> Hmm, that stinks! I would be happy to look into it if you can provide me with > output from a profiler of your choice. (It might be a good idea to profile > bind-dyndb-ldap together with whole named process to see all the > interactions.) >
Hold those horses. I must admit this timing didn't sit right with me, the more I thought about it. Since my test was all new, I created a slapd.conf from scratch. Forgot all about entryUUID index! I took out the creations of the empty master/$domain/keys directories. We don't use any of that. I noticed that its not the syncrepl that is slow, it is the MOD update of all idnsSOAserial. Unfortunately, they are all on one connection, so increasing arg "connections 15"; does not help. I took out the updates of idnsSOAserial by making ldap_replace_serial(return ISC_R_SUCCESS); Startup time is just under 2 minutes. I can certainly live with that. Just go to work out if we can actually use it without idnsSOAserial or not. We have just ldap master using syncrepl to each DNS server's local slapd. Then named to use that. No xfers, no slaves etc. Shutdown is still slow, but that appears to be a Solaris bug, after all zones are shutdown and listening ports released, it sits around calling lwp_park and unpark for 10 minutes. I can debug that later. -- Jorgen Lundman | <lund...@lundman.net> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project