Bug 703624
Summary: | SSSD's async resolver only tries the first nameserver in /etc/resolv.conf | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jenny Severance <jgalipea> | |
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | |
Severity: | urgent | Docs Contact: | ||
Priority: | urgent | |||
Version: | 6.1 | CC: | benl, dpal, grajaiya, jgalipea, jhrozek, jwest, kbanerje, prc | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | sssd-1.5.1-35.el6 | Doc Type: | Bug Fix | |
Doc Text: |
Cause: the internal resolver of SSSD was set to never retry other name servers it reads from /etc/resolv.conf should the first one fail to resolve a host name
Consequence: If the resolving failed, SSSD switched to offline mode without asking the other configured name servers
Fix: the resolver was configured so that it queries all name servers
Result: hostname resulution correctly retries until it either queries all the configured name servers or resolves the host name
|
Story Points: | --- | |
Clone Of: | ||||
: | 707574 748835 (view as bug list) | Environment: | ||
Last Closed: | 2011-12-06 16:38:21 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 707574, 708352, 748835 |
Description
Jenny Severance
2011-05-10 20:16:24 UTC
Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. Updating bug summary. The problem is not limited (or even related) to FreeIPA with integrated DNS. I have opened upstream ticket https://fedorahosted.org/sssd/ticket/867 to track the real issue. We're not properly failing over to secondary DNS servers if the first server in the list is broken. Steps to reproduce: 1. Set up a valid /etc/resolv.conf with a working primary DNS server 2. Add nameserver 127.0.0.2 to the above the working DNS entries (simulates having an unreachable DNS server first in the list) 3. Enable debug logs and restart SSSD The debug log will contain (Wed May 11 16:08:52 2011) [sssd[be[example.com]]] [fo_resolve_service_done] (1): Failed to resolve server 'ldap.example.com': Could not contact DNS servers and SSSD will operate permanently in offline mode because it can never resolve the SRV records. It's unclear right now whether the bug is in SSSD's async resolver or internal to the c-ares library. Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 49.el6 Build Date: Mon 29 Aug 2011 08:26:38 PM IST Install Date: Wed 31 Aug 2011 07:01:44 AM IST Build Host: x86-010.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-49.el6.src.rpm Size : 3549339 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: the internal resolver of SSSD was set to never retry other name servers it reads from /etc/resolv.conf should the first one fail to resolve a host name Consequence: If the resolving failed, SSSD switched to offline mode without asking the other configured name servers Fix: the resolver was configured so that it queries all name servers Result: hostname resulution correctly retries until it either queries all the configured name servers or resolves the host name Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html |