[Samba] AD DLZ backend - 'proper' way of doing it

L.P.H. van Belle belle at bazuin.nl
Fri Jun 28 12:53:41 UTC 2019 

All i can say is, yes, i did notice these slow downs also. 
And after, the change between 4.5-4.8 to 4.9-4.10 is really noticable. 
Even my users noticed this. 

But these days nobody complains anymore, so thats good and i made sure my 3 multi homed servers, 
Query to the server there its needed. 
Like this : 
(lan dns) <-> ETH0    server ETH0 <-> Internet DNS
  (<- forwarded zones) 	    (all other requests ->) 

That helps also reducing my queries to the AD-DC dns a lot. 

One reason why you DNS setup is so important. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: vrijdag 28 juni 2019 14:33
> Aan: sambalist
> Onderwerp: Re: [Samba] AD DLZ backend - 'proper' way of doing it
> 
> On 28/06/2019 12:48, Jonathon Reinhart wrote:
> > Hi Rowland,
> >
> > On Fri, Jun 28, 2019, 04:55 Rowland penny via samba 
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >
> >     You should be doing it the other way around. Your AD clients
> >     should be
> >     using the AD DC's as their nameservers and anything 
> outside the AD
> >     dns
> >     domain should be forwarded to an external DNS server.
> >
> >
> > On this wiki page [1] it says:
> >
> > > For high traffic environments, it is not recommended to use 
> > BIND9_DLZ-backed samba as a primary DNS server. Instead, use an 
> > external server that only forwards queries to 
> BIND9_DLZ-backed samba 
> > DNS installations when the query is addressed to a zone managed by 
> > that node.
> >
> > ...which seems to conflict.
> 
> Yes it does, it seems to have been added by one of Catalyst's 
> engineers 
> back in August 2018 and is one of those statements that asks more 
> questions than it answers. Just what is 'high traffic' ? Is it 100 
> queries a minute, 1000, 10000 or what, or does it depend on number of 
> users, computers etc. All I can say is that it has never affected 
> myself, but then I doubt if I fall into the 'high traffic' usage. ;-)
> 
> I would use the dns server on the DC (internal or Bind9) and 
> monitor it, 
> if you find that bottlenecks occur you could then do what 
> that statement 
> says, use an external dns server.
> 
> It would be nice if the Catalyst guy would update his 
> statement and tell us how to use an external dns server ;-)

More information about the samba mailing list