Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/811 We agreed on fixing #809 for 1.5.x by resolving host names again after a hardcoded interval when we retry connection to a previously failed service But a proper fix is to honour TTL values we get from DNS. This needs a couple of more intrusive changes: * do not use `ares_gethostbyname()` which only returns `struct hostent` but rather query directly for A or AAAA records using `ares_query()` * change our internal resolver to pass some custom structure that includes the TTL value, not just `struct hostent` * expire the host name lookups when the TTL value passes
Please add step to verify/reproduce this issue. thanks
In general, add an A or AAAA record to DNS with a low TTL value. Log in as a user - that would trigger a name resolution. Change the A record on the DNS server to point to a different IP address. If you try to log in before TTL has passed, SSSD should still connect the same server address even though the record has changed on the server. Wait until the TTL is over, then log in again. SSSD should detect that TTL has already passed and resolve the new address. In particular, the --ttl option of "ipa dnsrecord-add" might be helpful.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0747.html