Guidelines about fixing bugs

Matthieu Patou mat at
Wed Feb 1 09:18:17 UTC 2017

Hello All,

We have been witnessing some issues related to the way Winbindd do DNS
lookups of DC for various services (ldap, kdc, ...)

It mainly boils down to this bug:, that is to say DNS
resolution of names from the SRV records are done in a sequential way;
when there is a combination of slow DNS server and huge network of DC
the resolution can take so long (and is made worse by other bugs) that
clients timeout.

While looking at this issue I've found a couple of in-efficiencies like, where the refresh_usn
function would be called multiple time in parallel, or, where the get_dc_name
is called twice almost back to back, given the fact that this function
cause the SRV records for _kerberos to be looked up and the names to be
resolved it's basically doubling the time it takes to do refresh_usn
which is kind of a big deal when DNS is slow and DC is huge.

I'm not as familiar as Volker, Metze of Guenther with this part of the
code base so I would appreciate if one of you (or a bit more) could
chime in on the high level solution that proposed in those bugs so that
me or pradeep or ravindra are doing the work in the right direction.

While at it I have also one bug about net ads changetrustpw picking a
random DC rather on in the site
( and if there as well
I could have feedback it would be great.


Matthieu Patou
Samba Team

More information about the samba-technical mailing list