'Re: [Samba] Samba Bind DLZ Slow queries'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] Samba Bind DLZ Slow queries
From:       Eben Victor via samba <samba () lists ! samba ! org>
Date:       2020-02-28 19:42:04
Message-ID: 761F42CC-CA6E-424F-90AE-582ED746287D () gmail ! com
[Download RAW message or body]

Awesome, really thanks for all the help.

Eben Victor
Retail Systems Administrator
CBU-IT 
Vodacom  Century City, Western Cape 
+2782 759 5266
eben.victor@vcontractor.co.za
vodacom.co.za 
The future is exciting. Ready?

> On 28 Feb 2020, at 4:23 PM, L.P.H. van Belle via samba <samba@lists.samba.org> \
> wrote: 

Hai Eben (victor), 
 
Great to hear that, you opened TCP 53 ? 
edns tcp/53 packet size 4096. 
dns    udp/53 packet size 512 
 
having that right helps a lot, but only that is often not enough. 
This is why i add the options also to resolv.conf and bind. 
 
test a bit, and see what works best for you. 
 
Great weekend. 
 
Greetz, 
 
Louis


Van: Eben Victor [mailto:eben.victor@gmail.com] 
Verzonden: vrijdag 28 februari 2020 14:47
Aan: L.P.H. van Belle
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries



Thanks Louis,
I'll test as suggested. 



I have to say, after the few changes made already, my DNS is running much smoother \
that before.



On Fri, Feb 28, 2020 at 1:22 PM L.P.H. van Belle via samba <samba@lists.samba.org> \
wrote:

So if this is done, is edns configure also ? 
 
in resolv.conf add: 
options edns0
 
and, name.conf test these. 
 
        // The forwarded zone to the AD-DC DNS use these also. 
        //dnssec-must-be-secure internal.domain.tld no;
        //dnssec-must-be-secure 168.192.in-addr.arpa no;

        // listen-on-v6 { ::1; };  // test what works best, if not all ipv6 is \
disabled also enable this one. just the responce.   listen-on-v6 { "none"; };

        listen-on port 53 { 127.0.0.1; 192.168.xxx.xxx; };
        version "Go Away 0.0.7"; // change bind version 

        allow-query { "thisserverip"; 127.0.0.1; ::1; "mynetworks"; };
        allow-query-cache { "thisserverip"; 127.0.0.1; ::1; "mynetworks"; };
        // make sure bind does not eat all the ram
        max-cache-size 32M;

 

 

Van: Eben Victor [mailto:eben.victor@gmail.com] 
Verzonden: vrijdag 28 februari 2020 12:10
Aan: L.P.H. van Belle
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries



Thanks Louis, FW configured as below


53/tcp 88/tcp 135/tcp 139/tcp 389/tcp 445/tcp 464/tcp 636/tcp 3268/tcp 3269/tcp \
49152-65535/tcp 123/udp 53/udp 88/udp 137/udp 138/udp 389/udp 464/udp 22/tcp



On Fri, Feb 28, 2020 at 12:36 PM L.P.H. van Belle via samba <samba@lists.samba.org> \
wrote:

Ow and i forgot.. 

If the server is firewalled, make sure you allow udp AND tcp on port 53. 


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: vrijdag 28 februari 2020 10:39
> Aan: sambalist
> Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries
> 
> > On 28/02/2020 09:21, Eben Victor wrote:
> > Thanks Rowland, I have removed from options, and amended 
> the forwarders.
> > 
> > [global]
> > workgroup = <MYDOMAIN>
> > realm = <MYDOMAIN>.CORP
> > netbios name = <HOSTNAME>
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > idmap config * : range = 3000-7999 ----------> If I 
> remove the 
> > portion I get errors -> idmap range not specified for domain '*'
> Yes, I know, remove the line and ignore the error, it is 
> meaningless ;-)
> > Also see below resolv.conf
> > 
> > search mydomain.corp otherdomain.corp otherdomain.net 
> > <http://otherdomain.net> otherdomain.co.za 
> <http://otherdomain.co.za> 
> > mydomain.co.za <http://mydomain.co.za>
> Remove all domains except for the AD dns domain
> > nameserver DC2
> > nameserver DC3
> > nameserver DC1
> > nameserver DC5
> > nameserver DC6
> > nameserver DC4
> > 
> The DC should use itself as its nameserver, whether you have other 
> nameservers is debatable, if Samba crashes, do you want it contacting 
> another DC ?
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
Eben Victor

Cell:  +27 82 759 5266
Email: eben.victor@gmail.com




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
Eben Victor

Cell:  +27 82 759 5266
Email: eben.victor@gmail.com




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic