On 09/01/2023 14:35, Arnaud FLORENT via samba wrote:> Hi everyone and best wishes for 2023
>
>
> I think i'm facing the bind 9 DLZ lockup problem described here:
>
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#The_Lockup_Problem
>
>
> running samba 4.16 AD on ubuntu 20.04 with bind 9.16.15
>
> there are about 500 computers on the network.
>
>
> quickly after bind restart, DNS response delay increase and reach client
> timeout (like host or dig on samba host) and named is long to stop.
>
>
> if i disable dlz config on named, there are no dns outage but AD is broken.
>
>
> so we setup an external dns server forwarding only query to the AD
> domain zone as suggested in wiki.
That appears to be the fix.
>
>
> i have a few questions:
>
> - before running samba 4.3 on ubuntu 16.04? with bind 9.10 , i got no
> outage. Does this problem appear on specific bind or samba version?
Possibly, but if it is, the versions are unknown.
>
> - is there a metric or log? i can check in samba or named stats
> (returned by running rndc stats) to be sure this is the lockup problem
> described in wiki?
You shouldn't be using rndc on a Bind9 with a Samba AD DC.
You could set up logging on Bind9 (see bind9 documentation for this),
this may show the error better.
>
> - is there a way to reproduce this problem with a script from only one
> dns client?
Anything is possible, but you would have to write the script.
>
> - is there alternative solution (than running external dns server)
There are those that say you can run a separate DNS server, but I
wouldn't recommend this, all the DNS records are in AD.
Are you doing something complex ?
Do you actually need Bind9 ?
Have you tried using the internal dns server with an external dns server
that forwards everything AD to a DC ?
>
> - is a fix in bind or samba planned?
As it is thought that this is a Bind problem, a fix to Samba is unlikely
and Samba has no control over Bind.
Rowland