1:33 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets
192.168.196.
192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by
round-robin DNS.
The 192.168.196. network is exhausted, so we added a new LDAP slave to
192.168.222. and added the IP address to the round-robin pool.
But it seems that it is only used by other servers in the 192.168.222
network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf:
enable-cache hosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432
and nslcd.conf:
uid nslcd
gid ldap
uri ldap://ldap.div.ourdomain.nl/
base dc=div,dc=ourdomain,dc=nl
ssl no
tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections
all from the 192.168.222 range, and the 2 hosts in the 192.168.196
range serve 599 and 706 connections. The last 2 servers do serve the
143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl
192.168.196.190 STREAM ldap.div.ourdomain.nl
192.168.196.190 DGRAM
192.168.196.190 RAW
192.168.196.151 STREAM
192.168.196.151 DGRAM
192.168.196.151 RAW
192.168.222.179 STREAM
192.168.222.179 DGRAM
192.168.222.179 RAW
Is this the right list for this question? And if so can someone help
me understand what is going on?
With kind regards,
Dennis Leeuw
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTAyjwAAoJEMVYYpdbQscouGsH/3yXjh6zmLMDRaks18qe+yH7
oUrdatkENF7+WyxLz7ZzNL69gXyEwTANGGf9y7CYuqNu47PDs3SvNOM1/kgjy7pr
CSN1t9acVb9i67JgOV2ed5fMHlOzOR+sevNKjsdEdKVXrYvcXnevLOD0KHhGlXeq
Ips0Uqk8cusDXQZSUPab0aQNhWawyT1Tf4SQVAJbJ3OYEiFpHyPJXos2F4DIpYPJ
9FLn/dqV8sUNc9kaOHRjwcVYYAVyey9vX33xbYKr4pXKLd/ujaArBtwE1tyKvR2G
JPz6Gw5sYK5JLjkmr1uzPAze46heiVFY6U1Vv7aMJ4ujuabBiU11Us2k4XuotPI=
=UxBr
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively
for the addressee. If you receive this message unintentionally, please do not
use the contents but notify the sender immediately by return e-mail. University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
3:09 a.m.
New subject: Antw: Weird DNS round-robin issue
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am
18.02.2014 um 10:33 in
Nachricht <530328F0.4090903(a)umcutrecht.nl>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets
192.168.196.
192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by
round-robin DNS.
The 192.168.196. network is exhausted, so we added a new LDAP slave to
192.168.222. and added the IP address to the round-robin pool.
But it seems that it is only used by other servers in the 192.168.222
network and not by servers in the 192.168.196. network
This setup has now been running for 6 days, with nscd.conf:
enable-cache hosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432
and nslcd.conf:
uid nslcd
gid ldap
uri ldap://ldap.div.ourdomain.nl/
base dc=div,dc=ourdomain,dc=nl
ssl no
tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33 connections
all from the 192.168.222 range, and the 2 hosts in the 192.168.196
range serve 599 and 706 connections. The last 2 servers do serve the
143.121.222. network also. So might there be some caching issue?
$ getent ahost ldap.div.ourdomain.nl
192.168.196.190 STREAM ldap.div.ourdomain.nl
192.168.196.190 DGRAM
192.168.196.190 RAW
192.168.196.151 STREAM
192.168.196.151 DGRAM
192.168.196.151 RAW
192.168.222.179 STREAM
192.168.222.179 DGRAM
192.168.222.179 RAW
Is this the right list for this question? And if so can someone help
me understand what is going on?
With kind regards,
Dennis Leeuw
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTAyjwAAoJEMVYYpdbQscouGsH/3yXjh6zmLMDRaks18qe+yH7
oUrdatkENF7+WyxLz7ZzNL69gXyEwTANGGf9y7CYuqNu47PDs3SvNOM1/kgjy7pr
CSN1t9acVb9i67JgOV2ed5fMHlOzOR+sevNKjsdEdKVXrYvcXnevLOD0KHhGlXeq
Ips0Uqk8cusDXQZSUPab0aQNhWawyT1Tf4SQVAJbJ3OYEiFpHyPJXos2F4DIpYPJ
9FLn/dqV8sUNc9kaOHRjwcVYYAVyey9vX33xbYKr4pXKLd/ujaArBtwE1tyKvR2G
JPz6Gw5sYK5JLjkmr1uzPAze46heiVFY6U1Vv7aMJ4ujuabBiU11Us2k4XuotPI=
=UxBr
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de
W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd
bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended
exclusively
for the addressee. If you receive this message unintentionally, please do
not
use the contents but notify the sender immediately by return e-mail.
University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
3:24 a.m.
New subject: Antw: Weird DNS round-robin issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Ulrich,
No I hadn't, didn't even know it existed. But reading up on it it
seems a server side configuration we do not have.
Running the getent several times on a host shows nice round-robin
behaviour, so my guess it is somewhere in the client-side config or
caching, or...
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
>>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am 18.02.2014 um
>>> 10:33 in
Nachricht <530328F0.4090903(a)umcutrecht.nl>: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by
round-robin DNS. The 192.168.196. network is exhausted, so we added
a new LDAP slave to 192.168.222. and added the IP address to the
round-robin pool. But it seems that it is only used by other
servers in the 192.168.222 network and not by servers in the
192.168.196. network
This setup has now been running for 6 days, with nscd.conf:
enable-cache hosts yes positive-time-to-live hosts 3600
negative-time-to-live hosts 20 suggested-size hosts 211
check-files hosts yes persistent hosts yes shared hosts yes
max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri
ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl
no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33
connections all from the 192.168.222 range, and the 2 hosts in the
192.168.196 range serve 599 and 706 connections. The last 2 servers
do serve the 143.121.222. network also. So might there be some
caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM
ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW
192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW
192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone
help me understand what is going on?
With kind regards,
Dennis Leeuw
>
> ------------------------------------------------------------------------------
>
>
>
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
> uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken
> en de afzender direct te informeren door het bericht te
> retourneren. Het Universitair Medisch Centrum Utrecht is een
> publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet
> Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat
> geregistreerd bij de Kamer van Koophandel voor Midden-Nederland
> onder nr. 30244197.
>
> Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
>
> ------------------------------------------------------------------------------
>
>
>
This message may contain confidential information and is intended
> exclusively for the addressee. If you receive this message
> unintentionally, please do not use the contents but notify the
> sender immediately by return e-mail. University Medical Center
> Utrecht is a legal person by public law and is registered at the
> Chamber of Commerce for Midden-Nederland under no. 30244197.
>
> Please consider the environment before printing this e-mail.
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTA0LeAAoJEMVYYpdbQscoJzcIALwJg+KKcoP5ea5sWqpOYFgY
h242bt7oZFTG4Wx9hy/e1xQDpBtcYtN7WM+DzShQknWPRhhiEynBjE0KJNlHpXx9
GM35X17fyz7gR7BXiVXxtN0vddhn1GbYxQokR7Oop5DfpqVrtdGYb6n+HdfKlg4e
fboi5z8Mf4ev1IGrnRFKmjij/xusqbKRiyoWeyGaltPCHQslhSL8SgH78GRQCEjA
heyE3EjNTdyr9JuSZseoxZQs3cqSu56RVBDc0wEXZOC/cptoToiEgXpwLDLdVSSz
E5/sc/9gu6yj/oSeO+ADKn8IgdNb6y+Muqs+KxUNIL1zyQh2LZSR2wu6CMoS2Aw=
=368X
-----END PGP SIGNATURE-----
3:27 a.m.
New subject: Antw: Weird DNS round-robin issue
>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am
18.02.2014 um 12:24 in
Nachricht <530342DE.2040406(a)umcutrecht.nl>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Ulrich,
No I hadn't, didn't even know it existed. But reading up on it it
seems a server side configuration we do not have.
Running the getent several times on a host shows nice round-robin
behaviour, so my guess it is somewhere in the client-side config or
caching, or...
Do you run nscd?
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
> Hi!
>
> Did you read the bind manual pages about "sortlist"?
>
> Ulrich
>
>>>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am 18.02.2014 um
>>>> 10:33 in
> Nachricht <530328F0.4090903(a)umcutrecht.nl>: Hi all,
>
> I hope I am on the right list for the problem I am experiencing.
>
> We have two subnets 192.168.196. 192.168.222.
>
> Our main LDAP servers run in 192.168.196. and are load-balanced by
> round-robin DNS. The 192.168.196. network is exhausted, so we added
> a new LDAP slave to 192.168.222. and added the IP address to the
> round-robin pool. But it seems that it is only used by other
> servers in the 192.168.222 network and not by servers in the
> 192.168.196. network
>
> This setup has now been running for 6 days, with nscd.conf:
> enable-cache hosts yes positive-time-to-live hosts 3600
> negative-time-to-live hosts 20 suggested-size hosts 211
> check-files hosts yes persistent hosts yes shared hosts yes
> max-db-size hosts 33554432
>
> and nslcd.conf: uid nslcd gid ldap uri
> ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl
> no tls_cacertdir /etc/openldap/cacerts
>
> The LDAP server in the 192.168.222 range serves only 33
> connections all from the 192.168.222 range, and the 2 hosts in the
> 192.168.196 range serve 599 and 706 connections. The last 2 servers
> do serve the 143.121.222. network also. So might there be some
> caching issue?
>
> $ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM
> ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW
> 192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW
> 192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
>
> Is this the right list for this question? And if so can someone
> help me understand what is going on?
>
> With kind regards,
>
> Dennis Leeuw
>
>>
>> ------------------------------------------------------------------------------
>>
>>
>>
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
>> uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
>> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken
>> en de afzender direct te informeren door het bericht te
>> retourneren. Het Universitair Medisch Centrum Utrecht is een
>> publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet
>> Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat
>> geregistreerd bij de Kamer van Koophandel voor Midden-Nederland
>> onder nr. 30244197.
>>
>> Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
>>
>> ------------------------------------------------------------------------------
>>
>>
>>
This message may contain confidential information and is intended
>> exclusively for the addressee. If you receive this message
>> unintentionally, please do not use the contents but notify the
>> sender immediately by return e-mail. University Medical Center
>> Utrecht is a legal person by public law and is registered at the
>> Chamber of Commerce for Midden-Nederland under no. 30244197.
>>
>> Please consider the environment before printing this e-mail.
>
>
>
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTA0LeAAoJEMVYYpdbQscoJzcIALwJg+KKcoP5ea5sWqpOYFgY
h242bt7oZFTG4Wx9hy/e1xQDpBtcYtN7WM+DzShQknWPRhhiEynBjE0KJNlHpXx9
GM35X17fyz7gR7BXiVXxtN0vddhn1GbYxQokR7Oop5DfpqVrtdGYb6n+HdfKlg4e
fboi5z8Mf4ev1IGrnRFKmjij/xusqbKRiyoWeyGaltPCHQslhSL8SgH78GRQCEjA
heyE3EjNTdyr9JuSZseoxZQs3cqSu56RVBDc0wEXZOC/cptoToiEgXpwLDLdVSSz
E5/sc/9gu6yj/oSeO+ADKn8IgdNb6y+Muqs+KxUNIL1zyQh2LZSR2wu6CMoS2Aw=
=368X
-----END PGP SIGNATURE-----
3:28 a.m.
New subject: Antw: Weird DNS round-robin issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/18/2014 12:27 PM, Ulrich Windl wrote:
>>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am
18.02.2014 um
>>> 12:24 in
Nachricht <530342DE.2040406(a)umcutrecht.nl>: Hi Ulrich,
No I hadn't, didn't even know it existed. But reading up on it it
seems a server side configuration we do not have.
Running the getent several times on a host shows nice round-robin
behaviour, so my guess it is somewhere in the client-side config
or caching, or...
> Do you run nscd?
On some hosts we do on some we don't.
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
>>> Hi!
>>>
>>> Did you read the bind manual pages about "sortlist"?
>>>
>>> Ulrich
>>>
>>>>>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am
>>>>>> 18.02.2014 um 10:33 in
>>> Nachricht <530328F0.4090903(a)umcutrecht.nl>: Hi all,
>>>
>>> I hope I am on the right list for the problem I am
>>> experiencing.
>>>
>>> We have two subnets 192.168.196. 192.168.222.
>>>
>>> Our main LDAP servers run in 192.168.196. and are
>>> load-balanced by round-robin DNS. The 192.168.196. network is
>>> exhausted, so we added a new LDAP slave to 192.168.222. and
>>> added the IP address to the round-robin pool. But it seems
>>> that it is only used by other servers in the 192.168.222
>>> network and not by servers in the 192.168.196. network
>>>
>>> This setup has now been running for 6 days, with nscd.conf:
>>> enable-cache hosts yes positive-time-to-live hosts 3600
>>> negative-time-to-live hosts 20 suggested-size hosts 211
>>> check-files hosts yes persistent hosts yes shared hosts
>>> yes max-db-size hosts 33554432
>>>
>>> and nslcd.conf: uid nslcd gid ldap uri
>>> ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl
>>> ssl no tls_cacertdir /etc/openldap/cacerts
>>>
>>> The LDAP server in the 192.168.222 range serves only 33
>>> connections all from the 192.168.222 range, and the 2 hosts
>>> in the 192.168.196 range serve 599 and 706 connections. The
>>> last 2 servers do serve the 143.121.222. network also. So
>>> might there be some caching issue?
>>>
>>> $ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM
>>> ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190
>>> RAW 192.168.196.151 STREAM 192.168.196.151 DGRAM
>>> 192.168.196.151 RAW 192.168.222.179 STREAM 192.168.222.179
>>> DGRAM 192.168.222.179 RAW
>>>
>>> Is this the right list for this question? And if so can
>>> someone help me understand what is going on?
>>>
>>> With kind regards,
>>>
>>> Dennis Leeuw
>>>
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTA0PgAAoJEMVYYpdbQscoo7UH+wapvrnkYMZaYJeTzoDVKkQQ
xRzKLpaFZReuMc7MahfKWPs5Lu5h/04Y0DYxAU3QLIQ7+FN3B5wH+eVi/mFU2PKF
9f5NATEAWNoTfOJ44EtH1LU7qxnaIQSR7SMofskSbxqcxzqaIE6KzhgQG2x1N/Sa
Fi8UtuiIB4NANOMUB6D3XTN2AgrGPlZhhQpMmQZ29bcII+2u0WFbddrPMfCsryhs
nV5PTNyBgBIoegRizpGcbqqVLfpyXLjDG9us9ID1xTORK23wXmIeZger3HbnnFWc
HQNtkT94y0GlWWSxgNJmbYa9N7sJWXlIFcrxp+nzphv38CBf7+2Tu9XdqfyPf4g=
=Jq5y
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively
for the addressee. If you receive this message unintentionally, please do not
use the contents but notify the sender immediately by return e-mail. University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
3:46 a.m.
New subject: Antw: Weird DNS round-robin issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Urlich,
Did some more tests on more servers... and it seems that getent is
more static then I thought. Where 'host' nicely shows round-robin
behaviour, 'getent' does not.
Dennis
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
Ulrich
>>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am 18.02.2014 um
>>> 10:33 in
Nachricht <530328F0.4090903(a)umcutrecht.nl>: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by
round-robin DNS. The 192.168.196. network is exhausted, so we added
a new LDAP slave to 192.168.222. and added the IP address to the
round-robin pool. But it seems that it is only used by other
servers in the 192.168.222 network and not by servers in the
192.168.196. network
This setup has now been running for 6 days, with nscd.conf:
enable-cache hosts yes positive-time-to-live hosts 3600
negative-time-to-live hosts 20 suggested-size hosts 211
check-files hosts yes persistent hosts yes shared hosts yes
max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri
ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl
no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33
connections all from the 192.168.222 range, and the 2 hosts in the
192.168.196 range serve 599 and 706 connections. The last 2 servers
do serve the 143.121.222. network also. So might there be some
caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM
ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW
192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW
192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone
help me understand what is going on?
With kind regards,
Dennis Leeuw
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTA0f7AAoJEMVYYpdbQsco3PIH/1wTk1cCG5gwhiEhUXYTAMBl
NgKzS56spqUL+6T8pk+NL1Y0TlrZtHWX5R8ko24fj+I848sZ9zcF3pxg7Re/y4zK
PKY9/W+JqvIok8SbHqVHkXASx4WSeeEAUOUO97YfxHXSQM2/knXL36zuQd+dtqRN
l4BpaZZhnrAUB9I2Zi+IfVTOrXQhihhiVY7RwQeJINodUS4oJp2x34whEnFHcOtB
Xd37M/3xVNiYXVPeVi6N62q8p+D4gPXIVD9S4gVNo09T0bXT4mnnWgKZ1phR2al9
n0RHPZ12SB4U+pibWJsuBRz14OHMtKaERnHRgxTv0Y0tokxlFSh29etGphJtEgo=
=9hlC
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively
for the addressee. If you receive this message unintentionally, please do not
use the contents but notify the sender immediately by return e-mail. University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
4:37 a.m.
New subject: Antw: Weird DNS round-robin issue
Did some more tests on more servers... and it seems that getent is
more static then I thought. Where 'host' nicely shows round-robin
behaviour, 'getent' does not.
man 5 gai.conf perhaps?
--
George D M Ross MSc PhD CEng MBCS CITP, University of Edinburgh,
School of Informatics, 10 Crichton Street, Edinburgh, Scotland, EH8 9AB
Mail: gdmr(a)inf.ed.ac.uk Voice: 0131 650 5147 Fax: 0131 650 6899
PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
7:04 a.m.
New subject: Antw: Weird DNS round-robin issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/18/2014 01:37 PM, George Ross wrote:
> Did some more tests on more servers... and it seems that getent
> is more static then I thought. Where 'host' nicely shows
> round-robin behaviour, 'getent' does not.
man 5 gai.conf perhaps?
Thanks! Victory! Setting the scopev4 to:
scopev4 192.168.222.0/24 5
scopev4 192.168.196.0/24 5
Solved the issue. Thank!
Dennis
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTA3aDAAoJEMVYYpdbQscoN1EH/jUzRKFGqOT7kq3lo6XLkJnc
CNcIdjnwWRB9ZLDOWZhmn9bo04XY6OpaCLj6i9GFMZXMIH2xbd9LPFXsV7c1oYx8
awkTSYEYdPT+EvGR/7TOKOjxuORFpZnSEp6kOIsfsu6tJEj5Wp5Uz9pkUjMMINUS
Tof0vE65AB3qNHNru6AVtyGXzY9FkTA6fEvCc6yoD8NkJg30P0/jYz/B10yp3X3S
seUV2Y6CYXzu2QdTvgQo0kiZ3hFeggbeopP68ySGtmG/ZkvnFioBGfXUvBGAdZlo
Sg2uvhIL2LtrM1GuBcsWdSnHymxUG08EY3tu/7QMshiD0A16XavrHUBoBAd2PS4=
=EEt0
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht
ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct
te informeren door het bericht te retourneren. Het Universitair Medisch
Centrum Utrecht is een publiekrechtelijke rechtspersoon in de zin van de W.H.W.
(Wet Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat geregistreerd bij
de Kamer van Koophandel voor Midden-Nederland onder nr. 30244197.
Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
------------------------------------------------------------------------------
This message may contain confidential information and is intended exclusively
for the addressee. If you receive this message unintentionally, please do not
use the contents but notify the sender immediately by return e-mail. University
Medical Center Utrecht is a legal person by public law and is registered at
the Chamber of Commerce for Midden-Nederland under no. 30244197.
Please consider the environment before printing this e-mail.
5:41 a.m.
New subject: Antw: Weird DNS round-robin issue
El día Tuesday, February 18, 2014 a las 12:37:02PM +0000, George Ross escribió:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
man 5 gai.conf perhaps?
To George Ross,
Or perhaps:
man -S8 ntpdate?
matthias
--
Matthias Apitz | /"\ ASCII Ribbon Campaign:
E-mail: guru(a)unixarea.de | \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ | X - No proprietary attachments
phone: +49-170-4527211 | / \ - Respect for open standards
| en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
4:17 a.m.
New subject: Antw: Weird DNS round-robin issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/18/2014 12:09 PM, Ulrich Windl wrote:
Hi!
Did you read the bind manual pages about "sortlist"?
The official Bind 9 reference guide says:
"The client resolver code should rearrange the RRs
as appropriate, that is, using any addresses on the *local net* in
preference to other addresses."
That is exactly what I am experiencing :(
Thanks for the pointer!
Ulrich
>>> Dennis Leeuw <D.Leeuw(a)umcutrecht.nl> schrieb am 18.02.2014 um
>>> 10:33 in
Nachricht <530328F0.4090903(a)umcutrecht.nl>: Hi all,
I hope I am on the right list for the problem I am experiencing.
We have two subnets 192.168.196. 192.168.222.
Our main LDAP servers run in 192.168.196. and are load-balanced by
round-robin DNS. The 192.168.196. network is exhausted, so we added
a new LDAP slave to 192.168.222. and added the IP address to the
round-robin pool. But it seems that it is only used by other
servers in the 192.168.222 network and not by servers in the
192.168.196. network
This setup has now been running for 6 days, with nscd.conf:
enable-cache hosts yes positive-time-to-live hosts 3600
negative-time-to-live hosts 20 suggested-size hosts 211
check-files hosts yes persistent hosts yes shared hosts yes
max-db-size hosts 33554432
and nslcd.conf: uid nslcd gid ldap uri
ldap://ldap.div.ourdomain.nl/ base dc=div,dc=ourdomain,dc=nl ssl
no tls_cacertdir /etc/openldap/cacerts
The LDAP server in the 192.168.222 range serves only 33
connections all from the 192.168.222 range, and the 2 hosts in the
192.168.196 range serve 599 and 706 connections. The last 2 servers
do serve the 143.121.222. network also. So might there be some
caching issue?
$ getent ahost ldap.div.ourdomain.nl 192.168.196.190 STREAM
ldap.div.ourdomain.nl 192.168.196.190 DGRAM 192.168.196.190 RAW
192.168.196.151 STREAM 192.168.196.151 DGRAM 192.168.196.151 RAW
192.168.222.179 STREAM 192.168.222.179 DGRAM 192.168.222.179 RAW
Is this the right list for this question? And if so can someone
help me understand what is going on?
With kind regards,
Dennis Leeuw
>
> ------------------------------------------------------------------------------
>
>
>
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
> uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken
> en de afzender direct te informeren door het bericht te
> retourneren. Het Universitair Medisch Centrum Utrecht is een
> publiekrechtelijke rechtspersoon in de zin van de W.H.W. (Wet
> Hoger Onderwijs en Wetenschappelijk Onderzoek) en staat
> geregistreerd bij de Kamer van Koophandel voor Midden-Nederland
> onder nr. 30244197.
>
> Denk s.v.p aan het milieu voor u deze e-mail afdrukt.
>
> ------------------------------------------------------------------------------
>
>
>
This message may contain confidential information and is intended
> exclusively for the addressee. If you receive this message
> unintentionally, please do not use the contents but notify the
> sender immediately by return e-mail. University Medical Center
> Utrecht is a legal person by public law and is registered at the
> Chamber of Commerce for Midden-Nederland under no. 30244197.
>
> Please consider the environment before printing this e-mail.
- --
ICT Medewerker
Divisie Biomedische Genetica
UMC Utrecht
Heidelberglaan 100 STR2.126
3584 CX Utrecht
The Netherlands
06 27744048
intern: 64048
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTA09oAAoJEMVYYpdbQsco7aEIAKseWCH9bnzpIKssAkQLIH26
yDjB7Ypj+Mog3QB9vk8GCLrfTJN60biJjwVE1OeONcq3dVM1NSwwxyy490tjtG+s
t0e5dQvLPEgTQbefLZZ+xXQzKi4d2pdesJv0MRbWsVJs/OApAmkvg/N0eDEvzDDq
s5n/VJQeEY82N/gWKe5ukX0ePJZAbubAtB0aGesqAgoSZyfQ76WEF79x5FOPGPth
iwvPSOW61xKwVyY8aeuezfXI0C+YfkU1g8YW7TP/80P74MK+SdzkbPVDfyu2oZ8a
w2bShRSH4BcZJsKvxxAHXpP81OJ6V3YwWtQFPu5Qvz/8rW3PRMCef3YoCOgYl/8=
=KchD
-----END PGP SIGNATURE-----
3486
days inactive
3575
days old
openldap-technical@openldap.org
9 comments
4 participants
participants (4)
-
Dennis Leeuw -
George Ross -
Matthias Apitz -
Ulrich Windl