Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root at s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 external queries are a little bit faster: root at s-srv01:~# dig google.com @192.168.0.4 ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 173.194.35.135 google.com. 300 IN A 173.194.35.136 google.com. 300 IN A 173.194.35.137 google.com. 300 IN A 173.194.35.142 google.com. 300 IN A 173.194.35.128 google.com. 300 IN A 173.194.35.129 google.com. 300 IN A 173.194.35.130 google.com. 300 IN A 173.194.35.131 google.com. 300 IN A 173.194.35.132 google.com. 300 IN A 173.194.35.133 google.com. 300 IN A 173.194.35.134 ;; AUTHORITY SECTION: . 45846 IN NS a.root-servers.net. . 45846 IN NS c.root-servers.net. . 45846 IN NS b.root-servers.net. . 45846 IN NS g.root-servers.net. . 45846 IN NS f.root-servers.net. . 45846 IN NS j.root-servers.net. . 45846 IN NS e.root-servers.net. . 45846 IN NS i.root-servers.net. . 45846 IN NS l.root-servers.net. . 45846 IN NS k.root-servers.net. . 45846 IN NS h.root-servers.net. . 45846 IN NS d.root-servers.net. . 45846 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 45846 IN A 198.41.0.4 b.root-servers.net. 45846 IN A 192.228.79.201 c.root-servers.net. 45846 IN A 192.33.4.12 d.root-servers.net. 45846 IN A 128.8.10.90 e.root-servers.net. 45846 IN A 192.203.230.10 f.root-servers.net. 45846 IN A 192.5.5.241 ;; Query time: 281 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:09:06 2012 ;; MSG SIZE rcvd: 511 When i change to the samba4 internal dns server, i get response time about ~1-2ms. But why is the bind dlz modul so slooow..? bind version is 9.8.0. What can i doo?? Regards, Tom
And my named.conf:
options {
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
allow-query { any; };
allow-transfer { any; };
listen-on-v6 { any; };
};
dlz "samba4.zone" {
database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so {
/*
* update-policy {
* grant TEST.LOCAL ms-self * A AAAA;
* grant Administrator at TEST.LOCAL
wildcard * A AAAA SRV CNAME;
* grant s-srv01$@TEST.local wildcard * A
AAAA SRV CNAME;
* };
*/
/*
* the list of principals and what they can change is
created
* dynamically by Samba, based on the membership of the
domain controllers
* group. The provision just creates this file as an
empty file.
*/
include /var/lib/samba/private/named.conf.update;
/* we need to use check-names ignore so _msdcs A records
can be created */
check-names ignore;
};
";
};
syslog named startup:
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'32.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container
'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'0.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container
'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'2.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container
'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'test.local'
Nov 19 16:01:50 s-srv01 named[27310]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 0.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 127.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 254.169.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
100.51.198.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
113.0.203.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: D.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 8.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 9.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: A.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: B.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on 127.0.0.1#953
Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on ::1#953
Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loading from
master file managed-keys.bind failed: file not found
Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loaded serial 0
Nov 19 16:01:50 s-srv01 named[27310]: running
-------- Original-Nachricht --------> Datum: Mon, 19 Nov 2012 16:11:30 +0100
> Von: "Thomas Manninger" <DBGTMaster at gmx.at>
> An: samba at lists.samba.org
> Betreff: [Samba] samba4 binddlz performance
> Hello,
>
> i am using samba4rc2.
>
> I have problems with the bind9 dlz module, i get very long response times
> from interal queries.
>
> root at s-srv01:~# dig s-srv04.test.local @192.168.0.4
>
> ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local
@192.168.0.4
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;s-srv04.test.local. IN A
>
> ;; ANSWER SECTION:
> s-srv04.test.local. 900 IN A 192.168.0.4
>
> ;; AUTHORITY SECTION:
> test.local. 900 IN NS s-srv01.test.local.
> test.local. 900 IN NS s-srv04.test.local.
>
> ;; ADDITIONAL SECTION:
> s-srv01.test.local. 900 IN A 192.168.0.1
>
> ;; Query time: 1239 msec
> ;; SERVER: 192.168.0.4#53(192.168.0.4)
> ;; WHEN: Mon Nov 19 16:07:59 2012
> ;; MSG SIZE rcvd: 108
>
> external queries are a little bit faster:
>
> root at s-srv01:~# dig google.com @192.168.0.4
>
> ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6
>
> ;; QUESTION SECTION:
> ;google.com. IN A
>
> ;; ANSWER SECTION:
> google.com. 300 IN A 173.194.35.135
> google.com. 300 IN A 173.194.35.136
> google.com. 300 IN A 173.194.35.137
> google.com. 300 IN A 173.194.35.142
> google.com. 300 IN A 173.194.35.128
> google.com. 300 IN A 173.194.35.129
> google.com. 300 IN A 173.194.35.130
> google.com. 300 IN A 173.194.35.131
> google.com. 300 IN A 173.194.35.132
> google.com. 300 IN A 173.194.35.133
> google.com. 300 IN A 173.194.35.134
>
> ;; AUTHORITY SECTION:
> . 45846 IN NS a.root-servers.net.
> . 45846 IN NS c.root-servers.net.
> . 45846 IN NS b.root-servers.net.
> . 45846 IN NS g.root-servers.net.
> . 45846 IN NS f.root-servers.net.
> . 45846 IN NS j.root-servers.net.
> . 45846 IN NS e.root-servers.net.
> . 45846 IN NS i.root-servers.net.
> . 45846 IN NS l.root-servers.net.
> . 45846 IN NS k.root-servers.net.
> . 45846 IN NS h.root-servers.net.
> . 45846 IN NS d.root-servers.net.
> . 45846 IN NS m.root-servers.net.
>
> ;; ADDITIONAL SECTION:
> a.root-servers.net. 45846 IN A 198.41.0.4
> b.root-servers.net. 45846 IN A 192.228.79.201
> c.root-servers.net. 45846 IN A 192.33.4.12
> d.root-servers.net. 45846 IN A 128.8.10.90
> e.root-servers.net. 45846 IN A 192.203.230.10
> f.root-servers.net. 45846 IN A 192.5.5.241
>
> ;; Query time: 281 msec
> ;; SERVER: 192.168.0.4#53(192.168.0.4)
> ;; WHEN: Mon Nov 19 16:09:06 2012
> ;; MSG SIZE rcvd: 511
>
>
> When i change to the samba4 internal dns server, i get response time about
> ~1-2ms.
>
> But why is the bind dlz modul so slooow..?
>
> bind version is 9.8.0.
>
> What can i doo??
>
> Regards, Tom
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
On 11/19/2012 07:11 AM, Thomas Manninger wrote:> Hello, > > i am using samba4rc2. > > I have problems with the bind9 dlz module, i get very long response times from interal queries. > > root at s-srv01:~# dig s-srv04.test.local @192.168.0.4 > > ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 > > ;; QUESTION SECTION: > ;s-srv04.test.local. IN A > > ;; ANSWER SECTION: > s-srv04.test.local. 900 IN A 192.168.0.4 > > ;; AUTHORITY SECTION: > test.local. 900 IN NS s-srv01.test.local. > test.local. 900 IN NS s-srv04.test.local. > > ;; ADDITIONAL SECTION: > s-srv01.test.local. 900 IN A 192.168.0.1 > > ;; Query time: 1239 msec > ;; SERVER: 192.168.0.4#53(192.168.0.4) > ;; WHEN: Mon Nov 19 16:07:59 2012 > ;; MSG SIZE rcvd: 108.local is normally used for mdns (see. http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with another kind of tld (ie. use domain test.corp).> external queries are a little bit faster: > > root at s-srv01:~# dig google.com @192.168.0.4 > > ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 > > ;; QUESTION SECTION: > ;google.com. IN A > > ;; ANSWER SECTION: > google.com. 300 IN A 173.194.35.135 > google.com. 300 IN A 173.194.35.136 > google.com. 300 IN A 173.194.35.137 > google.com. 300 IN A 173.194.35.142 > google.com. 300 IN A 173.194.35.128 > google.com. 300 IN A 173.194.35.129 > google.com. 300 IN A 173.194.35.130 > google.com. 300 IN A 173.194.35.131 > google.com. 300 IN A 173.194.35.132 > google.com. 300 IN A 173.194.35.133 > google.com. 300 IN A 173.194.35.134 > > ;; AUTHORITY SECTION: > . 45846 IN NS a.root-servers.net. > . 45846 IN NS c.root-servers.net. > . 45846 IN NS b.root-servers.net. > . 45846 IN NS g.root-servers.net. > . 45846 IN NS f.root-servers.net. > . 45846 IN NS j.root-servers.net. > . 45846 IN NS e.root-servers.net. > . 45846 IN NS i.root-servers.net. > . 45846 IN NS l.root-servers.net. > . 45846 IN NS k.root-servers.net. > . 45846 IN NS h.root-servers.net. > . 45846 IN NS d.root-servers.net. > . 45846 IN NS m.root-servers.net. > > ;; ADDITIONAL SECTION: > a.root-servers.net. 45846 IN A 198.41.0.4 > b.root-servers.net. 45846 IN A 192.228.79.201 > c.root-servers.net. 45846 IN A 192.33.4.12 > d.root-servers.net. 45846 IN A 128.8.10.90 > e.root-servers.net. 45846 IN A 192.203.230.10 > f.root-servers.net. 45846 IN A 192.5.5.241 > > ;; Query time: 281 msec > ;; SERVER: 192.168.0.4#53(192.168.0.4) > ;; WHEN: Mon Nov 19 16:09:06 2012 > ;; MSG SIZE rcvd: 511 > > > When i change to the samba4 internal dns server, i get response time about ~1-2ms. > > But why is the bind dlz modul so slooow..?you can use kcachegrind to trace bind in foreground mode in order to see where the time is spent. Matthieu. -- Matthieu Patou Samba Team http://samba.org
I think, i am in the near of the solution of my problem. The search of a user is very fast (<1sec): ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator But the search of a record is very slow (~3sec): ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=mb.intern,CN=MicrosoftDNS,CN=System,dc=mb,dc=intern dc=mbdom2 There are missing indexes in the ldb database?? Where can i can the index, or add some?? thanks! -------- Original-Nachricht --------> Datum: Fri, 23 Nov 2012 14:32:31 -0800 > Von: Matthieu Patou <mat at samba.org> > An: samba at lists.samba.org > Betreff: Re: [Samba] samba4 binddlz performance> On 11/19/2012 07:11 AM, Thomas Manninger wrote: > > Hello, > > > > i am using samba4rc2. > > > > I have problems with the bind9 dlz module, i get very long response > times from interal queries. > > > > root at s-srv01:~# dig s-srv04.test.local @192.168.0.4 > > > > ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4 > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478 > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 > > > > ;; QUESTION SECTION: > > ;s-srv04.test.local. IN A > > > > ;; ANSWER SECTION: > > s-srv04.test.local. 900 IN A 192.168.0.4 > > > > ;; AUTHORITY SECTION: > > test.local. 900 IN NS s-srv01.test.local. > > test.local. 900 IN NS s-srv04.test.local. > > > > ;; ADDITIONAL SECTION: > > s-srv01.test.local. 900 IN A 192.168.0.1 > > > > ;; Query time: 1239 msec > > ;; SERVER: 192.168.0.4#53(192.168.0.4) > > ;; WHEN: Mon Nov 19 16:07:59 2012 > > ;; MSG SIZE rcvd: 108 > .local is normally used for mdns (see. > http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with > another kind of tld (ie. use domain test.corp). > > external queries are a little bit faster: > > > > root at s-srv01:~# dig google.com @192.168.0.4 > > > > ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4 > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 > > > > ;; QUESTION SECTION: > > ;google.com. IN A > > > > ;; ANSWER SECTION: > > google.com. 300 IN A 173.194.35.135 > > google.com. 300 IN A 173.194.35.136 > > google.com. 300 IN A 173.194.35.137 > > google.com. 300 IN A 173.194.35.142 > > google.com. 300 IN A 173.194.35.128 > > google.com. 300 IN A 173.194.35.129 > > google.com. 300 IN A 173.194.35.130 > > google.com. 300 IN A 173.194.35.131 > > google.com. 300 IN A 173.194.35.132 > > google.com. 300 IN A 173.194.35.133 > > google.com. 300 IN A 173.194.35.134 > > > > ;; AUTHORITY SECTION: > > . 45846 IN NS a.root-servers.net. > > . 45846 IN NS c.root-servers.net. > > . 45846 IN NS b.root-servers.net. > > . 45846 IN NS g.root-servers.net. > > . 45846 IN NS f.root-servers.net. > > . 45846 IN NS j.root-servers.net. > > . 45846 IN NS e.root-servers.net. > > . 45846 IN NS i.root-servers.net. > > . 45846 IN NS l.root-servers.net. > > . 45846 IN NS k.root-servers.net. > > . 45846 IN NS h.root-servers.net. > > . 45846 IN NS d.root-servers.net. > > . 45846 IN NS m.root-servers.net. > > > > ;; ADDITIONAL SECTION: > > a.root-servers.net. 45846 IN A 198.41.0.4 > > b.root-servers.net. 45846 IN A 192.228.79.201 > > c.root-servers.net. 45846 IN A 192.33.4.12 > > d.root-servers.net. 45846 IN A 128.8.10.90 > > e.root-servers.net. 45846 IN A 192.203.230.10 > > f.root-servers.net. 45846 IN A 192.5.5.241 > > > > ;; Query time: 281 msec > > ;; SERVER: 192.168.0.4#53(192.168.0.4) > > ;; WHEN: Mon Nov 19 16:09:06 2012 > > ;; MSG SIZE rcvd: 511 > > > > > > When i change to the samba4 internal dns server, i get response time > about ~1-2ms. > > > > But why is the bind dlz modul so slooow..? > you can use kcachegrind to trace bind in foreground mode in order to see > where the time is spent. > > Matthieu. > > -- > Matthieu Patou > Samba Team > http://samba.org > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba