Hi, Look in /etc/nsswitch.conf and change the order of the 'hosts:' entry to "hosts: files dns" then add an entry for your LDAP server(s) in /etc/hosts. This will be much faster than querying the DNS as it's a local lookup, for anything not in /etc/hosts it will still search the dns. Another possibility is to look at /etc/resolv.conf, if there is a line beginning 'search' with several domains, this will also slow lookups. If you specify a hostname without the domain name, the resolver library will append each domain listed in the 'search' statement and try a lookup. If you don't need the search feature (you have to specify all names in FQDN format, which is good practise), comment it out. Rgds, Simon -----Original Message----- From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stig Venaas Sent: Thursday, September 26, 2002 14:29 To: Geoff Swan Cc: openldap-software@OpenLDAP.org Subject: Re: client dns lookups, can they be disabled? On Thu, Sep 19, 2002 at 10:49:55PM +1000, Geoff Swan wrote: > Hi, > > I have a system with slapd on a server with a known IP address. OpenLDAP > has been build with the rdns lookups disabled. > > When I use ldapsearch (or any client which uses the openLDAP client > libraries) to perform a search on the database at this server (by > specifying the IP address of the server), the client appears to attempt > to perform a DNS lookup before the bind operation (an ethereal trace > shows this). > > Is there any way to prevent this? It slows down the search considerably. I've looked a bit at the code, and it will try to lookup it's own IP address (at least if compiled with Kerberos, TLS or SASL it seems). You should be able to avoid that by adding an entry in /etc/hosts. If you specify IP address of server, at least Linux and FreeBSD have getaddrinfo() implementations that will not make a DNS request. With ethereal (or at least tcpdump) you can check what it tries to lookup. Is it an A record for something starting with your IP address, is it an A record for your hostname, or is it something else? Stig
Attachment:
smime.p7s
Description: S/MIME cryptographic signature