Bug 50662 - univention-bind-ldap does not start if many zones are configured
univention-bind-ldap does not start if many zones are configured
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: DNS
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-4-errata
Assigned To: Max Pohle
Christian Castens
:
Depends on:
Blocks: 54108 54140
  Show dependency treegraph
 
Reported: 2019-12-19 10:09 CET by Christian Völker
Modified: 2021-11-24 23:01 CET (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.229
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019121221000845
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Völker univentionstaff 2019-12-19 10:09:57 CET
On a large customer environment with around 200 DNS zones the univention-bind-ldap fails to start because of long time (approx 1 minute) to load the zones. 

The service has a ExecStartPost configured:
    /usr/lib/univention-bind/ldap wait-for-startup
which waits for 30sec for the bind to start up and tests with rndc.

In customer environment this prevented univention-bind-ldap to start and therefore DNS was not working and used outdated zone information.


Increasing the timeout in the above file to 120 (instead of 30) resulted in proper start of both bind services.

Only applies to UCRV dns/backend=ldap!
Comment 1 Michael Grandjean univentionstaff 2019-12-20 09:20:55 CET
This is imho critical for larger UCS@school environments
Comment 2 Arvid Requate univentionstaff 2019-12-20 09:45:59 CET
> This is imho critical for larger UCS@school environments

Ok, but aren't they usually running Samba? Then dns/backend=samba4 is the default that should not be changed.
Comment 3 Michael Grandjean univentionstaff 2019-12-20 11:37:04 CET
Central Slaves (non-school-servers) and special-use Backups usually don't have Samba installed.
Comment 4 Max Pohle univentionstaff 2020-04-01 16:39:31 CEST
Package: univention-bind
Version: 13.0.1-8A~4.4.4.202003301127
Branch: ucs_4.4-0
Scope: errata4.4-4

A timeout for the startup was made configurable via config variable 'dns/timeout-start'
Comment 5 Christian Castens univentionstaff 2020-04-01 17:01:50 CEST
OK: build and installation
OK: yaml
OK: ucr variable dns/timeout-start tested

- verified -
Comment 6 Erik Damrose univentionstaff 2020-04-02 14:47:35 CEST
<http://errata.software-univention.de/ucs/4.4/503.html>