Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-63017

IDM/IPA BIND Issue Loading All Zones

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-8.10
    • bind-dyndb-ldap
    • None
    • No
    • None
    • rhel-sst-idm-ipa
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • x86_64
    • None

      What were you trying to do that didn't work?

      When restarting Bind (Named), it has issues talking to Local LDAP which affects the initial loading of all zones.

      What is the impact of this issue to you?

      Production DNS lookup fails until all zones have been loaded.

      Please provide the package NVR for which the bug is seen:

      ipa-server-4.9.13-10.module+el8.10.0+21944+3943ad77.x86_64

      389-ds-base-1.4.3.39-7.module+el8.10.0+21985+3665ccdb.x86_64

      _bind-9.11.36-14.el8_10.x86_64
      bind-dyndb-ldap-11.6-5.module+el8.10.0+21691+df63127d.x86_64_

      How reproducible is this bug?:

      Occurs almost every time we restart/reboot the replica or start/stop/reload named-pkcs11 and/or ipactl restart (essentially restarting IPA Directory Server)

      Steps to reproduce

      1. install IPA ServerĀ 
      2. Populate DNS (currently we have approximately 340 zones, & 10,000 entries)
      3. systemctl restart named-pkcs11

      Expected results

      _15-Oct-2024 18:06:29.814 info: LDAP configuration for instance 'ipa' synchronized
      15-Oct-2024 18:06:30.069 info: LDAP data for instance 'ipa' are being synchronized, please ignore message 'all zones loaded'
      15-Oct-2024 18:06:30.481 info: 341 master zones from LDAP instance 'ipa' loaded (341 zones defined, 0 inactive, 0 failed to load)_

      Actual results

      The following messages repeatedly appear in the database.log:

      _30-Sep-2024 10:39:05.106 error: LDAP error: Can't contact LDAP server: ldap_sync_poll() failed
      30-Sep-2024 10:39:05.106 error: ldap_syncrepl will reconnect in 60 seconds
      30-Sep-2024 10:40:05.112 info: successfully reconnected to LDAP server_

              rjeffman@redhat.com Rafael Jeffman
              mark.stachowski@ssa.gov Mark Stachowski
              Rafael Jeffman Rafael Jeffman
              Anuja More Anuja More
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: