[Logout]
|
RT/krbdev.mit.edu: Ticket #1380 Duplicate DNS Lookups make krb5_init_creds slow |
Signed in as guest. [Logout] |
|
|
| History | Display mode: [Brief headers] [Full headers] |
| Wed Mar 12 17:26:05 2003 | lxs - Ticket created | ||||
Subject: Duplicate DNS Lookups make krb5_init_creds slow |
|
||||
Getting tickets with 1.3 on KfM can be slow because of DNS requests.
Attached is a tcpdump of the DNS request interleaved with the krb5
requests. krb5_sendto_kdc calls krb5_locate_kdc twice for udp and tcp
respectively, so each kdc in the config file is looked up twice. For
some reason on Mac OS X 10.2.4, these queries are not cached by lookupd.
Also, I didn't notice these problems until I started compiling with
KRB5_DNS_LOOKUP and KRB5_DNS_LOOKUP_KDC 1 (previously they were 0 on the
Mac). I couldn't figure out from the code why this was, since my config
file contains:
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = false
In the config file, the Athena realm is specified as:
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu.:88
kdc = kerberos-1.mit.edu.:88
kdc = kerberos-2.mit.edu.:88
kdc = kerberos-3.mit.edu.:88
admin_server = kerberos.mit.edu.
default_domain = mit.edu
}
Obviously removing the .s at the end of the kdc names will result in
more lookups and more slowness.
|
Download (untitled) 1.1k | ||||
|
|
Download traffic 6.9k | ||||
| Fri Mar 14 19:30:57 2003 | raeburn - Comments added | ||||
To: rt-comment@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #1380] Duplicate DNS Lookups make krb5_init_creds slow From: Ken Raeburn <raeburn@MIT.EDU> Date: Fri, 14 Mar 2003 19:30:54 -0500 RT-Send-Cc: Additional information from lxs: Apparently lookupd does cache the results of gethostbyname; it just doesn't cache the results of getaddrinfo. So this is largely Apple's bug. Open question: What about res_search? That's how we do the SRV queries. |
Download (untitled) 250b |
||||
| Wed Jul 23 16:53:09 2003 | tlyu - Status changed from new to open | ||||
| Wed Jul 23 16:53:09 2003 | tlyu - Comments added | ||||
#1683 mitigates this problem somewhat, but we may want to implement in-library DNS caching anyway. SRV records won't be cached, and only working in terms of gethostbyname(), etc. prevents us from supporting IPv6. |
Download (untitled) 213b |
||||
| Wed Aug 20 21:50:29 2003 | raeburn - Correspondence added | ||||
From: raeburn@mit.edu Subject: CVS Commit First cut at adding local caching to the getaddrinfo support. Still needs work. * fake-addrinfo.h: Delete the unused WRAP_GETNAMEINFO support. (HAVE_GETADDRINFO) [__APPLE__ && __MACH__]: Don't undefine. (FAI_CACHE) [__APPLE__ && __MACH__]: Define. (system_getaddrinfo, system_freeaddrinfo, system_getnameinfo): New functions. (gaiptr, faiptr, gniptr): Variables deleted. Change references to use the system_* functions above. (getaddrinfo, freeaddrinfo) [FAI_CACHE]: Define as macros to the my_fake_* versions. (protoname, socktypename, familyname): Use caller-supplied buffers instead of local static buffers. (debug_dump_getaddrinfo_args): Provide a buffer. (NEED_FAKE_GETNAMEINFO): Define if HAVE_GETADDRINFO is not defined. (inline): Rework macros to test for C99 and IRIX. (NEED_FAKE_GETADDRINFO): Define if FAI_CACHE is defined. (fai_add_entry) [KRB5_USE_INET6]: Support IPv6. (CACHE_ENTRY_LIFETIME): New macro. (struct face, struct fac): New types. (fac): New static variable. (plant_face, find_face): New functions. (fai_add_hosts_by_name) [FAI_CACHE]: Check the cache before looking up the hostname. Add the looked-up host info to the cache. (fake_getaddrinfo): Call GET_SERV_BY_NAME instead of conditionally calling getservbyname or getservbyname_r. Don't pass AF_INET to fai_add_hosts_by_name. (fake_getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined. (gai_strerror): Define if either HAVE_FAKE_GETADDRINFO or NEED_FAKE_GETNAMEINFO is defined. (getaddrinfo): Do define function if FAI_CACHE is defined. (getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined. To generate a diff of this commit: cvs diff -r1.381 -r1.382 krb5/src/include/ChangeLog cvs diff -r1.37 -r1.38 krb5/src/include/fake-addrinfo.h |
Download (untitled) 1.7k |
||||
| Wed Aug 20 22:52:09 2003 | raeburn - Correspondence added | ||||
From: raeburn@mit.edu Subject: CVS Commit Oops. Include errno.h even if gai_strerror isn't being defined. To generate a diff of this commit: cvs diff -r1.38 -r1.39 krb5/src/include/fake-addrinfo.h |
Download (untitled) 162b |
||||
| Wed Aug 20 23:55:56 2003 | raeburn - Correspondence added | ||||
From: raeburn@mit.edu Subject: CVS Commit Make things work on IRIX again. * fake-addrinfo.h (inline): Move definitions further up, before first use. Do use __inline__ for gcc without c99 support. (GET_SERV_BY_NAME) [!GETSERVBYNAME_R_RETURNS_INT]: Fix invocation for IRIX definition. * socket-utils.h: Include port-sockets.h to get a definition for struct sockaddr_storage. To generate a diff of this commit: cvs diff -r1.382 -r1.383 krb5/src/include/ChangeLog cvs diff -r1.39 -r1.40 krb5/src/include/fake-addrinfo.h cvs diff -r1.9 -r1.10 krb5/src/include/socket-utils.h |
Download (untitled) 538b |
||||
| Thu Aug 21 03:25:49 2003 | raeburn - Correspondence added | ||||
From: raeburn@mit.edu Subject: CVS Commit * fake-addrinfo.h (getnameinfo): Define to my_fake_getnameinfo only if HAVE_GETADDRINFO is defined. To generate a diff of this commit: cvs diff -r1.383 -r1.384 krb5/src/include/ChangeLog cvs diff -r1.40 -r1.41 krb5/src/include/fake-addrinfo.h |
Download (untitled) 250b |
||||
