[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: client dns lookups, can they be disabled?

To: "'Geoff Swan'" <gswan3@bigpond.net.au>
Subject: RE: client dns lookups, can they be disabled?
From: "Simon N Thornton (E-mail)" <simon.thornton@swift.com>
Date: Thu, 26 Sep 2002 16:28:23 +0200
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <20020926122921.GA22352@itea.ntnu.no>

Hi,

Look in /etc/nsswitch.conf and change the order of the 'hosts:' entry to
"hosts: files dns"   then add an entry for your LDAP server(s) in
/etc/hosts. This will be much faster than querying the DNS as it's a
local lookup, for anything not in /etc/hosts it will still search the
dns.

Another possibility is to look at /etc/resolv.conf, if there is a line
beginning 'search' with several domains, this will also slow lookups. If
you specify a hostname without the domain name, the resolver library
will append each domain listed in the 'search' statement and try a
lookup. If you don't need the search feature (you have to specify all
names in FQDN format, which is good practise), comment it out.

Rgds,

Simon

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stig Venaas
Sent: Thursday, September 26, 2002 14:29
To: Geoff Swan
Cc: openldap-software@OpenLDAP.org
Subject: Re: client dns lookups, can they be disabled?

On Thu, Sep 19, 2002 at 10:49:55PM +1000, Geoff Swan wrote:
> Hi,
> 
> I have a system with slapd on a server with a known IP address.
OpenLDAP 
> has been build with the rdns lookups disabled.
> 
> When I use ldapsearch (or any client which uses the openLDAP client 
> libraries) to perform a search on the database at this server (by 
> specifying the IP address of the server), the client appears to
attempt 
> to perform a DNS lookup before the bind operation (an ethereal trace 
> shows this).
> 
> Is there any way to prevent this? It slows down the search
considerably.

I've looked a bit at the code, and it will try to lookup it's own IP
address (at least if compiled with Kerberos, TLS or SASL it seems). You
should be able to avoid that by adding an entry in /etc/hosts. If you
specify IP address of server, at least Linux and FreeBSD have
getaddrinfo() implementations that will not make a DNS request.

With ethereal (or at least tcpdump) you can check what it tries to
lookup. Is it an A record for something starting with your IP address,
is it an A record for your hostname, or is it something else?

Stig

Attachment: smime.p7s
Description: S/MIME cryptographic signature

References:
- Re: client dns lookups, can they be disabled?
  - From: Stig Venaas <Stig@OpenLDAP.org>

Prev by Date: solaris & openldap
Next by Date: RE: Follow up: 2.1.4, solaris 8, fails to start
Index(es):
- Chronological
- Thread