LDAP delay when connected DC goes down

[Meadows, Joe]

Hi Alex,

The DNS timeout is just a thought so I won't make too much more noise about it, but from what you've shown me here I don't think DNS is eliminated as a possible source of delays (I'm assuming that it's the .100 DC that goes away, leaving the .101 as backup).  Having the .100 server in /etc/resolv.conf will still lead to timeouts before the resolver moves on to try the .101 nameserver.  This should be easy to verify with the network trace.  

We have seen that an unreachable DNS server does make a big difference in ADS mode, there are a LOT of DNS requests and these small timeouts really add up.  In fact, in our installation we have actually gone to the point of adding a small script that is called by cron every five minutes.  The script simply walks through the list of nameservers in /etc/resolv.conf and tries to do a host command against each one.  If the command fails it's entry in resolv.conf is commented out (prepended with #), otherwise it is left alone.  On the next pass, if one of the DNS servers that had been commented out is found to be back online the '#' is removed and the server is again enabled.  Crude but effective, we found this script to be quite helpful in dealing with missing DNS servers.

Perhaps a simple experiment you can try.  After bringing down the first DC try removing its entry in /etc/resolv.conf and try to print.  Might be 'grasping at straws' here, but at least it's an easy test to try :).

Good luck and good weekend!

-Joe



>To exclude possible DNS timeouts for samba I configured the following:
>
>smb.conf
>======
>password server = 192.168.100.100, 192.168.100.101
>
>krb5.conf
>=======
>[libdefaults]
> default_realm = NH-HOTELES.COM
>
>[realms]
> NH-HOTELES.COM = {
>  kdc = 192.168.100.100:88
>  kdc = 192.168.100.101:88
> }

>resolv.conf
>========
>nameserver 192.168.100.100
>nameserver 192.168.100.101
>