[Pdns-users] ldap & recursor problem

Norbert Sendetzky norbert at linuxnetworks.de
Fri Jun 23 07:35:07 UTC 2006

Hi Bernd

> The culprit is the dns query of kerberos together with the result of pdns.
> Kerberos makes a request
> "Standard query AAAA FQDN-of-kdc-server-specified-in-krb5.conf"

I suppose Kerberos does by default IPv4 and IPv6 lookups even if you don't use 
IPv6 at all and have no AAAA record in you DNS tree?

> With a properly working recursor pdns gets the answer from the recursor
>  "Standard Query response, no such name"
> and sends this answer to the client who did the dns request.
> Without a recursor, pdns never answers to the client which causes very long
> kerberos timeouts (so long that one might think it doesn't work at all).

So the real problem is the pdns server which doesn't time out after 5sec and 
doesn't send a SERVFAIL to the client if it gets no answer from the recursor. 
Is this correct?

> A workaround is to set the ip of the kdc servers and not their fqdn.

Seems like we need a bugfix nevertheless.

OpenPGP public key

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20060623/04f0b92c/attachment-0001.sig>

More information about the Pdns-users mailing list