[Samba] Samba Bind DLZ Slow queries

Eben Victor eben.victor at gmail.com
Fri Feb 28 08:46:35 UTC 2020 

Hello All,

I hope you can assist me,
I'm running Bind DLZ with our Samba AD DC environment

Bind: BIND 9.11.4-P2-RedHat-9.11.4-9.P2.el7 (Extended Support Version)
Samba: Version 4.11.6-SerNet-RedHat-9.el7
OS: Red Hat Enterprise Linux Server release 7.7 (Maipo)

My DNS queries seems to be hanging intermittently, taking anything from
1sec - 15sec or even timing out.

I'm been monitoring the IPv4 requests and peaking at 1800 req/s and my
success requests are sitting at 60req/s.

Is there anything I might be missing in my named config?

I have about 5000+ devices in my domain.

See below bind config,
# cat /etc/named.conf
# Global Configuration Options

    statistics-channels {
        inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
    };

        include "/var/lib/samba/bind-dns/named.conf";

options {

    version "";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    auth-nxdomain yes;
    directory "/var/named";
    notify no;
    empty-zones-enable no;
    tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
    minimal-responses yes;

    dnssec-validation no;
    dnssec-enable no;
    dnssec-lookaside no;

    listen-on port 53 { <Server IP>; 127.0.0.1; };

    recursive-clients 4000;
    tcp-clients 400;
    clients-per-query 30;
    max-clients-per-query 50;

    # IP addresses and network ranges allowed to query the DNS server:
    allow-query { any; };

    allow-query-cache { any; };

    # IP addresses and network ranges allowed to run recursive queries:
    # (Zones not served by this DNS server)
    recursion yes;
    allow-recursion { any; };

    # Forward queries that can not be answered from own zones
    # to these DNS servers:
    forwarders {
        DC1;
        DC2;
        DC3;
        DC4;
        DC5;
    };

    # Disable zone transfers
    allow-transfer {
        127.0.0.1;
    };
 };

# Root Servers
# (Required for recursive DNS queries)
zone "." {
   type hint;
   file "named.root";
};

# localhost zone
zone "localhost" {
    type master;
    file "master/localhost.zone";
};

# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
    type master;
    file "master/0.0.127.zone";
};

-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor at gmail.com

More information about the samba mailing list