DNS Resolver Broken in sssd

https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/6ZPVDL7JLTKTSQ5ODSTN4TU3OOQBBOUN/

Hi list,

I am regularly getting messages like:

(Mon Aug 8 21:20:19 2016) [sssd[be[default]]] [be_resolve_server_process] (0x0080): Couldn’t resolve server (myserver.com), resolver returned (5) Or (Wed Aug 10 15:47:46 2016) [sssd[be[default]]] [nsupdate_get_addrs_done] (0x0040): Could not resolve address for this machine, error [5]: Input/output error, resolver returned: [11]: Could not contact DNS servers

I am also running TCPdump in the background - no DNS query has been performed at the time of the error and my dns servers are working fine. What could be the reason?

Thanks, Ondrej

The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.

Attachments:

attachment.html (text/html — 3.8 KB)

0 0 Reply

Show replies by date Lukas Slebodnik 11 Aug 3:11 a.m.

On (11/08/16 08:06), Ondrej Valousek wrote: …

It would be good to see more context from log files (maybe the full debug level 9)

LS 0 0 Reply Ondrej Valousek 7:21 a.m.

There is output of the log file (debug 0x1FF): … (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [resolve_srv_done] (0x0400): SRV lookup did not return any new server. (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service ‘AD’ as ‘not resolve d’ (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [be_resolve_server_process] (0x0080): Couldn’t resolve server (SRV lookup meta-server), resolver returned (1432158231) (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service ‘AD’ (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [get_server_status] (0x1000): Status of server ‘server1.prague.com’ is ‘name resolved’ (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [resolve_srv_send] (0x0200): The status of SRV lookup is not resolved (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 0 of server ‘(no name)’ as ‘not working’ (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [be_resolve_server_process] (0x0080): Couldn’t resolve server (server1.prague.com), resolver returned (5) (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [fo_resolve_service_send] (0x0100): Trying to resolve service ‘AD’ (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [get_server_status] (0x1000): Status of server ‘server1.prague.com’ is ‘name resolved’ (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [resolve_srv_send] (0x0200): The status of SRV lookup is not resolved (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [fo_set_port_status] (0x0100): Marking port 0 of server ‘(no name)’ as ‘not working’ (Wed Aug 10 02:22:24 2016) [sssd[be[default]]] [be_resolve_server_process] (0x0080): Couldn’t resolve server (server1.prague.com), resolver returned (5)

TCPdump shows (this time) that query has been sent to DNS servers and response followed in no time. So there is deffinitely no problem with DNS here.

Ondrej

—–Original Message—– From: Lukas Slebodnik [mailto:lslebodn@redhat.com] Sent: Thursday, August 11, 2016 10:12 AM To: End-user discussions about the System Security Services Daemon sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: DNS resolver broken in sssd?

On (11/08/16 08:06), Ondrej Valousek wrote: …

It would be good to see more context from log files (maybe the full debug level 9)

LS ___________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org

On Thu, Aug 11, 2016 at 12:21:43PM +0000, Ondrej Valousek wrote: …

Ah, ‘good’ that you could reproduce this. We already found a similar (same?) issue some time ago, but were never sure what’s going on. (Sorry, the BZ is private and contains a ton of customer data..)

Pavel, maybe with Ondrej’s help we could figure it out? … 0 0 Reply Ondrej Valousek 15 Aug 3:48 a.m.

Opened a Red Hat support case regarding this issue. Hope it helps.

Ondrej

—–Original Message—– From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: Thursday, August 11, 2016 3:59 PM To: sssd-users@lists.fedorahosted.org Cc: pbrezina@redhat.com Subject: [SSSD-users] Re: DNS resolver broken in sssd?

On Thu, Aug 11, 2016 at 12:21:43PM +0000, Ondrej Valousek wrote: …

Pavel, maybe with Ondrej’s help we could figure it out? …

sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org

On 08/11/2016 03:58 PM, Jakub Hrozek wrote: …

What BZ do you mean? …

Does dig or nslookup return valid answer? Can you pm me case number? … 0 0 Reply Jakub Hrozek 3:44 a.m.

On Tue, Aug 16, 2016 at 10:35:46AM +0200, Pavel Březina wrote: …

What BZ do you mean?

https://bugzilla.redhat.com/show_bug.cgi?id=1332309 0 0 Reply Ondrej Valousek 17 Aug 3:52 a.m.

This is a response I got from RH support team: “Hello,

I checked the available logs and it looks like you are hitting to same issue mentioned in BZ # 1332309

The issue is still being investigated by our Engineering Team and I will update you once I hear any update from them.Hence I am keeping the status as “Waiting on Red Hat”

Thanks! Hemant Associate Technical Support Engineer Customer Engagement and Experience Red Hat.”

Let me know guys if I could help somehow… O.

—–Original Message—– From: Jakub Hrozek [mailto:jhrozek@redhat.com] Sent: 16 August 2016 09:45 To: Pavel Březina pbrezina@redhat.com Cc: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: DNS resolver broken in sssd?

On Tue, Aug 16, 2016 at 10:35:46AM +0200, Pavel Březina wrote: …

What BZ do you mean?

https://bugzilla.redhat.com/show_bug.cgi?id=1332309 ___________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org