[Samba] Fwd: Re: samba4 binddlz performance

Amitay Isaacs amitay at gmail.com
Sun Dec 9 18:21:44 MST 2012 

Hi Thomas,

On Tue, Dec 4, 2012 at 6:18 AM, Thomas Manninger <DBGTMaster at gmx.at> wrote:

>
> -------- Original-Nachricht --------
> > Datum: Fri, 23 Nov 2012 14:32:31 -0800
> > Von: Matthieu Patou <mat at samba.org>
> > An: samba at lists.samba.org
> > Betreff: Re: [Samba] samba4 binddlz performance
>
> > On 11/19/2012 07:11 AM, Thomas Manninger wrote:
> > > Hello,
> > >
> > > i am using samba4rc2.
> > >
> > > I have problems with the bind9 dlz module, i get very long response
> > times from interal queries.
> > >
> > > root at s-srv01:~# dig s-srv04.test.local @192.168.0.4
> > >
> > > ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4
> > > ;; global options: +cmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478
> > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> > >
> > > ;; QUESTION SECTION:
> > > ;s-srv04.test.local.         IN      A
> > >
> > > ;; ANSWER SECTION:
> > > s-srv04.test.local.  900     IN      A       192.168.0.4
> > >
> > > ;; AUTHORITY SECTION:
> > > test.local.           900     IN      NS      s-srv01.test.local.
> > > test.local.           900     IN      NS      s-srv04.test.local.
> > >
> > > ;; ADDITIONAL SECTION:
> > > s-srv01.test.local.  900     IN      A       192.168.0.1
> > >
> > > ;; Query time: 1239 msec
> > > ;; SERVER: 192.168.0.4#53(192.168.0.4)
> > > ;; WHEN: Mon Nov 19 16:07:59 2012
> > > ;; MSG SIZE  rcvd: 108
> > .local is normally used for mdns (see.
> > http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with
> > another kind of tld (ie. use domain test.corp).
> > > external queries are a little bit faster:
> > >
> > > root at s-srv01:~# dig google.com @192.168.0.4
> > >
> > > ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4
> > > ;; global options: +cmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403
> > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6
> > >
> > > ;; QUESTION SECTION:
> > > ;google.com.                    IN      A
> > >
> > > ;; ANSWER SECTION:
> > > google.com.             300     IN      A       173.194.35.135
> > > google.com.             300     IN      A       173.194.35.136
> > > google.com.             300     IN      A       173.194.35.137
> > > google.com.             300     IN      A       173.194.35.142
> > > google.com.             300     IN      A       173.194.35.128
> > > google.com.             300     IN      A       173.194.35.129
> > > google.com.             300     IN      A       173.194.35.130
> > > google.com.             300     IN      A       173.194.35.131
> > > google.com.             300     IN      A       173.194.35.132
> > > google.com.             300     IN      A       173.194.35.133
> > > google.com.             300     IN      A       173.194.35.134
> > >
> > > ;; AUTHORITY SECTION:
> > > .                       45846   IN      NS      a.root-servers.net.
> > > .                       45846   IN      NS      c.root-servers.net.
> > > .                       45846   IN      NS      b.root-servers.net.
> > > .                       45846   IN      NS      g.root-servers.net.
> > > .                       45846   IN      NS      f.root-servers.net.
> > > .                       45846   IN      NS      j.root-servers.net.
> > > .                       45846   IN      NS      e.root-servers.net.
> > > .                       45846   IN      NS      i.root-servers.net.
> > > .                       45846   IN      NS      l.root-servers.net.
> > > .                       45846   IN      NS      k.root-servers.net.
> > > .                       45846   IN      NS      h.root-servers.net.
> > > .                       45846   IN      NS      d.root-servers.net.
> > > .                       45846   IN      NS      m.root-servers.net.
> > >
> > > ;; ADDITIONAL SECTION:
> > > a.root-servers.net.     45846   IN      A       198.41.0.4
> > > b.root-servers.net.     45846   IN      A       192.228.79.201
> > > c.root-servers.net.     45846   IN      A       192.33.4.12
> > > d.root-servers.net.     45846   IN      A       128.8.10.90
> > > e.root-servers.net.     45846   IN      A       192.203.230.10
> > > f.root-servers.net.     45846   IN      A       192.5.5.241
> > >
> > > ;; Query time: 281 msec
> > > ;; SERVER: 192.168.0.4#53(192.168.0.4)
> > > ;; WHEN: Mon Nov 19 16:09:06 2012
> > > ;; MSG SIZE  rcvd: 511
> > >
> > >
> > > When i change to the samba4 internal dns server, i get response time
> > about ~1-2ms.
> > >
> > > But why is the bind dlz modul so slooow..?
> > you can use kcachegrind to trace bind in foreground mode in order to see
> > where the time is spent.
> >
> > Matthieu.
> >
> > --
> > Matthieu Patou
> > Samba Team
> > http://samba.org
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
> Startup time of bind is also very slow:
>
> Dec  3 20:10:06 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
> Dec  3 20:10:10 srv named[20349]: samba_dlz: configured writeable zone
> '110.168.192.in-addr.arpa'
> Dec  3 20:10:10 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
> Dec  3 20:10:14 srv named[20349]: samba_dlz: configured writeable zone
> '111.168.192.in-addr.arpa'
> Dec  3 20:10:14 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
> Dec  3 20:10:18 srv named[20349]: samba_dlz: configured writeable zone
> '112.168.192.in-addr.arpa'
> Dec  3 20:10:18 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
> Dec  3 20:10:22 srv named[20349]: samba_dlz: configured writeable zone
> '113.168.192.in-addr.arpa'
> Dec  3 20:10:22 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
> Dec  3 20:10:26 srv named[20349]: samba_dlz: configured writeable zone
> '114.168.192.in-addr.arpa'
> Dec  3 20:10:26 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
> Dec  3 20:10:31 srv named[20349]: samba_dlz: configured writeable zone
> '115.168.192.in-addr.arpa'
> Dec  3 20:10:31 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
> Dec  3 20:10:35 srv named[20349]: samba_dlz: configured writeable zone
> '116.168.192.in-addr.arpa'
> Dec  3 20:10:35 srv named[20349]: samba_dlz: trying container
> 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
>
>
> Which ldap filter and base is used, to find a zone or a host entry by a
> query??
> So i can check with ldapsearch, if the result is also so slow.
>
> Thanks!
>

To find all the zones, DLZ uses following query:

  ldbsearch -H /var/lib/samba/private/dns/sam.ldb -s sub \
        -b 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern'
"objectclass=dnsZone"

And each individual record is searched using following query:

  ldbsearch -H /var/lib/samba/private/dns/sam.ldb -s base \
        -b
'DC=s-srv04,DC=test.local,CN=MicrosoftDNS,CN=System,DC=test,DC=intern"
"objectclass=dnsNode"

Would it possible to compare the above query with the following query and
report the times?

  ldbsearch -H /var/lib/samba/private/dns/sam.ldb -s one \
        -b 'DC=test.local,CN=MicrosoftDNS,CN=System,DC=test,DC=intern"
"(&(objectclass=dnsNode)(name=s-srv04))"

Amitay.

More information about the samba mailing list