186377 – Causes DNS storms when Kerberos servers not reachable

Bug 186377 - Causes DNS storms when Kerberos servers not reachable

Summary: Causes DNS storms when Kerberos servers not reachable

Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	krb5-auth-dialog
Sub Component:	(Show other bugs)
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-03-23 08:56 UTC by Nils Philippsen
Modified:	2008-03-11 09:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:	f8
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-03-11 09:27:39 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nils Philippsen 2006-03-23 08:56:43 UTC

Description of problem:

When not logged into e.g. the Red Hat internal network via VPN, i.e. the
configured Kerberos servers are not resolvable, having krb5-auth-dialog causes
real DNS storms (several hundred packets per second) which have even caused my
WLAN card to wedge once.

Version-Release number of selected component (if applicable):
krb5-auth-dialog-0.6.cvs20060212-1
krb5-libs-1.4.3-4.1
krb5-workstation-1.4.3-4.1

How reproducible:
Easy

Steps to Reproduce:
1. Have your KRB5 servers not resolvable (e.g. log off the VPN)
2. Have krb5-auth-dialog running
3. Watch your NIC activity light go bonkers and/or run tcpdump/ethereal
  
Actual results:
Will attach about 1 second of "tcpdump -A ... udp port 53", the DNS server will
not magically know about those servers, even if asked a million times ;-)

Expected results:
Should determine when they're not resolvable/reachable and perhaps only try once
a minute or so.

Additional info:

Comment 2 Andrew Duggan 2006-04-05 14:04:18 UTC

Likely the same problem, but I also see that if the krb servers are not
available when the tickets expire and need renewing, krb-auth-dialog goes into a
CPU bound loop and must be killed.

Comment 3 Nils Philippsen 2006-04-05 14:34:03 UTC

Perhaps that would explain why I manually need to use kinit (i.e.
krb5-auth-dialog doesn't ask for a password when the krb servers become
available) once e.g. logging into the VPN (where the KRB servers are).

Comment 4 Fedora Update System 2006-09-15 01:49:17 UTC

krb5-auth-dialog-0.6.cvs20060212-1.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 5 petrosyan 2008-03-11 02:35:45 UTC

Fedora Core 5 is no longer maintained. Is this bug still present in Fedora 7 or
Fedora 8?

Comment 6 Nils Philippsen 2008-03-11 09:27:39 UTC

I believe not.

Note You need to log in before you can comment on or make changes to this bug.