Reducing DNS lookups
Brendan Kearney
bpk678 at gmail.com
Tue Feb 21 13:22:27 CET 2017
On 02/21/2017 07:10 AM, David Hartburn wrote:
> Hi,
>
> For our LDAP queries, we have specified the forest DNS name as the
> LDAP server, so that we achieve via DNS a random distribution of
> queries against our AD servers. Previously we had hammered the first
> server on the list.
>
> This has kept our AD guys happy, but we have noticed that at busy
> times our FR servers are doing over 100 DNS queries per second, for
> the same thing.
>
> I can not spot anything in the FreeRADIUS config files, but is there
> any way to reduce the number of DNS lookups? We are running 3.0.12 on
> RHEL7.
>
> Outside of FreeRADIUS, we could either make sure each server has a
> different /etc/hosts file, which is not ideal, or implementing local
> DNS caching seems to be the more sensible way to go. Are there any
> other alternatives other people are using?
>
> Yours
>
> Dave Hartburn
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
i have wondered if using SRV records would be feasible. the SSSD
project has a nifty config option that allows you to specify "_srv_" as
a value in a comma separated string, to indicate the use of the
_ldap._tcp.domain.tld and _kerberos._udp.domain.tld SRV records. the
SRV record can be set with weight and priority to steer load, and is a
round-robin style load balancing mechanism. in addition, you can also
specify specific ldap URIs or kerberos servers in the config option for
fallback to specific servers.
More information about the Freeradius-Users
mailing list