[Samba] Samba Bind DLZ Slow queries

[Rowland penny]

On 28/02/2020 08:46, Eben Victor via samba wrote:
> Hello All,
>
> I hope you can assist me,
> I'm running Bind DLZ with our Samba AD DC environment
>
> Is there anything I might be missing in my named config?
Well, yes and then again, no ;-)
> See below bind config,
> # cat /etc/named.conf
> # Global Configuration Options
>
>      statistics-channels {
>          inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
>      };
>
>          include "/var/lib/samba/bind-dns/named.conf";
>
> options {
>
>      version "";
>      dump-file   "/var/named/data/cache_dump.db";
>      statistics-file "/var/named/data/named_stats.txt";
>      memstatistics-file "/var/named/data/named_mem_stats.txt";
>      auth-nxdomain yes;
>      directory "/var/named";
>      notify no;
>      empty-zones-enable no;
>      tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
>      minimal-responses yes;
>
>      dnssec-validation no;
>      dnssec-enable no;
>      dnssec-lookaside no;
>
>      listen-on port 53 { <Server IP>; 127.0.0.1; };
>
>      # IP addresses and network ranges allowed to query the DNS server:
>      allow-query { any; };
>
>      # IP addresses and network ranges allowed to run recursive queries:
>      # (Zones not served by this DNS server)
>      allow-recursion { any; };
>
>      # Forward queries that can not be answered from own zones
>      # to these DNS servers:
>      forwarders {
>          DC1;
>          DC2;
>          DC3;
>          DC4;
>          DC5;
>      };
>   };

OK, i have removed lines from 'options' that you do not need ;-)

The one thing I haven't changed and you definitely need to, are the 
forwarders, you cannot forward to another DC. you need to forward to DNS 
servers outside your AD dns domain, Googles for example.

Everything else in named.conf is okay

It may help if you also post your smb.conf file.

Rowland