Reducing DNS lookups

Matthew Newton mcn4 at leicester.ac.uk
Tue Feb 21 14:37:44 CET 2017


On Tue, Feb 21, 2017 at 07:48:25AM -0500, Alan DeKok wrote:
> On Feb 21, 2017, at 7:10 AM, David Hartburn <D.J.Hartburn at kent.ac.uk> wrote:
> > For our LDAP queries, we have specified the forest DNS name as
> > the LDAP server, so that we achieve via DNS a random
> > distribution of queries against our AD servers. Previously we
> > had hammered the first server on the list.
> 
> But the underlying problem is likely that your AD system is
> returning redirects.  A LOT of them.

If the data is in the Global Catalogue, point FreeRADIUS at port
3269 on the DCs instead of 636. It should stop the referrals, and
therefore also speed up LDAP searches.

Otherwise, just chuck BIND on the box and point at that for DNS.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list