[Samba] Samba Bind DLZ Slow queries
L.P.H. van Belle
belle at bazuin.nl
Fri Feb 28 14:22:16 UTC 2020
Hai Eben (victor),
Great to hear that, you opened TCP 53 ?
edns tcp/53 packet size 4096.
dns udp/53 packet size 512
having that right helps a lot, but only that is often not enough.
This is why i add the options also to resolv.conf and bind.
test a bit, and see what works best for you.
Great weekend.
Greetz,
Louis
Van: Eben Victor [mailto:eben.victor at gmail.com]
Verzonden: vrijdag 28 februari 2020 14:47
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries
Thanks Louis,
I'll test as suggested.
I have to say, after the few changes made already, my DNS is running much smoother that before.
On Fri, Feb 28, 2020 at 1:22 PM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
So if this is done, is edns configure also ?
in resolv.conf add:
options edns0
and, name.conf test these.
// The forwarded zone to the AD-DC DNS use these also.
//dnssec-must-be-secure internal.domain.tld no;
//dnssec-must-be-secure 168.192.in-addr.arpa no;
// listen-on-v6 { ::1; }; // test what works best, if not all ipv6 is disabled also enable this one. just the responce.
listen-on-v6 { "none"; };
listen-on port 53 { 127.0.0.1; 192.168.xxx.xxx; };
version "Go Away 0.0.7"; // change bind version
allow-query { "thisserverip"; 127.0.0.1; ::1; "mynetworks"; };
allow-query-cache { "thisserverip"; 127.0.0.1; ::1; "mynetworks"; };
// make sure bind does not eat all the ram
max-cache-size 32M;
Van: Eben Victor [mailto:eben.victor at gmail.com]
Verzonden: vrijdag 28 februari 2020 12:10
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries
Thanks Louis, FW configured as below
53/tcp 88/tcp 135/tcp 139/tcp 389/tcp 445/tcp 464/tcp 636/tcp 3268/tcp 3269/tcp 49152-65535/tcp 123/udp 53/udp 88/udp 137/udp 138/udp 389/udp 464/udp 22/tcp
On Fri, Feb 28, 2020 at 12:36 PM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
Ow and i forgot..
If the server is firewalled, make sure you allow udp AND tcp on port 53.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: vrijdag 28 februari 2020 10:39
> Aan: sambalist
> Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries
>
> On 28/02/2020 09:21, Eben Victor wrote:
> > Thanks Rowland, I have removed from options, and amended
> the forwarders.
> >
> > [global]
> > workgroup = <MYDOMAIN>
> > realm = <MYDOMAIN>.CORP
> > netbios name = <HOSTNAME>
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > idmap config * : range = 3000-7999 ----------> If I
> remove the
> > portion I get errors -> idmap range not specified for domain '*'
> Yes, I know, remove the line and ignore the error, it is
> meaningless ;-)
> > Also see below resolv.conf
> >
> > search mydomain.corp otherdomain.corp otherdomain.net
> > <http://otherdomain.net> otherdomain.co.za
> <http://otherdomain.co.za>
> > mydomain.co.za <http://mydomain.co.za>
> Remove all domains except for the AD dns domain
> > nameserver DC2
> > nameserver DC3
> > nameserver DC1
> > nameserver DC5
> > nameserver DC6
> > nameserver DC4
> >
> The DC should use itself as its nameserver, whether you have other
> nameservers is debatable, if Samba crashes, do you want it contacting
> another DC ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Eben Victor
Cell: +27 82 759 5266
Email: eben.victor at gmail.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Eben Victor
Cell: +27 82 759 5266
Email: eben.victor at gmail.com
More information about the samba
mailing list