Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 186377 - Causes DNS storms when Kerberos servers not reachable
Causes DNS storms when Kerberos servers not reachable
Product: Fedora
Classification: Fedora
Component: krb5-auth-dialog (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Depends On:
  Show dependency treegraph
Reported: 2006-03-23 03:56 EST by Nils Philippsen
Modified: 2008-03-11 05:27 EDT (History)
1 user (show)

See Also:
Fixed In Version: f8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-11 05:27:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nils Philippsen 2006-03-23 03:56:43 EST
Description of problem:

When not logged into e.g. the Red Hat internal network via VPN, i.e. the
configured Kerberos servers are not resolvable, having krb5-auth-dialog causes
real DNS storms (several hundred packets per second) which have even caused my
WLAN card to wedge once.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Have your KRB5 servers not resolvable (e.g. log off the VPN)
2. Have krb5-auth-dialog running
3. Watch your NIC activity light go bonkers and/or run tcpdump/ethereal
Actual results:
Will attach about 1 second of "tcpdump -A ... udp port 53", the DNS server will
not magically know about those servers, even if asked a million times ;-)

Expected results:
Should determine when they're not resolvable/reachable and perhaps only try once
a minute or so.

Additional info:
Comment 2 Andrew Duggan 2006-04-05 10:04:18 EDT
Likely the same problem, but I also see that if the krb servers are not
available when the tickets expire and need renewing, krb-auth-dialog goes into a
CPU bound loop and must be killed.  
Comment 3 Nils Philippsen 2006-04-05 10:34:03 EDT
Perhaps that would explain why I manually need to use kinit (i.e.
krb5-auth-dialog doesn't ask for a password when the krb servers become
available) once e.g. logging into the VPN (where the KRB servers are).
Comment 4 Fedora Update System 2006-09-14 21:49:17 EDT
krb5-auth-dialog-0.6.cvs20060212-1.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 5 petrosyan 2008-03-10 22:35:45 EDT
Fedora Core 5 is no longer maintained. Is this bug still present in Fedora 7 or
Fedora 8?
Comment 6 Nils Philippsen 2008-03-11 05:27:39 EDT
I believe not.

Note You need to log in before you can comment on or make changes to this bug.