S4 4.6.x Internal DNS multi DC Prioritization

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

S4 4.6.x Internal DNS multi DC Prioritization

Samba - General mailing list
All,

I've got multiple AD DC's, and one in a remote office over IPSEC.  I'm also
using the Internal DNS.  Then, I have multiple services using AD as the
user store.  As I understand it, the flow of traffic is:

Application query -> DNS lookup (mydomain.com) -> Round Robin DC

But what I'm seeing is that all of my DC's are being queried in round robin
(from DNS), including the remote location.  This unfortunately results in
latency spikes whenever the remote one is queried.

So, is there any way to configure some sort of subnet prioritization with
the Internal DNS, so that I can exclude the remote DC (or put it at a lower
level) from local queries?

Thanks,


Kris Lou
[hidden email]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: S4 4.6.x Internal DNS multi DC Prioritization

Samba - General mailing list
13.07.2017 23:17, Kris Lou via samba пишет:

> All,
>
> I've got multiple AD DC's, and one in a remote office over IPSEC.  I'm also
> using the Internal DNS.  Then, I have multiple services using AD as the
> user store.  As I understand it, the flow of traffic is:
>
> Application query -> DNS lookup (mydomain.com) -> Round Robin DC
>
> But what I'm seeing is that all of my DC's are being queried in round robin
> (from DNS), including the remote location.  This unfortunately results in
> latency spikes whenever the remote one is queried.

DNS lookup from application clients made by list on client, by default
in windows 7 desktop clients list contain two fields.

if you write two not-remote DC in this list, why requests goes to third,
remote DC?

--
Administrator

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: S4 4.6.x Internal DNS multi DC Prioritization

Samba - General mailing list
Hi,

Maybe i'm wrong, but it is not the idea of the sites?
You create to different sites main and remote office, then you add some networks per site and the windows clients search the right dc and services.

The way to add DNS manually is, i think, a workaround and solves the problem temporary.


Andrej

-----Ursprüngliche Nachricht-----
Von: samba [mailto:[hidden email]] Im Auftrag von Mike Lykov via samba
Gesendet: Freitag, 14. Juli 2017 07:34
An: [hidden email]
Betreff: Re: [Samba] S4 4.6.x Internal DNS multi DC Prioritization

13.07.2017 23:17, Kris Lou via samba пишет:

> All,
>
> I've got multiple AD DC's, and one in a remote office over IPSEC.  I'm
> also using the Internal DNS.  Then, I have multiple services using AD
> as the user store.  As I understand it, the flow of traffic is:
>
> Application query -> DNS lookup (mydomain.com) -> Round Robin DC
>
> But what I'm seeing is that all of my DC's are being queried in round
> robin (from DNS), including the remote location.  This unfortunately
> results in latency spikes whenever the remote one is queried.

DNS lookup from application clients made by list on client, by default in windows 7 desktop clients list contain two fields.

if you write two not-remote DC in this list, why requests goes to third, remote DC?

--
Administrator

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: S4 4.6.x Internal DNS multi DC Prioritization

Samba - General mailing list
>
> DNS lookup from application clients made by list on client, by default in
> windows 7 desktop clients list contain two fields.


You create to different sites main and remote office, then you add some
> networks per site and the windows clients search the right dc and services.


You're both right, and we do indeed use sites.  The difficulty is that it's
pfSense, not a Windows client :-).  So, I'm dealing with DNSMasq forwarding
domain-override DNS requests to a local DC, which then returns ALL of the
existing DC's.

Since I can't manually override the /etc/hosts file, I ended up adding the
multiple entries as "host-records" as an additional option to dnsmasq,
which then round robins over my new entries before forwarding additional
domain-override requests.  So I'm directly substituting the query results
instead of trying to have the upstream forwarder do it for me.  It works
for me.

Thanks,

-Kris




Kris Lou
[hidden email]

On Fri, Jul 14, 2017 at 3:08 AM, Andrej Gessel via samba <
[hidden email]> wrote:

> Hi,
>
> Maybe i'm wrong, but it is not the idea of the sites?
> You create to different sites main and remote office, then you add some
> networks per site and the windows clients search the right dc and services.
>
> The way to add DNS manually is, i think, a workaround and solves the
> problem temporary.
>
>
> Andrej
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:[hidden email]] Im Auftrag von Mike
> Lykov via samba
> Gesendet: Freitag, 14. Juli 2017 07:34
> An: [hidden email]
> Betreff: Re: [Samba] S4 4.6.x Internal DNS multi DC Prioritization
>
> 13.07.2017 23:17, Kris Lou via samba пишет:
> > All,
> >
> > I've got multiple AD DC's, and one in a remote office over IPSEC.  I'm
> > also using the Internal DNS.  Then, I have multiple services using AD
> > as the user store.  As I understand it, the flow of traffic is:
> >
> > Application query -> DNS lookup (mydomain.com) -> Round Robin DC
> >
> > But what I'm seeing is that all of my DC's are being queried in round
> > robin (from DNS), including the remote location.  This unfortunately
> > results in latency spikes whenever the remote one is queried.
>
> DNS lookup from application clients made by list on client, by default in
> windows 7 desktop clients list contain two fields.
>
> if you write two not-remote DC in this list, why requests goes to third,
> remote DC?
>
> --
> Administrator
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba