Bug 1056526

Summary: Sssd dynamic DNS update is not robust
Product: Red Hat Enterprise Linux 7 Reporter: Nikolai Kondrashov <nikolai.kondrashov>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED UPSTREAM QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, pbrezina, pspacek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-23 13:07:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikolai Kondrashov 2014-01-22 11:32:51 UTC 
Description of problem:
Sssd AD (and probably IPA) provider's failing dynamic DNS updates are not retried, another update attempt is only done after refresh interval.

With default refresh interval, a failed update means than new or changed host DNS records wouldn't be created for at least another 24 hours.

Version-Release number of selected component (if applicable):
1.11.2-29.el7.x86_64

How reproducible:
Always.
Comment 2 Petr Spacek 2014-01-23 11:05:27 UTC 
Note for potential implementation - http://tools.ietf.org/html/rfc1536#section-1 :
[...]
   Both name servers and stub
   resolvers should, therefore, implement some kind of a retransmission
   policy based on round trip time estimates of the name servers. The
   client should back-off exponentially, probably to a maximum timeout
   value.
[...]
Comment 3 Nikolai Kondrashov 2014-01-23 11:21:15 UTC 
Note that nsupdate, by default, seem to do 3 attempts to do the update, with 3 seconds in between. So, sssd shouldn't do it, but indeed some exponential retry scheme might be used instead.
Comment 4 Petr Spacek 2014-01-23 11:34:45 UTC 
I'm not against three successive attempts with timeout = 3 seconds but then the timeout raise exponentially.
Comment 5 Jakub Hrozek 2014-01-23 12:02:28 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2206
Comment 6 Jakub Hrozek 2016-01-11 15:28:18 UTC 
Makes sense, but not too urgent for 7.3
Comment 7 Jakub Hrozek 2016-11-23 13:07:21 UTC 
Since this problem is already tracked in an upstream ticket and this bugzilla is not being planned for any immediate release either in RHEL or upstream, I'm closing this bugzilla with the resolution UPSTREAM.

Please reopen this bugzilla report if you disagree.