The pipe backend fails to close() off the sockets that the server had open after forking() to exec the pipe command. The pipe program definitely should not have these file descriptors available to it.
One really nasty side effect is that if the pipe program doesn't (immediately) cleanly exit when you're restarting pdns then it will hold on to the listener socket for port 53 and the server will fail to restart.
Another nasty side effect is that child programs of the pipe backend inherit eachother's pipes from PowerDNS, and can get in a circular deadlock, failing to exit on PowerDNS shutdown.
The easiest way to fix this is probably to simply close all file descriptors except stdin/stdout between fork() and exec().
-- Mark Bergsma email@example.com
or set the FD_CLOEXEC flag on each additional file descriptor that pdns opens
I was witnessing the same behaviour of the pipe backend with a 3.0-pre DNSSEC test installation where a python coprocess hogged my pdns servers listen IP port 53 after it got respawned by "pdns: 5045 questions waiting for database attention. Limit is 5000, respawning".
Sten Spans also thinks that O_CLOEXEC should do the trick.
Fixed in r2273!