[Pdns-users] Error with pdns v3.0 RC3 with LDAP backend - queries return wrong results after backend connection is lost and re-established

Nick Milas nmilas at admin.noa.gr
Thu Jul 21 11:05:29 UTC 2011 

On 21/7/2011 12:27 ΌΌ, bert hubert wrote:

> You'll need to repeat the query three times, or set
> distributor-threads=1. Each backend needs to reconnect, and will
> generate a SERVFAIL once. Bert

I set distributor-threads=1. What I found by further testing (disabled 
recursor running on the same machine) is that, after pdns loses 
connection with ldap server, when ldap is available again pdns hangs (so 
the partial results received in previous tests were from the recursor?)

I remind you I am using Kees' packages and I have not compiled from source.

See (backend is now down - it was working OK before):

[root at dns2 openldap-data]# nslookup -type=ANY vmail.noa.gr dns2.noa.gr
;; Got SERVFAIL reply from 2001:648:2011:8010::210, trying next server
;; Got SERVFAIL reply from 2001:648:2011:8010::210, trying next server
Server:         dns2.noa.gr
Address:        195.251.204.210#53

** server can't find vmail.noa.gr.noa.gr: SERVFAIL

[root at dns2 openldap-data]#
[root at dns2 openldap-data]# service slapd start
...
slapd[27339]: [OK] OpenLDAP started on port 389 and 636

############### LDAP is running again ###########

[root at dns2 openldap-data]#
[root at dns2 openldap-data]# nslookup -type=ANY vmail.noa.gr dns2.noa.gr
;; connection timed out; no servers could be reached

Attached is an extract from the logs (it may contain more queries than 
the above). In this case there are errors. Not in all cases there were 
errors.

The usual messages in the logs is a series of:

Jul 21 13:21:28 dns2 pdns[27221]: Database module reported condition 
which prevented lookup (LDAP server unreachable) sending out servfail
Jul 21 13:21:29 dns2 pdns[27221]: [LdapBackend] Unable to search LDAP 
directory: Starting LDAP search: Can't contact LDAP server

Nick

-------------- next part --------------
A non-text attachment was scrubbed...
Name: log_norecursor.zip
Type: application/octet-stream
Size: 4881 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110721/5102f7a3/attachment-0001.obj>

More information about the Pdns-users mailing list