[Samba] slowness in samba4 AD

L.P.H. van Belle belle at bazuin.nl
Fri May 21 14:29:26 UTC 2021 

Windows uses DNS "UPDATE" operations, specified in RFC 2136.
If the computer is an Active Directory member, it will authenticate the updates using GSS-TSIG 
(specified in RFC 3645 and MS-GSSA). 
Updates sent by standalone systems are unauthenticated.  

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Allen Chen via samba
> Verzonden: vrijdag 21 mei 2021 16:01
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] slowness in samba4 AD
> 
> 
> On 5/20/2021 8:29 AM, Marcos Ariel Negrini via samba wrote:
> > Hi Rowland:
> > Was something that was evaluated, and in my case I agree 
> with what you 
> > comment; I'm going to bring it up again to see if we change that.
> >
> > I have a doubt when you say that windows clients can modify 
> their dns 
> > records; are you referring to the generation of the A record when a 
> > computer joins the domain? or in some other situation a 
> computer can 
> > somehow modify dns information within the dc's?
> > In our case the A records are not generated automatically in the 
> > domain join, is this because we are not doing the domain join using 
> > the dns of the dc's directly?
> In my settings, windows PC points to company DNS server, and 
> company DNS 
> server forwards AD query to AD DC.
> When I move PC around(to different vlans with different IP 
> address), the 
> A record in AD DC gets updated within half a hour or so.
> When I join a PC to my domain, the A record gets added in AD 
> DC immediately.
> I don't know how windows PC update the A record in DC: does it go 
> through company DNS or go to AD DC directly? (I am using Samba 4.8.12)
> 
> Allen
> 
> > Regards
> >
> > Translated with www.DeepL.com/Translator (free version)
> >
> > El 19/05/2021 a las 16:56, Rowland penny via samba escribió:
> >> I wouldn't do that, I would get your network dns to forward all AD 
> >> domain requests to the DC's, that way you reduce dns 
> traffic to the 
> >> DC's (no external dns requests get to them) and all the 
> required AD 
> >> records are available. There is also the question of the Windows 
> >> clients updating their own records, if they are on your 
> network dns, 
> >> then they will probably not be in AD.
> >>
> >> Rowland 
> >
>  
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list