Leopard Server: Bonjour-Based DNS A Performance No-No

Prior to moving into the new OpenRain office (announcement coming in June), we used OS X’s magical .local addressing to find all our servers. This allowed us to keep almost everything on DHCP, which is trivial to set up and administer. Little did we know, however, that this was being the root cause of many internal issues.

  • General network I/O performance (file server access, OpenLDAP-based logins etc.) sucked. Simply using Server Admin or Workgroup Manager across the network would often take 5+ seconds to log in.
  • Portable Home Directory (PHD) syncing, VPN and firewall services never seemed to work right, possibly due to nonequivalences between “server.example.com” and “server.local” in SSL and SSH. I’m not completely sure, but stuff broke in more ways than one.

Case in point: do not use bonjour-based DNS for your core network services. Use a proper DNS server from the start. DNS is a cornerstone dependency of all the other services provided by your Leopard server, so any performance issues you introduce at this level will carry through to your entire infrastructure.