Interesting fact: My server, where work jail with Samba AD DC, have 40 CPUs(20 cores and 40 threads). Therefore, when I starts named, it is creates 40 workers for every listen ip, i.e. 40 tcp and 40 udp for every ip. Because its too much for my configuration, I intuitively made a decision to try to decrease number of named workers to 10 by "-n 10". And all works without freezing with correct resolv.conf during last 4 days. Where better to tell about this bug - to Bind or FreeBSD developers? 04.12.2021 9:22, Daniel O'Connor via samba ?????:> >> On 4 Dec 2021, at 17:51, Nikita Druba <admin at npo-lencor.ru> wrote: >> >> 02.12.2021 7:50, Daniel O'Connor ?????: >>>> On 2 Dec 2021, at 16:16, Nikita Druba via samba <samba at lists.samba.org> wrote: >>>> >>>> I forgot to add, that config of new DC jail, zfs, named and samba fully the same as old DC and very similar for several other my samba DCs. I tried to switch on Internal DNS and back. I also tried to disable all Bind options, that no refers in samba wiki. I do not understand, where else I can found some information, what here is wrong. >>> I would try ktrace'ing the bind process, eg... >>> sudo -u bind ktrace -f /tmp/named.ktr named -g <rest of options> >>> >>> Then reproduce and sift through the trace looking for bad things.. >>> sudo kdump -f /tmp/named.ktr >>> >>> Unfortunately ktrace is pretty low level (since it traces syscalls) but you might get a hint. >>> >> I tried to collect some logs by ktrace and catched freeze moment. After last from usual log(when Bind freezing), in kdump starts many times repeating the next records: >> >> 36460 named CALL nanosleep(0x7fffffffea30,0) >> 36460 named RET nanosleep 0 >> >> What can it means? What do you thing - its a question of Bind or FreeBSD? > That just means it called nanosleep system call which is what usleep etc are implemented as. > Unfortunately ktrace is very low level so it can be hard to determine the context.. > > Something like truss or strace would provide a bit more context although they have a higher performance impact (probably not an issue for you). > > > -- > Daniel O'Connor > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > >
> On 7 Dec 2021, at 21:41, Nikita Druba <admin at npo-lencor.ru> wrote: > Interesting fact: > My server, where work jail with Samba AD DC, have 40 CPUs(20 cores and 40 threads). Therefore, when I starts named, it is creates 40 workers for every listen ip, i.e. 40 tcp and 40 udp for every ip. > Because its too much for my configuration, I intuitively made a decision to try to decrease number of named workers to 10 by "-n 10". > And all works without freezing with correct resolv.conf during last 4 days. > Where better to tell about this bug - to Bind or FreeBSD developers?That is pretty strange.. I guess try bind first, pretty hard to say which is more likely though. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
On Tue, 2021-12-07 at 12:11 +0100, Nikita Druba via samba wrote:> Interesting fact: > My server, where work jail with Samba AD DC, have 40 CPUs(20 cores > and > 40 threads). Therefore, when I starts named, it is creates 40 > workers > for every listen ip, i.e. 40 tcp and 40 udp for every ip. > Because its too much for my configuration, I intuitively made a > decision > to try to decrease number of named workers to 10 by "-n 10". > And all works without freezing with correct resolv.conf during last 4 > days. > Where better to tell about this bug - to Bind or FreeBSD developers?I would start with freebsd. My problem (which could be from a lack of understanding them) with freebsd jails, is that they are a type of virtualisation with everything inside the 'jail' and that they cannot contact anything inside another 'jail'. If this is correct, how do you get replication between other (highly recommended) Samba AD DC's ??? Rowland
Hi again! I found the stage, where named freezing and why its started after adding a new DC: samba_dnsupdate When I tried to run this command from terminal, the named freezed. My smb4.conf has the next line: nsupdate command = /usr/local/bin/nsupdate -g I tried to change parameter of command to -o or set it without parameters, I tried also special port dns/samba-nsupdate and: nsupdate command = /usr/local/bin/samba-nsupdate -g But result of all my tries - now named guarantied freezing when I run samba_dnsupdate --all-names. I tried to compiled named with Heimdal from ports and "base", but the same result. This problem "successfully" repeated at my other FreeBSD DC. At openSUSE DC samba_dnsupdate by nsupdate (even with -g) just getting "permission denied". The line, that solved my situation: dns update command = /usr/local/sbin/samba_dnsupdate --use-samba-tool Also, when I switched to built-in dns, samba_dnsupdate worked fine. Any suggestions?