-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by round-robin DNS. The 192.168.196. network is exhausted, so we added a new LDAP slave to 192.168.222. and added the IP address to the round-robin pool. But it seems that it is only used by other servers in the 192.168.222 network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf: enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections all from the 192.168.222 range, and the 2 hosts in the 192.168.196 range serve 599 and 706 connections. The last 2 servers do serve the 143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone help me understand what is going on?
With kind regards,
Dennis Leeuw
- -- ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am 18.02.2014 um 10:33 in
Nachricht 530328F0.4090903@umcutrecht.nl:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by round-robin DNS. The 192.168.196. network is exhausted, so we added a new LDAP slave to 192.168.222. and added the IP address to the round-robin pool. But it seems that it is only used by other servers in the 192.168.222 network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf: enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections all from the 192.168.222 range, and the 2 hosts in the 192.168.196 range serve 599 and 706 connections. The last 2 servers do serve the 143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone help me understand what is going on?
With kind regards,
Dennis Leeuw
ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTAyjwAAoJEMVYYpdbQscouGsH/3yXjh6zmLMDRaks18qe+yH7 oUrdatkENF7+WyxLz7ZzNL69gXyEwTANGGf9y7CYuqNu47PDs3SvNOM1/kgjy7pr CSN1t9acVb9i67JgOV2ed5fMHlOzOR+sevNKjsdEdKVXrYvcXnevLOD0KHhGlXeq Ips0Uqk8cusDXQZSUPab0aQNhWawyT1Tf4SQVAJbJ3OYEiFpHyPJXos2F4DIpYPJ 9FLn/dqV8sUNc9kaOHRjwcVYYAVyey9vX33xbYKr4pXKLd/ujaArBtwE1tyKvR2G JPz6Gw5sYK5JLjkmr1uzPAze46heiVFY6U1Vv7aMJ4ujuabBiU11Us2k4XuotPI= =UxBr -----END PGP SIGNATURE-----
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
This message may contain confidential information and is intended exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Ulrich,
No I hadn't, didn't even know it existed. But reading up on it it seems a server side configuration we do not have.
Running the getent several times on a host shows nice round-robin behaviour, so my guess it is somewhere in the client-side config or caching, or...
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am 18.02.2014 um 10:33 in
Nachricht 530328F0.4090903@umcutrecht.nl: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by round-robin DNS. The 192.168.196. network is exhausted, so we added a new LDAP slave to 192.168.222. and added the IP address to the round-robin pool. But it seems that it is only used by other servers in the 192.168.222 network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf: enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections all from the 192.168.222 range, and the 2 hosts in the 192.168.196 range serve 599 and 706 connections. The last 2 servers do serve the 143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone help me understand what is going on?
With kind regards,
Dennis Leeuw
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
This message may contain confidential information and is intended
exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
- -- ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048
Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am 18.02.2014 um 12:24 in
Nachricht 530342DE.2040406@umcutrecht.nl:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Ulrich,
No I hadn't, didn't even know it existed. But reading up on it it seems a server side configuration we do not have.
Running the getent several times on a host shows nice round-robin behaviour, so my guess it is somewhere in the client-side config or caching, or...
Do you run nscd?
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am 18.02.2014 um 10:33 in
Nachricht 530328F0.4090903@umcutrecht.nl: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by round-robin DNS. The 192.168.196. network is exhausted, so we added a new LDAP slave to 192.168.222. and added the IP address to the round-robin pool. But it seems that it is only used by other servers in the 192.168.222 network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf: enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections all from the 192.168.222 range, and the 2 hosts in the 192.168.196 range serve 599 and 706 connections. The last 2 servers do serve the 143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone help me understand what is going on?
With kind regards,
Dennis Leeuw
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
This message may contain confidential information and is intended
exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTA0LeAAoJEMVYYpdbQscoJzcIALwJg+KKcoP5ea5sWqpOYFgY h242bt7oZFTG4Wx9hy/e1xQDpBtcYtN7WM+DzShQknWPRhhiEynBjE0KJNlHpXx9 GM35X17fyz7gR7BXiVXxtN0vddhn1GbYxQokR7Oop5DfpqVrtdGYb6n+HdfKlg4e fboi5z8Mf4ev1IGrnRFKmjij/xusqbKRiyoWeyGaltPCHQslhSL8SgH78GRQCEjA heyE3EjNTdyr9JuSZseoxZQs3cqSu56RVBDc0wEXZOC/cptoToiEgXpwLDLdVSSz E5/sc/9gu6yj/oSeO+ADKn8IgdNb6y+Muqs+KxUNIL1zyQh2LZSR2wu6CMoS2Aw= =368X -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/18/2014 12:27 PM, Ulrich Windl wrote:
Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am 18.02.2014 um 12:24 in
Nachricht 530342DE.2040406@umcutrecht.nl: Hi Ulrich,
No I hadn't, didn't even know it existed. But reading up on it it seems a server side configuration we do not have.
Running the getent several times on a host shows nice round-robin behaviour, so my guess it is somewhere in the client-side config or caching, or...
Do you run nscd?
On some hosts we do on some we don't.
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
> Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am > 18.02.2014 um 10:33 in
Nachricht 530328F0.4090903@umcutrecht.nl: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by round-robin DNS. The 192.168.196. network is exhausted, so we added a new LDAP slave to 192.168.222. and added the IP address to the round-robin pool. But it seems that it is only used by other servers in the 192.168.222 network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf: enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections all from the 192.168.222 range, and the 2 hosts in the 192.168.196 range serve 599 and 706 connections. The last 2 servers do serve the 143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone help me understand what is going on?
With kind regards,
Dennis Leeuw
- -- ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Urlich,
Did some more tests on more servers... and it seems that getent is more static then I thought. Where 'host' nicely shows round-robin behaviour, 'getent' does not.
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am 18.02.2014 um 10:33 in
Nachricht 530328F0.4090903@umcutrecht.nl: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by round-robin DNS. The 192.168.196. network is exhausted, so we added a new LDAP slave to 192.168.222. and added the IP address to the round-robin pool. But it seems that it is only used by other servers in the 192.168.222 network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf: enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections all from the 192.168.222 range, and the 2 hosts in the 192.168.196 range serve 599 and 706 connections. The last 2 servers do serve the 143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone help me understand what is going on?
With kind regards,
Dennis Leeuw
- -- ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
Did some more tests on more servers... and it seems that getent is more static then I thought. Where 'host' nicely shows round-robin behaviour, 'getent' does not.
man 5 gai.conf perhaps?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/18/2014 01:37 PM, George Ross wrote:
Did some more tests on more servers... and it seems that getent is more static then I thought. Where 'host' nicely shows round-robin behaviour, 'getent' does not.
man 5 gai.conf perhaps?
Thanks! Victory! Setting the scopev4 to: scopev4 192.168.222.0/24 5 scopev4 192.168.196.0/24 5
Solved the issue. Thank!
Dennis
- -- ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
El día Tuesday, February 18, 2014 a las 12:37:02PM +0000, George Ross escribió: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
man 5 gai.conf perhaps?
To George Ross,
Or perhaps:
man -S8 ntpdate?
matthias
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
The official Bind 9 reference guide says: "The client resolver code should rearrange the RRs as appropriate, that is, using any addresses on the *local net* in preference to other addresses."
That is exactly what I am experiencing :(
Thanks for the pointer!
Ulrich
Dennis Leeuw D.Leeuw@umcutrecht.nl schrieb am 18.02.2014 um 10:33 in
Nachricht 530328F0.4090903@umcutrecht.nl: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by round-robin DNS. The 192.168.196. network is exhausted, so we added a new LDAP slave to 192.168.222. and added the IP address to the round-robin pool. But it seems that it is only used by other servers in the 192.168.222 network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf: enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections all from the 192.168.222 range, and the 2 hosts in the 192.168.196 range serve 599 and 706 connections. The last 2 servers do serve the 143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone help me understand what is going on?
With kind regards,
Dennis Leeuw
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Het Universitair Medisch Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
This message may contain confidential information and is intended
exclusively for the addressee. If you receive this message unintentionally, please do not use the contents but notify the sender immediately by return e-mail. University Medical Center Utrecht is a legal person by public law and is registered at the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
- -- ICT Medewerker Divisie Biomedische Genetica UMC Utrecht Heidelberglaan 100 STR2.126 3584 CX Utrecht The Netherlands 06 27744048 intern: 64048
openldap-technical@openldap.org
-
Dennis Leeuw -
George Ross -
Matthias Apitz -
Ulrich Windl