<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">IMHO It's DS bug, can you share DS
error log?<br>
pspacek CCed to examine named logs.<br>
<br>
Martin^2<br>
<br>
On 11/11/14 12:13, Walter van Lille wrote:<br>
</div>
<blockquote
cite="mid:CAMqGCT_=2e6D9jNFcW2oZUeqpf6R5OkS_P5g-q+PnNXNsOVEBw@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Martin, thanks for the reply.
<div>My version: bind-dyndb-ldap-2.3-5.el6.x86_64</div>
<div>The server doesn't have journalctl installed but I have the
outputs from the messages and named.run files that I included
here:</div>
<div><br>
</div>
<div>Messages:</div>
<div><br>
</div>
<div>
<div><b>Nov 11 12:30:13 freeipa named[1481]: error (network
unreachable) resolving
'example.example.com.10.123.123.123/A/IN':
2001:500:2f::f#53</b></div>
<div><b>Nov 11 12:30:23 freeipa named[1481]: LDAP query timed
out. Try to adjust "timeout" parameter</b></div>
<div><b>Nov 11 12:30:23 freeipa named[1481]: LDAP query timed
out. Try to adjust "timeout" parameter</b></div>
<div><b>Nov 11 12:30:33 freeipa named[1481]: LDAP query timed
out. Try to adjust "timeout" parameter</b></div>
<div><b>Nov 11 12:30:33 freeipa named[1481]: LDAP query timed
out. Try to adjust "timeout" parameter</b></div>
</div>
<div><br>
</div>
<div>Named.run:</div>
<div><br>
</div>
<div>
<div><b>client 10.123.123.123#42639: transfer of
'example.example/IN': AXFR-style IXFR started</b></div>
<div><b>client 10.123.123.123#42639: transfer of
''example.example/IN': AXFR-style IXFR ended</b></div>
<div><b>client 10.123.123.123#46912: transfer of
'10.123.123.123.in-addr.arpa/IN': AXFR-style IXFR started</b></div>
<div><b>client 10.123.123.123#46912: transfer of
'10.123.123.123.in-addr.arpa/IN': AXFR-style IXFR ended</b></div>
<div><b>LDAP query timed out. Try to adjust "timeout"
parameter</b></div>
<div><b>LDAP query timed out. Try to adjust "timeout"
parameter</b></div>
<div><b>LDAP query timed out. Try to adjust "timeout"
parameter</b></div>
</div>
<div><br>
</div>
<div>I just replaced the IPs and the actual names with something
more generic.</div>
<div><br>
</div>
<div>Regards,</div>
<div><br>
</div>
<div>Walter</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 6, 2014 at 5:00 PM,
Martin Basti <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5">
<div>On 06/11/14 14:58, Walter van Lille wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I need some assistance please.</div>
<div>I've taken over an IPA server to manage a
few months ago, and it was working fine until
recently when it started acting up seemingly
off its own accord.</div>
<div>When I do an ipactl status it basically
gives an output as shown below:</div>
<div><br>
</div>
<div><br>
</div>
<div><b>Directory Service: RUNNING<br>
</b></div>
<div><b><br>
</b></div>
<div>
<div><b>Loooooooooooooooooooooooooooooooooooooooooooooooooong
pause... (To the tune of 7 minutes
sometimes)</b></div>
</div>
<div><b><br>
</b></div>
<div>
<div><b>KDC Service: RUNNING</b></div>
<div><b>KPASSWD Service: RUNNING</b></div>
<div><b>DNS Service: RUNNING</b></div>
<div><b>MEMCACHE Service: RUNNING</b></div>
<div><b>HTTP Service: RUNNING</b></div>
<div><b>CA Service: RUNNING</b></div>
<div><b>ADTRUST Service: RUNNING</b></div>
<div><b>EXTID Service: RUNNING</b></div>
</div>
<div><br>
</div>
<div>Running top showed that ns-slapd was
munching almost all my resources, but I got
that fixed by upping the cache. Unfortunately
this did not correct the issue and it still
reacts in the same fashion, although the
resources have been freed up now.</div>
<div>I've noticed that when I run dig on either
the local server or a remote machine that the
query basically just times out as shown here:</div>
<div><br>
</div>
<div>
<div> <b>dig freeipa.myexample.sample</b></div>
<div><b><br>
</b></div>
<div><b>; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1
<<>> freeipa.myexample.sample</b></div>
<div><b>;; global options: +cmd</b></div>
<div><b>;; connection timed out; no servers
could be reached</b></div>
</div>
<div><br>
</div>
<div>When the KDC service fails to start, then
name lookups seem OK, but authentication
fails. otherwise it's dead in the water.</div>
<div><br>
</div>
<div>This also happens:</div>
<div>
<div><br>
</div>
<div><b>sudo ipactl status</b></div>
<div><b>Directory Service: RUNNING</b></div>
<div><b>Unknown error when retrieving list of
services from LDAP:</b></div>
</div>
<div><b><br>
</b></div>
<div>My software setup is as follows:</div>
<div><br>
</div>
<div><b>CentOS release 6.5 (Final)<br>
</b></div>
<div><b>389-ds-base.x86_64 1.2.11.15-34.el6_5<br>
</b></div>
<div><b>bind.x86_64
32:9.8.2-0.23.rc1.el6_5.1<br>
</b></div>
<div>
<div><b>bind-dyndb-ldap.x86_64</b></div>
<div><b>bind-libs.x86_64
32:9.8.2-0.23.rc1.el6_5.1</b></div>
<div><b>bind-utils.x86_64
32:9.8.2-0.23.rc1.el6_5.1</b></div>
<div><b>rpcbind.x86_64 0.2.0-11.el6
@anaconda-CentOS-201311291202.x86_64/6.5</b></div>
<div><b>samba4-winbind.x86_64</b></div>
</div>
<div><b>krb5-server.x86_64 1.10.3-15.el6_5.1<br>
</b></div>
<div><b><br>
</b></div>
<div><b>Linux 2.6.32-431.29.2.el6.x86_64 #1 SMP
Tue Sep 9 21:36:05 UTC 2014 x86_64 x86_64
x86_64 GNU/Linux<br>
</b></div>
<div><br>
</div>
<div>It's not a permanent situation as it
sometimes runs 100% for a while, but 80% of
the time it is unusable. If anybody can assist
me, please be so kind.</div>
<div><br>
</div>
<div>Regards,</div>
<div><br>
</div>
<div>Walter</div>
<div><br>
</div>
</div>
</blockquote>
</div>
</div>
Hello please which version of bind-dyndb-ldap do you
use?<br>
I had similar issue with bind-dyndb-ldap, but it was
development version, I'm not sure if this is your case.<br>
When named was failing, dirserv was really slow.<br>
<br>
Can you send journalctl -b -u named log when dig doesn't
work??<span class="HOEnZb"><font color="#888888"><br>
<br>
<pre cols="72">--
Martin Basti</pre>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Martin Basti</pre>
</body>
</html>