Login or Register to Ask a Question and Join Our Community


AIX

Ldapsearch takes minutes when using FQDN vs IP

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Ldapsearch takes minutes when using FQDN vs IP
# 8  
Old 05-19-2015
Thanks all for the replies. Appreciated. LDAP logs are as per below. As suspected it's an issue with the host resolution but now need more details as to why:

Code:
/tmp/debug.log
134:20:08:09 T1 K30539837 ldap_msg_table_send_message entered: table=11000ec50 msg=11000edd0 msgid=1
134:20:08:09 T1 K30539837 ldap_write_msg entered: ld=11000e850, lm=11000edd0
134:20:08:09 T1 K30539837 open_ldap_connection: ld(11000e850), lc(11000ea70)
134:20:08:09 T1 K30539837 open_connection: entered sb(11000ea88) host(admaster01) port(389)
134:20:08:09 T1 K30539837 ids_getaddrinfo: host(admaster01), port(389), res(fffffffffffdca8)
134:20:08:32 T1 K30539837 ids_getaddrinfo: rc=0
134:20:08:32 T1 K30539837 tds_connect: socket(4), address(fffffffffffdd00), address_len(16), connect_to(0)
134:20:08:32 T1 K30539837 open_connection: connect rc=0
134:20:08:32 T1 K30539837 open_connection: returning rc=0


The truss trace yields this:



Code:
11862262:       28442773: _poll(0x0FFFFFFFFFFFB1D0, 1, 10000)   = 0
11862262:       28442773: close(3)                              = 0
11862262:       28442773: socket(2, 2, 0)                       = 3
11862262:       28442773: getsockopt(3, 65535, 4104, 0x0FFFFFFFFFFFB104, 0x0FFFFFFFFFFFB100) = 0
11862262:       28442773: connext(3, 0x09001000A0022198, 16)    = 0
11862262:       28442773: _esend(3, 0x0FFFFFFFFFFFC030, 38, 0, 0x0000000000000000) = 38

11862262:       28442773: _poll(0x0FFFFFFFFFFFB1D0, 1, 20000) (sleeping...)


(pauses here)


11862262:       28442773: _poll(0x0FFFFFFFFFFFB1D0, 1, 20000)   = 1
11862262:       28442773: _enrecvfrom(3, 0x0FFFFFFFFFFFD380, 1024, 0, 0x0FFFFFFFFFFFB990, 0x0FFFFFFFFFFFB1B8, 0x0000000000000000) = 38
11862262:       28442773: close(3)                              = 0
11862262:       28442773: socket(2, 2, 0)                       = 3
11862262:       28442773: getsockopt(3, 65535, 4104, 0x0FFFFFFFFFFFB104, 0x0FFFFFFFFFFFB100) = 0
11862262:       28442773: connext(3, 0x09001000A0022198, 16)    = 0
11862262:       28442773: _esend(3, 0x0FFFFFFFFFFFC030, 37, 0, 0x0000000000000000) = 37
11862262:       28442773: _poll(0x0FFFFFFFFFFFB1D0, 1, 5000)    = 1
11862262:       28442773: _enrecvfrom(3, 0x0FFFFFFFFFFFD380, 1024, 0, 0x0FFFFFFFFFFFB990, 0x0FFFFFFFFFFFB1B8, 0x0000000000000000) = 111
11862262:       28442773: _esend(3, 0x0FFFFFFFFFFFC030, 28, 0, 0x0000000000000000) = 28
11862262:       28442773: _poll(0x0FFFFFFFFFFFB1D0, 1, 5000)    = 1
11862262:       28442773: _enrecvfrom(3, 0x0FFFFFFFFFFFD380, 1024, 0, 0x0FFFFFFFFFFFB990, 0x0FFFFFFFFFFFB1B8, 0x0000000000000000) = 103
11862262:       28442773: close(3)                              = 0
11862262:       28442773: kopen("/etc/hosts", O_RDONLY)         = 3
11862262:       28442773: kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
11862262:       28442773: kfcntl(3, F_SETFD, 0x0000000000000001) = 0
11862262:       28442773: kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
11862262:       28442773: kread(3, " #   I B M _ P R O L O G".., 4096) = 2162
11862262:       28442773: kread(3, " #   I B M _ P R O L O G".., 4096) = 0
11862262:       28442773: close(3)                              = 0
11862262:       28442773: socket(2, 1, 0)                       = 3

So not much more but could find out why LDAP search is taking a while when all other OS commands return the address from the hostname adm01 instantaneously. Nothing is visible on the Windows side of things. I tried reversing the /etc/netsvc.conf entries again but no effect. It has been set to : hosts=bind,local .

Cheers,
DH
Last edited by Devyn; 05-19-2015 at 10:16 AM..
# 9  
Old 05-19-2015
Can you try to ping your DNS IP from your machine and let us know.

Code:
# cat /etc/resolv.conf

The output of above command will show primary and secondary (if configured) nameserver IP. Make sure you are able reach those IPs without any ping drops. Especially, the primary one.
This User Gave Thanks to subrkann For This Post:
Devyn
# 10  
Old 05-19-2015
10.0.0.3 is a forwarding AIX based DNS that forwards to the below AD/DNS servers. It is working quickly since if I take it down, I can't resolve the admaster0? servers below. Primary DNS servers are:
Code:
10.0.0.1 admaster01 / DNS01
10.0.0.2 admaster02 / DNS02

I tried the direct route to the primary DNS servers above, same result.


Code:
root [aixdns01] /tmp: cat /etc/resolv.conf
nameserver      10.0.0.3
domain            aix.b.a
search             aix.b.a b.a 
root [aixdns01] /tmp: ping aixdns01
PING aixdns01.aix.b.a (10.0.0.3): 56 data bytes
64 bytes from 10.0.0.3: icmp_seq=0 ttl=255 time=0 ms

--- aixdns01.aix.b.a ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms
root [aixdns01] /tmp: ping admaster01
PING admaster01.b.a (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=128 time=0 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=128 time=0 ms

--- admaster01.b.a ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms
root [aixdns01] /tmp: cat /etc/netsvc.conf|grep -v "#"
hosts=bind,local
root [aixdns01] /tmp:

The local DNS to AIX is a long story but we are using it as a forwarder to the AD servers for now.

Cheers,
DH
Last edited by rbatte1; 05-19-2015 at 01:14 PM.. Reason: Added CODE tags
# 11  
Old 05-19-2015
So your AD and DNS services are running in one server. I can see you are able to ping your primary DNS IP without any problems. This is not the issue that I was suspecting, looks like this is something else.

---------- Post updated at 07:46 PM ---------- Previous update was at 07:19 PM ----------

Just noticed some non-standard configuration on your /etc/resolv.conf file.

You can keep either domain or search but not both at the same time. This is something not usual. Any specific reason for keeping both domain and search on your /etc/resolv.conf ? If there is no specific reasons then try to update your /etc/resolv.conf and /etc/netsvc.conf files as following:

Take a backup of these two files:

Code:
# cp -p /etc/resolv.conf /etc/resolv.conf.MMDDYY
# cp -p /etc/netsvc.conf /etc/netsvc.conf.MMDDYY

Update your /etc/resolv.conf exactly same as below:

Code:
# vi /etc/resolv.conf
search    aix.b.a b.a
nameserver    10.0.0.3

Update /etc/netsvc.conf file:

Code:
# vi /etc/netsvc.conf

Search for "hosts=bind,local" on /etc/netsvc.conf and modify it as following:

Code:
hosts = local4 , bind4

This User Gave Thanks to subrkann For This Post:
Devyn
# 12  
Old 05-20-2015
Setting the netsvc.conf did the trick. Irrespective of what was in resolv.conf. Thanks Guy's for all the help on this. Wish the debug logs could have provided more hints towards this, but it's great. Everything works quickly now. Smilie

Code:
# grep -v "#" /etc/netsvc.conf
hosts=bind4,local4
#

Earlier I disabled IPv6 but didn't update the /etc/netsvc.conf file for bind,local as above. I changed it back to original and it was slow again, then back to only bind4,local4 and it's fast again so that was it. Do I click something on the forum to give you points for helping out?

Cheers,
DH
This User Gave Thanks to Devyn For This Post:
dukessd
# 13  
Old 05-20-2015
Good to know it is fixed.
# 14  
Old 05-21-2015
Quote:
Originally Posted by Devyn
Do I click something on the forum to give you points for helping out?
You can use the "thanks"-feature to mark the most useful post(s) IYO.

Regarding your problem: DNS is a de-centralized service and because networks in itself were considered unreliable (actually to cope with this is the main point of the design of TCP/IP) timeouts are relatively long. You don't want to get a "host not known" every time a 1-second hiccup of the network occurs.

This is perhaps why id did take so long: it tried to resolve the IPv6-localhost first and only after the timeout for this query ran out it issued another query for IPv4.

To verify this assumption try adding the line:

Code:
::1       loopback localhost

to the file /etc/hosts and switch back to hosts = local, bind. If my suspicion is correct it should work without the timeouts.

Anyway, glad you solved it and thanks for posting the final solution.

bakunin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Check file creation Time minutes and if file older then 5 minutes execute some stuff

Hello all, Info: System RedHat 7.5 I need to create a script that based on the creation time, if the file is older then 5 minutes then execute some stuff, if not exit. I thought to get the creation time and minutes like this. CreationTime=$(stat -c %y /tmp/test.log | awk -F" " '{ print... (3 Replies)
Discussion started by: charli1
3 Replies

2. Shell Programming and Scripting

Grep a log file for the last 5 minutes of contents every 5 minutes

Hi all, System Ubuntu 16.04.3 LTS i have the following log INFO 2019-02-07 15:13:31,099 module.py:700] default: "POST /join/8550614e-3e94-4fa5-9ab2-135eefa69c1b HTTP/1.0" 500 2042 INFO 2019-02-07 15:13:31,569 module.py:700] default: "POST /join/6cb9c452-dcb1-45f3-bcca-e33f5d450105... (15 Replies)
Discussion started by: charli1
15 Replies

3. UNIX for Beginners Questions & Answers

How to convert days hours minutes seconds to minutes?

Hi, please help with below time conversion to minutes. one column values: 2 minutes 16 seconds 420 msec 43 seconds 750 msec 0 days 3 hours 29 minutes 58 seconds 480 msec 11 seconds 150 msec I need output in minutes(total elapsed time in minutes) (2 Replies)
Discussion started by: ramu.badugula
2 Replies

4. AIX

Named resolving old fqdn on AIX after change to new fqdn.

Hey All, We have defined abc.this.that in: /etc/named.conf and corresponding files but after the change that we verified through dig -x this.that ptr all is resolving correctly. However in the /var/log/named/named.log file we still see entries for: 4-May-2015 12:15:30.390 queries:... (6 Replies)
Discussion started by: Devyn
6 Replies

5. Shell Programming and Scripting

How to kill a child script if it takes more than 10 minutes?

Hi all, I have a query on killing a child process, if it takes more than 10 minutes myparent.sh has the following #!/bin/sh echo "My Parent Script" home/guru/initiateServer.sh The initiateServer is a child process and this might take 20 or more minutes to return. I want to kill this... (11 Replies)
Discussion started by: guruincredible
11 Replies

6. Shell Programming and Scripting

how to get the FQDN

Suppose I am in one server A .I want to know the FQDN of another host B then how can I get the FQDN of that host B from host A. (1 Reply)
Discussion started by: maitree
1 Replies

7. UNIX for Advanced & Expert Users

Parsing an FQDN

Hi, I want a shell command through which I can parse an FQDN (Fully Qualified Domain Name) and check whether it is correct or not? The FQDN can accept alphanumeric, . and - only. I tried grep -E "^|\-|." <file name>, but I am not able to get the correct result.:confused: Please provide... (1 Reply)
Discussion started by: g_rohit7
1 Replies

8. Solaris

Using sendmail without FQDN

Hello Folks, Am facing an issue regarding sendmail. Sendmail is working on the server but it does not have an FQDN and the server is not connected to internet ie it does not have a public IP, it is in the intranet with 192.xxx.xxx.xx IP. How do we go about sending mail from this sendmail... (1 Reply)
Discussion started by: rcmrulzz
1 Replies

9. Shell Programming and Scripting

Convert minutes to hours, minutes, seconds

How would you convert lets say a 1000 minutes to hours, minutes, seconds (1 Reply)
Discussion started by: Vozx
1 Replies

10. Programming

FQDN and getdomainname

I have a need to create a connection between an erlang node and my C program. the name of an erlang node looks something like monitor@host1.ipc.co.za. The piece of code I have to construct a node name looks like this: char *hostname, *domainname, *nodename = "monitor", *thisfullnodename; ... (1 Reply)
Discussion started by: NanoSec
1 Replies
Login or Register to Ask a Question