Skip Menu |
 

Subject: Duplicate DNS Lookups make krb5_init_creds slow
Download (untitled) / with headers
text/plain 1.1KiB
Getting tickets with 1.3 on KfM can be slow because of DNS requests.
Attached is a tcpdump of the DNS request interleaved with the krb5
requests. krb5_sendto_kdc calls krb5_locate_kdc twice for udp and tcp
respectively, so each kdc in the config file is looked up twice. For
some reason on Mac OS X 10.2.4, these queries are not cached by lookupd.

Also, I didn't notice these problems until I started compiling with
KRB5_DNS_LOOKUP and KRB5_DNS_LOOKUP_KDC 1 (previously they were 0 on the
Mac). I couldn't figure out from the code why this was, since my config
file contains:

[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = false

In the config file, the Athena realm is specified as:

[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu.:88
kdc = kerberos-1.mit.edu.:88
kdc = kerberos-2.mit.edu.:88
kdc = kerberos-3.mit.edu.:88
admin_server = kerberos.mit.edu.
default_domain = mit.edu
}

Obviously removing the .s at the end of the kdc names will result in
more lookups and more slowness.
Download traffic
application/text 6.9KiB

Message body not shown because it is not plain text.

To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1380] Duplicate DNS Lookups make krb5_init_creds slow
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Fri, 14 Mar 2003 19:30:54 -0500
RT-Send-Cc:
Additional information from lxs: Apparently lookupd does cache the
results of gethostbyname; it just doesn't cache the results of
getaddrinfo. So this is largely Apple's bug.

Open question: What about res_search? That's how we do the SRV
queries.
#1683 mitigates this problem somewhat, but we may want to implement
in-library DNS caching anyway. SRV records won't be cached, and only
working in terms of gethostbyname(), etc. prevents us from supporting IPv6.
From: raeburn@mit.edu
Subject: CVS Commit
Download (untitled) / with headers
text/plain 1.7KiB
First cut at adding local caching to the getaddrinfo support. Still needs work.

* fake-addrinfo.h: Delete the unused WRAP_GETNAMEINFO support.
(HAVE_GETADDRINFO) [__APPLE__ && __MACH__]: Don't undefine.
(FAI_CACHE) [__APPLE__ && __MACH__]: Define.
(system_getaddrinfo, system_freeaddrinfo, system_getnameinfo): New functions.
(gaiptr, faiptr, gniptr): Variables deleted. Change references to use the
system_* functions above.
(getaddrinfo, freeaddrinfo) [FAI_CACHE]: Define as macros to the my_fake_*
versions.
(protoname, socktypename, familyname): Use caller-supplied buffers instead of
local static buffers.
(debug_dump_getaddrinfo_args): Provide a buffer.
(NEED_FAKE_GETNAMEINFO): Define if HAVE_GETADDRINFO is not defined.
(inline): Rework macros to test for C99 and IRIX.
(NEED_FAKE_GETADDRINFO): Define if FAI_CACHE is defined.
(fai_add_entry) [KRB5_USE_INET6]: Support IPv6.
(CACHE_ENTRY_LIFETIME): New macro.
(struct face, struct fac): New types.
(fac): New static variable.
(plant_face, find_face): New functions.
(fai_add_hosts_by_name) [FAI_CACHE]: Check the cache before looking up the
hostname. Add the looked-up host info to the cache.
(fake_getaddrinfo): Call GET_SERV_BY_NAME instead of conditionally calling
getservbyname or getservbyname_r. Don't pass AF_INET to
fai_add_hosts_by_name.
(fake_getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined.
(gai_strerror): Define if either HAVE_FAKE_GETADDRINFO or NEED_FAKE_GETNAMEINFO
is defined.
(getaddrinfo): Do define function if FAI_CACHE is defined.
(getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined.


To generate a diff of this commit:



cvs diff -r1.381 -r1.382 krb5/src/include/ChangeLog
cvs diff -r1.37 -r1.38 krb5/src/include/fake-addrinfo.h
From: raeburn@mit.edu
Subject: CVS Commit
Oops. Include errno.h even if gai_strerror isn't being defined.


To generate a diff of this commit:



cvs diff -r1.38 -r1.39 krb5/src/include/fake-addrinfo.h
From: raeburn@mit.edu
Subject: CVS Commit
Make things work on IRIX again.

* fake-addrinfo.h (inline): Move definitions further up, before first use. Do
use __inline__ for gcc without c99 support.
(GET_SERV_BY_NAME) [!GETSERVBYNAME_R_RETURNS_INT]: Fix invocation for IRIX
definition.
* socket-utils.h: Include port-sockets.h to get a definition for struct
sockaddr_storage.


To generate a diff of this commit:



cvs diff -r1.382 -r1.383 krb5/src/include/ChangeLog
cvs diff -r1.39 -r1.40 krb5/src/include/fake-addrinfo.h
cvs diff -r1.9 -r1.10 krb5/src/include/socket-utils.h
From: raeburn@mit.edu
Subject: CVS Commit
* fake-addrinfo.h (getnameinfo): Define to my_fake_getnameinfo only if
HAVE_GETADDRINFO is defined.


To generate a diff of this commit:



cvs diff -r1.383 -r1.384 krb5/src/include/ChangeLog
cvs diff -r1.40 -r1.41 krb5/src/include/fake-addrinfo.h