search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.69k stars 906 forks source link

Web API Thread safety / Race conditions? #10448

Open torrentkino opened 3 years ago

torrentkino commented 3 years ago

Short description

Is it safe to query the web API multiple times in a short amount of time?

I wrote a small client/server application (Golang), which issues Let's encrypt certificates to our internal servers. The server application runs on the same host as the PowerDNS application and utilizes the web API to manipulate the different zones for the ACME handshake. Sometimes multiple hosts ask for a new certificate at the same time, because it gets scheduled by cron in the middle of the night. The SOA serial gets incremented automatically (SOA-EDIT-API) as part of the PowerDNS configuration.

The next day I get warnings by a hourly check script, which uses "pdnsutil check-all-zones" to look out for errors. When inspecting the zone with "pdnsutil edit-zone zone" I see two identical SOA-lines. Removing one of them fixes the error reporting.

I can create some workarounds by adding some random minutes to the cron jobs. Or I could implement a queue which serializes the requests from the client hosts. But first of all, I would like to ask if it is safe to use the web API simultaneously multiple times.

Kind regards Aiko Barz

Environment

Steps to reproduce

  1. Modify one zone multiple times simultaneously by using the web API. Use the SOA autoincrement functionality.

Expected behaviour

Some thread safety.

Actual behaviour

The SOA record may have doubled itself…

Other information

I use the PostgreSQL backend.

Habbie commented 3 years ago

Hello Aiko, the API should be safe to use concurrently, so I've marked this as a defect. Thank you for your report.