[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [NSSLDAP] strange DNS Queries (LDAP+NSS)
Hi!
I am running a server (RH 6.1) that uses openldap 1.2.7, nss_ldap-97 and
pam_ldap-42. The server has accouts and the authenication si done by
pamldap.
Recently I've discovered that calls to getpwent:
for example
---------------------------------------
#include <stdio.h>
#include <pwd.h>
#include <sys/types.h>
struct passwd *pass;
int main (){
setpwent();
while ((pass=getpwent())!=NULL)
{
printf ("name: %s\n", pass->pw_name);
}
endpwent();
exit (0);
}
---------------------------------------
Cause a query to the name server.
---- As tcpump reports ---
19:01:08.899542 ldaphost.mi.infn.it.1673 > nameserver.mi.infn.it.domain: 5727+
A? . (17) (ttl 64, id 64137)
19:01:08.900719 nameserver.mi.infn.it.domain >ldaphost.mi.infn.it.1673: 5727
q: . 0/1/0 (90) (ttl 30, id 38442)
--------------------------
The query seems to be done for ".". I still don't understand why. This
causes a ns overhead (since the server is going to store many accounts
and even the command 'ls' depends on getpwent) and (as I've reported) if
the name servers are not available causes delays in everything is done on
the host. (login, ps, top ecc all use getpwent) since the list of
nameserver from resolv.conf is scanned and probed. (the delays are of ~8
mins)
Any idea on how I can stop this behaviour?
Thanks!
Giuseppe
Below the trace of the program above
# less getpwent.str
execve("./test_getpwent", ["./test_getpwent", "2"], [/* 21 vars */]) = 0
brk(0) = 0x8049658
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 9
fstat(9, {st_mode=030126, st_size=0, ...}) = 0
mmap(0, 16677, PROT_READ, MAP_PRIVATE, 9, 0) = 0x40014000
close(9) = 0
open("/lib/libc.so.6", O_RDONLY) = 9
fstat(9, {st_mode=0, st_size=0, ...}) = 0
read(9, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 974392, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x40019000
mprotect(0x400ff000, 32312, PROT_NONE) = 0
mmap(0x400ff000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9,
0xe5000) = 0x400ff000
mmap(0x40104000, 11832, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40104000
close(9) = 0
munmap(0x40014000, 16677) = 0
personality(PER_LINUX) = 0
getpid() = 13065
brk(0) = 0x8049658
brk(0x8049720) = 0x8049720
brk(0x804a000) = 0x804a000
open("/etc/nsswitch.conf", O_RDONLY) = 9
fstat(9, {st_mode=S_ISVTX|0654, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40014000
read(9, "#ident $Id: nsswitch.ldap,v 2.3 "..., 4096) = 1239
read(9, "", 4096) = 0
close(9) = 0
munmap(0x40014000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 9
fstat(9, {st_mode=030126, st_size=0, ...}) = 0
mmap(0, 16677, PROT_READ, MAP_PRIVATE, 9, 0) = 0x40014000
close(9) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 9
fstat(9, {st_mode=0, st_size=0, ...}) = 0
read(9, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 35232, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) = 0x40107000
mprotect(0x4010f000, 2464, PROT_NONE) = 0
mmap(0x4010f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 9,
0x7000) = 0x4010f000
close(9) = 0
munmap(0x40014000, 16677) = 0
open("/etc/passwd", O_RDONLY) = 9
fcntl(9, F_GETFD) = 0
fcntl(9, F_SETFD, FD_CLOEXEC) = 0
fstat(9, {st_mode=S_ISUID|0353, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40014000
_llseek(0x9, 0, 0, 0xbffff8a8, 0x1) = 0
brk(0x804b000) = 0x804b000
read(9, "root:Pdox3VMjJOPAQ:0:0:root:/roo"..., 4096) = 1048
fstat(1, {st_mode=033357, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40015000
read(9, "", 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 11
fstat(11, {st_mode=030126, st_size=0, ...}) = 0
mmap(0, 16677, PROT_READ, MAP_PRIVATE, 11, 0) = 0x40110000
close(11) = 0
open("/lib/libnss_ldap.so.2", O_RDONLY) = 11
fstat(11, {st_mode=S_ISVTX|0504, st_size=0, ...}) = 0
read(11, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 86660, PROT_READ|PROT_EXEC, MAP_PRIVATE, 11, 0) = 0x40115000
mprotect(0x40129000, 4740, PROT_NONE) = 0
mmap(0x40129000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 11,
0x13000) = 0x40129000
mmap(0x4012a000, 644, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4012a000
close(11) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 11
fstat(11, {st_mode=0, st_size=0, ...}) = 0
read(11, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 85872, PROT_READ|PROT_EXEC, MAP_PRIVATE, 11, 0) = 0x4012b000
mprotect(0x4013d000, 12144, PROT_NONE) = 0
mmap(0x4013d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 11,
0x11000) = 0x4013d000
mmap(0x4013e000, 8048, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4013e000
close(11) = 0
open("/lib/libpthread.so.0", O_RDONLY) = 11
fstat(11, {st_mode=0, st_size=0, ...}) = 0
read(11, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 67204, PROT_READ|PROT_EXEC, MAP_PRIVATE, 11, 0) = 0x40140000
mprotect(0x40149000, 30340, PROT_NONE) = 0
mmap(0x40149000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 11,
0x8000) = 0x40149000
close(11) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 11
fstat(11, {st_mode=0, st_size=0, ...}) = 0
read(11, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 58788, PROT_READ|PROT_EXEC, MAP_PRIVATE, 11, 0) = 0x40151000
mprotect(0x4015c000, 13732, PROT_NONE) = 0
mmap(0x4015c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 11,
0xa000) = 0x4015c000
mmap(0x4015d000, 9636, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4015d000
close(11) = 0
brk(0x804c000) = 0x804c000
mprotect(0x40115000, 81920, PROT_READ|PROT_WRITE) = 0
mprotect(0x40115000, 81920, PROT_READ|PROT_EXEC) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=2040*1024, rlim_max=RLIM_INFINITY}) = 0
getpid() = 13065
uname({sys="Linux", node="ldaphost.mi.infn.it", ...}) = 0
SYS_174(0x20, 0xbffff3d0, 0, 0x8, 0x20) = 0
SYS_174(0x21, 0xbffff3c4, 0, 0x8, 0x21) = 0
SYS_174(0x22, 0xbffff3d0, 0, 0x8, 0x22) = 0
SYS_175(0, 0xbffff630, 0, 0x8, 0) = 0
munmap(0x40110000, 16677) = 0
geteuid() = 0
getpid() = 13065
open("/etc/ldap.conf", O_RDONLY) = 11
fstat(11, {st_mode=S_IFCHR|S_ISUID|S_ISVTX|0420, st_rdev=makedev(38, 131),
...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(11, "#\n# LDAP Defaults\n#\n\n# See l"..., 4096) = 1164
read(11, "", 4096) = 0
close(11) = 0
munmap(0x40016000, 4096) = 0
open("/usr/local/etc/openldap/ldap.conf", O_RDONLY) = 11
fstat(11, {st_mode=S_IFCHR|S_ISUID|S_ISVTX|0420, st_rdev=makedev(38, 198),
...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(11, "#\n# LDAP Defaults\n#\n\n# See l"..., 4096) = 1164
read(11, "", 4096) = 0
close(11) = 0
munmap(0x40016000, 4096) = 0
open("/root/ldaprc", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/root/.ldaprc", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("ldaprc", O_RDONLY) = -1 ENOENT (No such file or
directory)
gettimeofday({943466182, 775191}, NULL) = 0
getpid() = 13065
open("/etc/resolv.conf", O_RDONLY) = 11
fstat(11, {st_mode=0, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(11, ";domain mi.infn.it\nsea"..., 4096) = 347
read(11, "", 4096) = 0
close(11) = 0
munmap(0x40016000, 4096) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 11
connect(11, {sun_family=AF_UNIX, sun_path="/var/run/.nscd_socket"}, 110) =
-1 ECONNREFUSED (Connection refused)
close(11) = 0
open("/etc/host.conf", O_RDONLY) = 11
fstat(11, {st_mode=033377, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(11, "order hosts, bind\nmulti on\n", 4096) = 27
read(11, "", 4096) = 0
close(11) = 0
munmap(0x40016000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 11
fcntl(11, F_GETFD) = 0
fcntl(11, F_SETFD, FD_CLOEXEC) = 0
fstat(11, {st_mode=033160, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(11, "127.0.0.1\tlocalhost\t\t\n192.84"..., 4096) = 447
read(11, "", 4096) = 0
close(11) = 0
munmap(0x40016000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 11
fstat(11, {st_mode=030126, st_size=0, ...}) = 0
mmap(0, 16677, PROT_READ, MAP_PRIVATE, 11, 0) = 0x40110000
close(11) = 0
open("/lib/libnss_dns.so.2", O_RDONLY) = 11
fstat(11, {st_mode=0, st_size=0, ...}) = 0
read(11, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3"..., 4096) = 4096
mmap(0, 14320, PROT_READ|PROT_EXEC, MAP_PRIVATE, 11, 0) = 0x40160000
mprotect(0x40163000, 2032, PROT_NONE) = 0
mmap(0x40163000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 11,
0x2000) = 0x40163000
close(11) = 0
munmap(0x40110000, 16677) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 11
connect(11, {sin_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.135.14.198")}, 16) = 0
send(11, "\301\332\1\0\0\1\0\0\0\0\0\0\0\0"..., 17, 0) = 17
SYS_168(0xbfffe050, 0x1, 0x1388, 0x1388, 0xbfffe050) = 1
recvfrom(11, "\301\332\201\200\0\1\0\0\0\1\0\0"..., 1024, 0,
{sin_family=AF_INET, sin_port=htons(53),sin_addr=inet_addr("NAMESERVER ADDRESS in dotted notation")}, [16]) = 90
^^^^^^^^^^
close(11) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 11
connect(11, {sun_family=AF_UNIX, sun_path="/var/run/.nscd_socket"}, 110) =
-1 ECONNREFUSED (Connection refused)
close(11) = 0
open("/etc/hosts", O_RDONLY) = 11
fcntl(11, F_GETFD) = 0
fcntl(11, F_SETFD, FD_CLOEXEC) = 0
fstat(11, {st_mode=033160, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40016000
read(11, "127.0.0.1\tlocalhost\t\t\n192.84"..., 4096) = 447
close(11) = 0
munmap(0x40016000, 4096) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 11
connect(11, {sin_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("192.84.138.1")}, 16) = 0
brk(0x804d000) = 0x804d000
time(NULL) = 943466182
write(11, "0\f\2\1\1`\7\2\1\2\4\0\200\0", 14) = 14
getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
select(1024, [11], [], NULL, NULL) = 1 (in [11])
brk(0x8050000) = 0x8050000
read(11, "0\f\2\1\1a\7\n\1\0\4\0\4\0", 8192) = 14
time(NULL) = 943466182
setsockopt(11, SOL_SOCKET, SO_KEEPALIVE, [0], 4) = 0
geteuid() = 0
getpid() = 13065
time(NULL) = 943466182
write(11, "0\201\246\2\1\2c\201\240\4\24 "..., 169) = 169
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\201\212\2\1\2d\201\204\4$cn=Gi"..., 8192) = 141
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\1\31\2\1\2d\202\1\22\4#cn="..., 8192) = 285
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\0015\2\1\2d\202\1.\4*cn=Ma"..., 8192) = 2051
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\1\'\2\1\2d\202\1 \4$cn=Fed"..., 8192) = 1761
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\1!\2\1\2d\202\1\32\4$cn=Ba"..., 8192) = 2033
brk(0x8051000) = 0x8051000
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\1-\2\1\2d\202\1&\4&cn=Leon"..., 8192) = 1622
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\201\200\2\1\2d{\4 cn=Angela Sa"..., 8192) = 2018
brk(0x8052000) = 0x8052000
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\1\34\2\1\2d\202\1\25\4!cn="..., 8192) = 1577
brk(0x8053000) = 0x8053000
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\201\216\2\1\2d\201\210\4%cn=Ro"..., 8192) = 2017
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\1*\2\1\2d\202\1#\4$cn=Enri"..., 8192) = 1034
brk(0x8054000) = 0x8054000
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\202\1\36\2\1\2d\202\1\27\4#cn="..., 8192) = 2051
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\201\212\2\1\2d\201\204\4#cn=Br"..., 8192) = 1593
brk(0x8055000) = 0x8055000
select(1024, [11], [], NULL, NULL) = 1 (in [11])
read(11, "0\201\221\2\1\2d\201\213\4&cn=Cl"..., 8192) = 720
time(NULL) = 943466182
close(9) = 0
munmap(0x40014000, 4096) = 0
write(1, "name: root\nname: bin\nname: dae"..., 655name: root
name: bin
name: daemon
name: adm
name: lp
ecc ecc
) = 655
munmap(0x40015000, 4096) = 0
_exit(0) = ?
getpwent.log (END)