On Thu, 2007-09-06 at 09:42 -0300, Steve Scanavarro wrote: > Hello everyone! > I have configured my DNS Server (BIND9) zones in a LDAP, so my DNS is > now binding to LDAP to query for DNS requests. > It's working fine, my nslookups and pings to hosts are all ok! > *BUT* my doubt (and fear! :) is that when I put this operational, it > will become slow, because of the size of my companies' network (about > 5000 workstations that query and lots of subnets zones, that this > workstations belong). > How does the internals(?) of OpenLDAP will work? It > a) "Loads" all the records/zones in the memory?
The back-bdb and back-hdb backends of OpenLDAP use Berkley BDB. You need to properly provision OpenLDAP (of course). OpenLDAP is extremely scalable, if you've done your job provisioning OpenLDAP I doubt you'll have any performance problems. Read the OpenLDAP documentation - and use a current version. DB_CONFIG/ olcDbConfig is really really important. One flaw of the docs is that they don't make this very prominent - flashing neon would be appropriate; a bold disclaimer at the start of the "Configuring slapd" saying: "If you fail to properly configure your Sleepycat backend via olcDbConfig you will experience unacceptable performance." would save so many people allot of head-scratching as to why the performance they see from the world's fastest DSA simply sucks. Start with - http://www.openldap.org/faq/data/cache/1072.html , http://www.openldap.org/faq/data/cache/1075.html , and http://www.openldap.org/faq/data/cache/1074.html . Although I suspect what 1074 is a little out of date since it states "The bottom line - because the back-bdb databases must be managed by both the OpenLDAP tools and the Sleepycat tools, we must use the Sleepycat DB_CONFIG file in addition to slapd.conf." and with olcDbConfig you don't need to create a DB_CONFIG (sort of, olcDbConfig creates it for you). The whole OpenLDAP<->Sleepycat thing can be confusing at first. > b) Every time a dns query comes, my BIND9 has to open a connection and > bind the OpenLDAP server? > Anyone got that working in a large network with the same "speed" as > without using LDAP? I'm at about 1,000 nodes and performance is unbelievable. OpenLDAP is a rocket ship.
signature.asc
Description: This is a digitally signed message part
--- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
