[Freeipa-users] bind-dyndb-ldap issues

Brendan Kearney bpk678 at gmail.com
Tue Oct 11 18:41:19 UTC 2016 

i am using bind-dyndb-ldap on fedora 24 without FreeIPA, and continue to 
have my logs swamped with errors about "check failed" from settings.c 
and fwd.c.  i am completely up to date with every package, so the latest 
versions of everything are installed.

[settings.c : 420: setting_update_from_ldap_entry] check failed: ignore
[settings.c : 436: setting_update_from_ldap_entry] check failed: ignore
[fwd.c : 378: fwd_setting_isexplicit] check failed: not found

i have two boxes running a named instance each, in a "master/master" 
config.  each has the zone data configured per below.  the uri refers to 
the local ip of each server.

     dynamic-db "bpk2.com" {
             library "ldap.so";
             arg "uri ldap://192.168.88.1/";
             arg "base cn=dns,ou=Daemons,dc=bpk2,dc=com";
             arg "auth_method simple";
             arg "bind_dn cn=dnsUser,dc=bpk2,dc=com";
             arg "password dnsPass";

             arg "fake_mname server1.bpk2.com.";
             arg "dyn_update yes";
             arg "connections 2";
             arg "verbose_checks yes";
     };

     zone "." IN {
         type hint;
         file "named.ca";
     };

     include "/etc/named.rfc1912.zones";

my dns container is defined in openldap as such:

dn: cn=dns,ou=Daemons,dc=bpk2,dc=com
cn: dns
idnspersistentsearch: FALSE
idnszonerefresh: 30
objectclass: top
objectclass: nsContainer
objectclass: idnsConfigObject

where and how can i find the source of my issue?  these issues are 
causing performance issues on the rest of my network.  because of these 
errors, ldap throws errors about deferred operations for binding, too 
many executing, and pending operations.  additionally, recursion also 
seems to be impacted.  this is noticed most when streaming content.  
buffering, stuttering and pixelation are seen in the video streams.  it 
could be the swamping of logs killing I/O or the actual recurision, but 
100% the video issues are related.  the log events match up exactly with 
the buffering.

i had this issue with bind-dyndb-ldap and fedora 20 up until i recently 
upgraded.  i went from F20 to F24, and put things on nice new SSDs, 
instead of spinning disks.  the problem followed the upgrade.  are there 
configuration items i am missing?  are there tweaks i can do to improve 
something?  how do i get rid of these errors, so dns performance (or the 
log swamping) is not affecting the rest of my network?

thank you,

brendan

More information about the Freeipa-users mailing list