Bug 785884 - Honour TTL when resolving host names
Summary: Honour TTL when resolving host names
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Stephen Gallagher
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-30 20:25 UTC by Stephen Gallagher
Modified: 2020-05-02 16:19 UTC (History)
5 users (show)

Fixed In Version: sssd-1.8.0-2.el6.beta2
Doc Type: Bug Fix
Doc Text:
No documentation needed
Clone Of:
Environment:
Last Closed: 2012-06-20 11:54:27 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 1853 0 None closed Honour TTL when resolving host names 2020-05-02 16:19:03 UTC
Red Hat Product Errata RHBA-2012:0747 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2012-06-19 19:31:43 UTC

Description Stephen Gallagher 2012-01-30 20:25:55 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/811

We agreed on fixing #809 for 1.5.x by resolving host names again after a hardcoded interval when we retry connection to a previously failed service

But a proper fix is to honour TTL values we get from DNS. This needs a couple of more intrusive changes:
 * do not use `ares_gethostbyname()` which only returns `struct hostent` but rather query directly for A or AAAA records using `ares_query()`
 * change our internal resolver to pass some custom structure that includes the TTL value, not just `struct hostent`
 * expire the host name lookups when the TTL value passes

Comment 1 Jenny Severance 2012-01-30 20:38:07 UTC
Please add step to verify/reproduce this issue. thanks

Comment 2 Jakub Hrozek 2012-01-31 07:51:34 UTC
In general, add an A or AAAA record to DNS with a low TTL value. Log in as a user - that would trigger a name resolution. Change the A record on the DNS server to point to a different IP address. If you try to log in before TTL has passed, SSSD should still connect the same server address even though the record has changed on the server. Wait until the TTL is over, then log in again. SSSD should detect that TTL has already passed and resolve the new address.

In particular, the --ttl option of "ipa dnsrecord-add" might be helpful.

Comment 4 Jakub Hrozek 2012-04-03 18:14:20 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed

Comment 8 errata-xmlrpc 2012-06-20 11:54:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html


Note You need to log in before you can comment on or make changes to this bug.