[Pdns-users] ldap & recursor problem
Bernd Schubert
bernd-schubert at gmx.de
Thu Jun 22 22:53:06 UTC 2006
Hi,
> Any idea why those error messages in the log file happend? Any what should
> I do?
> Well, I wouldn't mind those error messages, but unfortunately local login,
> shells, etc. on the clients also didn't work anymore.
I already described the ethereal results in the IRC channel, but just for
better history and all who don't listen there, here again.
The culprit is the dns query of kerberos together with the result of pdns.
Kerberos makes a request
"Standard query AAAA FQDN-of-kdc-server-specified-in-krb5.conf"
With a properly working recursor pdns gets the answer from the recursor
"Standard Query response, no such name"
and sends this answer to the client who did the dns request.
Without a recursor, pdns never answers to the client which causes very long
kerberos timeouts (so long that one might think it doesn't work at all).
A workaround is to set the ip of the kdc servers and not their fqdn.
Thanks for your help,
Bernd
--
Bernd Schubert
PCI / Theoretische Chemie
Universität Heidelberg
INF 229
69120 Heidelberg
More information about the Pdns-users
mailing list