[Pdns-users] ldap & recursor problem
Norbert Sendetzky
norbert at linuxnetworks.de
Fri Jun 23 07:35:07 UTC 2006
Hi Bernd
> The culprit is the dns query of kerberos together with the result of pdns.
> Kerberos makes a request
> "Standard query AAAA FQDN-of-kdc-server-specified-in-krb5.conf"
I suppose Kerberos does by default IPv4 and IPv6 lookups even if you don't use
IPv6 at all and have no AAAA record in you DNS tree?
> With a properly working recursor pdns gets the answer from the recursor
> "Standard Query response, no such name"
> and sends this answer to the client who did the dns request.
>
> Without a recursor, pdns never answers to the client which causes very long
> kerberos timeouts (so long that one might think it doesn't work at all).
So the real problem is the pdns server which doesn't time out after 5sec and
doesn't send a SERVFAIL to the client if it gets no answer from the recursor.
Is this correct?
> A workaround is to set the ip of the kdc servers and not their fqdn.
Seems like we need a bugfix nevertheless.
Norbert
--
OpenPGP public key
http://www.linuxnetworks.de/norbert.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20060623/04f0b92c/attachment-0001.sig>
More information about the Pdns-users
mailing list