#480 SSSD does not really do DNS queries
Closed: Invalid None Opened 13 years ago by myllynen.

When SSSD has been started while offline everything works nicely but when going back online things involving id queries start to cause noticeable lags (e.g., when opening a new terminal). These lags correspond in lenght to dns_resolver_timeout value. Queries for id information not in cache fail.

I have verified by monitoring logs and network traffic that when SSSD write to log that it is resolving a data provider (an LDAP server in this case) no packets are actually ever sent over the network. After the time period defined in dns_resolver_timeout has passed, SSSD concludes that the data provider is unreachable. It could be noted that if one uses ldapsearch in a terminal while SSSD is seemingly trying to resolve the host name, ldapsearch returns expected results immediately.

So it would seem that either SSSD never communicates with c-ares correctly or for some reason c-ares fails to do the actual query.

I have access to a private (customer) network where I can reproduce this so I can provide more logs in private if needed.

Tested with sssd-1.1.91 and c-ares-1.6.0 on RHEL5.5.


After lots of debugging it turns out that this is because the propritary Cisco VPN client (using a kernel module) break inotify, thus SSSD was trying to contact the old name server.

So this is a Cisco VPN client issue, not an SSSD problem.

As myllynen says, we've determined that this is a bug in the Cisco VPN client, not SSSD. I have opened ticket #484 to provide a workaround in the future for this and other tainted kernel modules.

resolution: => worksforme
status: new => closed

Fields changed

rhbz: => 0

Fields changed

milestone: NEEDS_TRIAGE => void

Metadata Update from @myllynen:
- Issue set to the milestone: void

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1522

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata