escribió:
> >> I wouldn't do that, I would get your network dns to forward all AD
> >> domain requests to the DC's, that way you reduce dns
> traffic to the
> >> DC's (no external dns requests get to them) and all the
> required AD
> >> records are available. There is also the question of the Windows
> >> clients updating their own records, if they are on your
> network dns,
> >> then they will probably not be in AD.
> >>
> >> Rowland
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list