[Pdns-users] [LdapBackend] Ldap connection closed

Tomas Brandysky tbrandysky at suse.cz
Thu Feb 23 08:44:47 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We have 150 users using our DNS server running on Pdns 2.9.19 with ldap
backend and we have noticed two times problem when DNS server didn't
respond to queries at all and only restart solved the problem. We think
it could be caused by this problem:


Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Request for reverse
zone AXFR, but this is not supported in strict mode
Feb 23 09:35:38 guild pdns[15670]: Backend error: Backend error trying
to determine magic serial number of zone '1.0.0.127.in-addr.arpa'
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Ldap connection closed
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Ldap connection succeeded
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Request for reverse
zone AXFR, but this is not supported in strict mode
Feb 23 09:35:38 guild pdns[15670]: Backend error: Backend error trying
to determine magic serial number of zone '1.0.0.127.in-addr.arpa'
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Ldap connection closed
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Request for reverse
zone AXFR, but this is not supported in strict mode
Feb 23 09:35:38 guild pdns[15670]: Backend error: Backend error trying
to determine magic serial number of zone '1.0.0.127.in-addr.arpa'
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Ldap connection closed
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Request for reverse
zone AXFR, but this is not supported in strict mode
Feb 23 09:35:38 guild pdns[15670]: Backend error: Backend error trying
to determine magic serial number of zone '1.0.0.127.in-addr.arpa'
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Ldap connection closed
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Request for reverse
zone AXFR, but this is not supported in strict mode
Feb 23 09:35:38 guild pdns[15670]: Backend error: Backend error trying
to determine magic serial number of zone '1.0.0.127.in-addr.arpa'
Feb 23 09:35:38 guild pdns[15670]: [LdapBackend] Ldap connection closed


When someone is flooding DNS server in this way it's really noticeable
time it takes when querying DNS entries.

Sometimes it takes more time to reconect to LDAP server:

Feb 23 09:38:44 guild pdns[15670]: [LdapBackend] Ldap connection closed
Feb 23 09:38:50 guild pdns[15670]: [LdapBackend] Ldap connection succeeded

Do you have any ideas how to steer clear of this problem ?


Thank you

Tomas

Norbert Sendetzky wrote:
> Hi Tomas
> 
>> we are using pdns 2.9.19 with ldap backend.
>>
>> Whenever I do:
>>> dig 1.0.0.127.in-addr.arpa @pdns_server
>> I can see this in pdns logs:
>>
>> [LdapBackend] Request for reverse zone AXFR, but this is not supported
>> in strict mode
>> Backend error: Backend error trying to determine magic serial number of
>> zone '1.0.0.127.in-addr.arpa'
>> [LdapBackend] Ldap connection closed
>> [LdapBackend] Ldap connection succeeded
> 
> The command seems to turn into an AXFR query, which isn't supported in strict 
> mode. I don't know if this behavior can be omitted by the pdns server code.
> 
> AXFR in strict mode returns FALSE - it doesn't throw an exception. Therefore I 
> also think that the pdns server shouldn't recreate the backend.
> 
> @Bert: Am I doing something wrong by returning FALSE?
> 
>> besides this query:
>>> dig 1.0.0.127.in-addr.arpa PTR @pdns_server
>> ...works as expected.
>>
>> I think that DNS server should not crash like that but maybe it's just a
>> normal behaviour whenever it's asked for such strange queries.
> 
> Well, it doesn't crash but it does more than it should do.
> 
> 
> Norbert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD/XX/0oHPSLv2K40RAhG/AKDY53FH1fpTtZJsDrPF0/Y6JcVUuQCdEuCT
cTFWSuVQoV6R2vYfdwV6zSI=
=5kWU
-----END PGP SIGNATURE-----

More information about the Pdns-users mailing list