Bug 186377 - Causes DNS storms when Kerberos servers not reachable
Summary: Causes DNS storms when Kerberos servers not reachable
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5-auth-dialog
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2006-03-23 08:56 UTC by Nils Philippsen
Modified: 2008-03-11 09:27 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2008-03-11 09:27:39 UTC

Attachments (Terms of Use)

Description Nils Philippsen 2006-03-23 08:56:43 UTC
Description of problem:

When not logged into e.g. the Red Hat internal network via VPN, i.e. the
configured Kerberos servers are not resolvable, having krb5-auth-dialog causes
real DNS storms (several hundred packets per second) which have even caused my
WLAN card to wedge once.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Have your KRB5 servers not resolvable (e.g. log off the VPN)
2. Have krb5-auth-dialog running
3. Watch your NIC activity light go bonkers and/or run tcpdump/ethereal
Actual results:
Will attach about 1 second of "tcpdump -A ... udp port 53", the DNS server will
not magically know about those servers, even if asked a million times ;-)

Expected results:
Should determine when they're not resolvable/reachable and perhaps only try once
a minute or so.

Additional info:

Comment 2 Andrew Duggan 2006-04-05 14:04:18 UTC
Likely the same problem, but I also see that if the krb servers are not
available when the tickets expire and need renewing, krb-auth-dialog goes into a
CPU bound loop and must be killed.  

Comment 3 Nils Philippsen 2006-04-05 14:34:03 UTC
Perhaps that would explain why I manually need to use kinit (i.e.
krb5-auth-dialog doesn't ask for a password when the krb servers become
available) once e.g. logging into the VPN (where the KRB servers are).

Comment 4 Fedora Update System 2006-09-15 01:49:17 UTC
krb5-auth-dialog-0.6.cvs20060212-1.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 5 petrosyan 2008-03-11 02:35:45 UTC
Fedora Core 5 is no longer maintained. Is this bug still present in Fedora 7 or
Fedora 8?

Comment 6 Nils Philippsen 2008-03-11 09:27:39 UTC
I believe not.

Note You need to log in before you can comment on or make changes to this bug.