Reducing DNS lookups

Brendan Kearney bpk678 at gmail.com
Tue Feb 21 13:22:27 CET 2017


On 02/21/2017 07:10 AM, David Hartburn wrote:
> Hi,
>
> For our LDAP queries, we have specified the forest DNS name as the 
> LDAP server, so that we achieve via DNS a random distribution of 
> queries against our AD servers. Previously we had hammered the first 
> server on the list.
>
> This has kept our AD guys happy, but we have noticed that at busy 
> times our FR servers are doing over 100 DNS queries per second, for 
> the same thing.
>
> I can not spot anything in the FreeRADIUS config files, but is there 
> any way to reduce the number of DNS lookups? We are running 3.0.12 on 
> RHEL7.
>
> Outside of FreeRADIUS, we could either make sure each server has a 
> different /etc/hosts file, which is not ideal, or implementing local 
> DNS caching seems to be the more sensible way to go. Are there any 
> other alternatives other people are using?
>
> Yours
>
> Dave Hartburn
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

i have wondered if using SRV records would be feasible.  the SSSD 
project has a nifty config option that allows you to specify "_srv_" as 
a value in a comma separated string, to indicate the use of the 
_ldap._tcp.domain.tld and _kerberos._udp.domain.tld SRV records.  the 
SRV record can be set with weight and priority to steer load, and is a 
round-robin style load balancing mechanism. in addition, you can also 
specify specific ldap URIs or kerberos servers in the config option for 
fallback to specific servers.



More information about the Freeradius-Users mailing list