On 19.3.2014 15:12, David wrote:
On Wed, Mar 19, 2014 at 01:57:24PM +0100, Petr Spacek wrote:
On 18.3.2014 15:26, David wrote:
We have an installation of FreeIPA (through CentOS 6.5) that's exhibiting some
odd behavior with respect to serving DNS.  Periodically (interval at random)
named running on a replica will stop serving requests from the LDAP server but
continue to respond with recursive requests.  This type of failure causes us
problems, as you could imagine.  (It doesn't fail cleanly so it won't request
from another server.)  We've adjusted the amount of connections each named
makes to 389, but it doesn't seem to make a difference.  We're not seeing
anything in the logs so troubleshooting this is becoming a bit of a
(high-visibility) puzzle to us.

I do happen to have a core file that I grabbed last night before sending a
SIGKILL to named and restarting.  (A SIGTERM has no effect.)

Hopefully there's an easy answer here that we can get rolled into the
environment quickly.  FreeIPA has treated us extraordinarily well so far!

<snip>

Note that David (I guess :-) added logs to the ticket
https://fedorahosted.org/bind-dyndb-ldap/ticket/131
and I'm looking into it.

Actually, that's not me!  I don't have anywhere near as much logging...
At least I'm not alone...

Our failures also seem to happen around log rotation time.

The Kerberos ticket expiring is interesting.  I'll poke around on my
installation and see what I see on this side.

If you need any other information, please let me know.

FYI the problem was discovered & fixed a while ago but I did not sent reply to you. It was fixed in all maintained branches (v2+) of bind-dyndb-ldap.

All supported versions of Fedora were patched so it should not happen again.

You can watch RHEL status on:

RHEL 6.y:
https://bugzilla.redhat.com/show_bug.cgi?id=1142176
https://bugzilla.redhat.com/show_bug.cgi?id=1142152

RHEL 7.y:
https://bugzilla.redhat.com/show_bug.cgi?id=1142150

Have a nice day!

--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to