[Samba] samba4 binddlz performance

Matthieu Patou mat at samba.org
Sun Dec 9 03:06:13 MST 2012 

On 12/04/2012 01:00 AM, Thomas Manninger wrote:
> Hello,
>
> now i see thats this query needs about ~3 seconds, is this ok?
Of course not !
> ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=test.local,CN=MicrosoftDNS,CN=System,dc=test,dc=local dc=master;
>
> i have about ~70000 entries in the ad (users, group, dns,...).
But what you specify shed some light on why is it like this, we haven't 
tested too much samba is a large number of records and given the current 
architecture I'm not too surprised.
Is the container 
DC=test.local,CN=MicrosoftDNS,CN=System,dc=test,dc=local dc=master 
really present on your system ?
If so it means that you upgraded from a Windows where the database is 
still stored in the legacy container.


Are you ok to migrate to the DNS partitions ?

Matthieu.

> -------- Original-Nachricht --------
>> Datum: Fri, 23 Nov 2012 14:32:31 -0800
>> Von: Matthieu Patou <mat at samba.org>
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] samba4 binddlz performance
>> On 11/19/2012 07:11 AM, Thomas Manninger wrote:
>>> Hello,
>>>
>>> i am using samba4rc2.
>>>
>>> I have problems with the bind9 dlz module, i get very long response
>> times from interal queries.
>>> root at s-srv01:~# dig s-srv04.test.local @192.168.0.4
>>>
>>> ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478
>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
>>>
>>> ;; QUESTION SECTION:
>>> ;s-srv04.test.local.         IN      A
>>>
>>> ;; ANSWER SECTION:
>>> s-srv04.test.local.  900     IN      A       192.168.0.4
>>>
>>> ;; AUTHORITY SECTION:
>>> test.local.           900     IN      NS      s-srv01.test.local.
>>> test.local.           900     IN      NS      s-srv04.test.local.
>>>
>>> ;; ADDITIONAL SECTION:
>>> s-srv01.test.local.  900     IN      A       192.168.0.1
>>>
>>> ;; Query time: 1239 msec
>>> ;; SERVER: 192.168.0.4#53(192.168.0.4)
>>> ;; WHEN: Mon Nov 19 16:07:59 2012
>>> ;; MSG SIZE  rcvd: 108
>> .local is normally used for mdns (see.
>> http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with
>> another kind of tld (ie. use domain test.corp).
>>> external queries are a little bit faster:
>>>
>>> root at s-srv01:~# dig google.com @192.168.0.4
>>>
>>> ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403
>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6
>>>
>>> ;; QUESTION SECTION:
>>> ;google.com.                    IN      A
>>>
>>> ;; ANSWER SECTION:
>>> google.com.             300     IN      A       173.194.35.135
>>> google.com.             300     IN      A       173.194.35.136
>>> google.com.             300     IN      A       173.194.35.137
>>> google.com.             300     IN      A       173.194.35.142
>>> google.com.             300     IN      A       173.194.35.128
>>> google.com.             300     IN      A       173.194.35.129
>>> google.com.             300     IN      A       173.194.35.130
>>> google.com.             300     IN      A       173.194.35.131
>>> google.com.             300     IN      A       173.194.35.132
>>> google.com.             300     IN      A       173.194.35.133
>>> google.com.             300     IN      A       173.194.35.134
>>>
>>> ;; AUTHORITY SECTION:
>>> .                       45846   IN      NS      a.root-servers.net.
>>> .                       45846   IN      NS      c.root-servers.net.
>>> .                       45846   IN      NS      b.root-servers.net.
>>> .                       45846   IN      NS      g.root-servers.net.
>>> .                       45846   IN      NS      f.root-servers.net.
>>> .                       45846   IN      NS      j.root-servers.net.
>>> .                       45846   IN      NS      e.root-servers.net.
>>> .                       45846   IN      NS      i.root-servers.net.
>>> .                       45846   IN      NS      l.root-servers.net.
>>> .                       45846   IN      NS      k.root-servers.net.
>>> .                       45846   IN      NS      h.root-servers.net.
>>> .                       45846   IN      NS      d.root-servers.net.
>>> .                       45846   IN      NS      m.root-servers.net.
>>>
>>> ;; ADDITIONAL SECTION:
>>> a.root-servers.net.     45846   IN      A       198.41.0.4
>>> b.root-servers.net.     45846   IN      A       192.228.79.201
>>> c.root-servers.net.     45846   IN      A       192.33.4.12
>>> d.root-servers.net.     45846   IN      A       128.8.10.90
>>> e.root-servers.net.     45846   IN      A       192.203.230.10
>>> f.root-servers.net.     45846   IN      A       192.5.5.241
>>>
>>> ;; Query time: 281 msec
>>> ;; SERVER: 192.168.0.4#53(192.168.0.4)
>>> ;; WHEN: Mon Nov 19 16:09:06 2012
>>> ;; MSG SIZE  rcvd: 511
>>>
>>>
>>> When i change to the samba4 internal dns server, i get response time
>> about ~1-2ms.
>>> But why is the bind dlz modul so slooow..?
>> you can use kcachegrind to trace bind in foreground mode in order to see
>> where the time is spent.
>>
>> Matthieu.
>>
>> -- 
>> Matthieu Patou
>> Samba Team
>> http://samba.org
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba


-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba-technical mailing list