[Samba] Disaster Recovery Activity with Samba-AD-DC

Anantha Raghava raghav at exzatech.net
Mon May 20 04:09:16 UTC 2024 

Hi,

We already have 2 separate BIND 9 servers (1 in Data-Center-A & 1 in 
Data-Center-B), which act as primary DNS for the entire network. It 
forwards the DNS query to samba only when query is for samba-ad-dc owned 
domain. Rest of all queries get terminated at these BIND 9 servers. We 
have over 12000 users and over 15000 assets as member of samba-ad-dc 
owned domain. Members and assets are speared across 2800 odd locations. 
All locations are connected to central data centre either through 
point-to-point link or MPLS VPN or VSAT links. Will this affect the 
performance?

We have 5 samba-ad-dc servers in our domain. The issue comes up only 
when we to DR activity (once in 3 months, 4 times an year). During this 
activity one of the data centre (3 samba-ad-dc servers) is shutdown. In 
this situation, only 2 of 5 samba-ad-dc servers are functional.

Thanks & Regards,

Anantha Raghava H A


DISCLAIMER:
This e-mail communication and any attachments may be privileged and 
confidential to Exza Technology Consulting & Services, Indryve Inc & 
their group companies, and are intended only for the use of the 
recipients named above If you are not the addressee you may not copy, 
forward, disclose or use any part of it. If you have received this 
message in error, please delete it and all copies from your system and 
notify the sender immediately by return e-mail. Internet communications 
cannot be guaranteed to be timely, secure, error or virus-free. The 
sender does not accept liability for any errors or omissions.

Do not print this e-mail unless required. Save Paper & trees.


On 20/05/24 2:46 am, Andrew Bartlett wrote:
> On Sat, 2024-05-18 at 10:39 +0530, Anantha Raghava via samba wrote:
>> Hi,
>>
>> List of services:
>> 3. dns[master] - average - 22 threads - consuming approximately 38%,
>> sometimes it tops at 95%
> If Samba set as is the DNS server for the network, then this kind of
> thing can happen.
>
> What you should do is have a different BIND 9 server be the DNS server,
> with a zone of type 'forward'
> for the Samba AD zone, pointing at the set of AD DCs.
>
> This means that this better-suited DNS server, for which tuning guides
> and performance documentation is available can handle the main internet
> access load, and Samba just does the Samba stuff.
>
> Andrew Bartlett
>
>

More information about the samba mailing list