[Samba] Samba Bind DLZ Slow queries

Andrew Bartlett abartlet at samba.org
Fri Feb 28 19:02:10 UTC 2020


On Fri, 2020-02-28 at 10:46 +0200, Eben Victor via samba wrote:
> Hello All,
> 
> I hope you can assist me,
> I'm running Bind DLZ with our Samba AD DC environment
> 
> Bind: BIND 9.11.4-P2-RedHat-9.11.4-9.P2.el7 (Extended Support Version)
> Samba: Version 4.11.6-SerNet-RedHat-9.el7
> OS: Red Hat Enterprise Linux Server release 7.7 (Maipo)
> 
> My DNS queries seems to be hanging intermittently, taking anything from
> 1sec - 15sec or even timing out.
> 
> I'm been monitoring the IPv4 requests and peaking at 1800 req/s and my
> success requests are sitting at 60req/s.
> 
> Is there anything I might be missing in my named config?

> I have about 5000+ devices in my domain.

Thanks.  This is a known issue.  What we suggest is that you run two
BIND servers, one as the main caching forwarder to the internet, and
another on Samba (or run internal DNS on Samba).  Point your Samba
zones to Samba using a zone of type "forward" on your caching bind
server.

The issue is that bind9 is checking if Samba hosts every single zone on
the internet, which bogs things down pretty badly.  BIND9 holds a
global lock on the sam.ldb and all the internal bind threads wait
behind this, even if they could be doing something else (talking to the
internet), they just wait rather than retry later.

I'm glad to hear you are already using minimal-responses, that will
also make a difference.

I hope this helps.  We debugged exactly this issue for a number of our
clients and this is what worked for them.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba





More information about the samba mailing list