[Samba] samba4 binddlz performance
Thomas Manninger
DBGTMaster at gmx.at
Mon Nov 19 08:47:55 MST 2012
And my named.conf:
options {
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
allow-query { any; };
allow-transfer { any; };
listen-on-v6 { any; };
};
dlz "samba4.zone" {
database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so {
/*
* update-policy {
* grant TEST.LOCAL ms-self * A AAAA;
* grant Administrator at TEST.LOCAL wildcard * A AAAA SRV CNAME;
* grant s-srv01$@TEST.local wildcard * A AAAA SRV CNAME;
* };
*/
/*
* the list of principals and what they can change is created
* dynamically by Samba, based on the membership of the domain controllers
* group. The provision just creates this file as an empty file.
*/
include /var/lib/samba/private/named.conf.update;
/* we need to use check-names ignore so _msdcs A records can be created */
check-names ignore;
};
";
};
syslog named startup:
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone '32.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone '0.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone '2.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone 'test.local'
Nov 19 16:01:50 s-srv01 named[27310]: set up managed keys zone for view _default, file 'managed-keys.bind'
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 0.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 127.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 254.169.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: D.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 8.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 9.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: A.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: B.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on 127.0.0.1#953
Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on ::1#953
Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loaded serial 0
Nov 19 16:01:50 s-srv01 named[27310]: running
-------- Original-Nachricht --------
> Datum: Mon, 19 Nov 2012 16:11:30 +0100
> Von: "Thomas Manninger" <DBGTMaster at gmx.at>
> An: samba at lists.samba.org
> Betreff: [Samba] samba4 binddlz performance
> Hello,
>
> i am using samba4rc2.
>
> I have problems with the bind9 dlz module, i get very long response times
> from interal queries.
>
> root at s-srv01:~# dig s-srv04.test.local @192.168.0.4
>
> ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;s-srv04.test.local. IN A
>
> ;; ANSWER SECTION:
> s-srv04.test.local. 900 IN A 192.168.0.4
>
> ;; AUTHORITY SECTION:
> test.local. 900 IN NS s-srv01.test.local.
> test.local. 900 IN NS s-srv04.test.local.
>
> ;; ADDITIONAL SECTION:
> s-srv01.test.local. 900 IN A 192.168.0.1
>
> ;; Query time: 1239 msec
> ;; SERVER: 192.168.0.4#53(192.168.0.4)
> ;; WHEN: Mon Nov 19 16:07:59 2012
> ;; MSG SIZE rcvd: 108
>
> external queries are a little bit faster:
>
> root at s-srv01:~# dig google.com @192.168.0.4
>
> ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6
>
> ;; QUESTION SECTION:
> ;google.com. IN A
>
> ;; ANSWER SECTION:
> google.com. 300 IN A 173.194.35.135
> google.com. 300 IN A 173.194.35.136
> google.com. 300 IN A 173.194.35.137
> google.com. 300 IN A 173.194.35.142
> google.com. 300 IN A 173.194.35.128
> google.com. 300 IN A 173.194.35.129
> google.com. 300 IN A 173.194.35.130
> google.com. 300 IN A 173.194.35.131
> google.com. 300 IN A 173.194.35.132
> google.com. 300 IN A 173.194.35.133
> google.com. 300 IN A 173.194.35.134
>
> ;; AUTHORITY SECTION:
> . 45846 IN NS a.root-servers.net.
> . 45846 IN NS c.root-servers.net.
> . 45846 IN NS b.root-servers.net.
> . 45846 IN NS g.root-servers.net.
> . 45846 IN NS f.root-servers.net.
> . 45846 IN NS j.root-servers.net.
> . 45846 IN NS e.root-servers.net.
> . 45846 IN NS i.root-servers.net.
> . 45846 IN NS l.root-servers.net.
> . 45846 IN NS k.root-servers.net.
> . 45846 IN NS h.root-servers.net.
> . 45846 IN NS d.root-servers.net.
> . 45846 IN NS m.root-servers.net.
>
> ;; ADDITIONAL SECTION:
> a.root-servers.net. 45846 IN A 198.41.0.4
> b.root-servers.net. 45846 IN A 192.228.79.201
> c.root-servers.net. 45846 IN A 192.33.4.12
> d.root-servers.net. 45846 IN A 128.8.10.90
> e.root-servers.net. 45846 IN A 192.203.230.10
> f.root-servers.net. 45846 IN A 192.5.5.241
>
> ;; Query time: 281 msec
> ;; SERVER: 192.168.0.4#53(192.168.0.4)
> ;; WHEN: Mon Nov 19 16:09:06 2012
> ;; MSG SIZE rcvd: 511
>
>
> When i change to the samba4 internal dns server, i get response time about
> ~1-2ms.
>
> But why is the bind dlz modul so slooow..?
>
> bind version is 9.8.0.
>
> What can i doo??
>
> Regards, Tom
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list