Red Hat Bugzilla – Bug 186377
Causes DNS storms when Kerberos servers not reachable
Last modified: 2008-03-11 05:27:39 EDT
Description of problem:
When not logged into e.g. the Red Hat internal network via VPN, i.e. the
configured Kerberos servers are not resolvable, having krb5-auth-dialog causes
real DNS storms (several hundred packets per second) which have even caused my
WLAN card to wedge once.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Have your KRB5 servers not resolvable (e.g. log off the VPN)
2. Have krb5-auth-dialog running
3. Watch your NIC activity light go bonkers and/or run tcpdump/ethereal
Will attach about 1 second of "tcpdump -A ... udp port 53", the DNS server will
not magically know about those servers, even if asked a million times ;-)
Should determine when they're not resolvable/reachable and perhaps only try once
a minute or so.
Likely the same problem, but I also see that if the krb servers are not
available when the tickets expire and need renewing, krb-auth-dialog goes into a
CPU bound loop and must be killed.
Perhaps that would explain why I manually need to use kinit (i.e.
krb5-auth-dialog doesn't ask for a password when the krb servers become
available) once e.g. logging into the VPN (where the KRB servers are).
krb5-auth-dialog-0.6.cvs20060212-1.1 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Fedora Core 5 is no longer maintained. Is this bug still present in Fedora 7 or
I believe not.