12533 – resolve_ads should resolve all the IPs from SRV record in one query

Bug 12533 - resolve_ads should resolve all the IPs from SRV record in one query

Summary: resolve_ads should resolve all the IPs from SRV record in one query

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.4.2
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-01-23 09:11 UTC by Matthieu Patou
Modified:	2017-02-01 09:53 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthieu Patou 2017-01-23 09:11:06 UTC

In large environment (ie. tens or hundreds of DCs) the way we resolve SRV records in winbindd is not very efficient if the DNS server didn't return additional records.

That's because we end up doing getaddrinfo separately on each name returned by the SRV lookup. So if we have 100 entries (ie. 100 KDC) then we end up doing 200 additional lookup (A and AAAA) if the DNs server is a bit slow that could be really problematic for things that are done in authentication flow.

Instead of doing one query at a time, queries could be grouped by block of 50 (or any appropriate size) to speed up the lookup.

Comment 1 Matthieu Patou 2017-02-01 09:53:14 UTC

I looked at the RFC it seems that the qdcount is meant for that, that is to say sending x questions in just one DNS request but the bad news seems that bind and MS AD DNS didn't support it at least until very recent version so it seems to be a deal breaker.

Instead I was thinking that the resolution could be made async