[jira] Updated: (HADOOP-7104) Remove unnecessary DNS reverse lookups from RPC layer

Fri, 14 Jan 2011 15:32:09 -0800 

     [ 
https://issues.apache.org/jira/browse/HADOOP-7104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Todd Lipcon updated HADOOP-7104:
--------------------------------

    Attachment: 7104-few-edits.patch

Hi Kan,

I take your point that we're no longer testing the 0.0.0.0 case. I just modifed 
your patch a little bit to include a new case that does this again. I think 
it's safe to rely on getLocalHostname being self-consistent, I was just worried 
that before we were doing the hostname -> ip -> hostname cycle which might not 
work on a build host. So the new test case just makes sure we return the local 
hostname for 0.0.0.0 and null.

Also I flipped some assertTrue(...equals(...)) to assertEquals for better 
output on failure.

If you're OK with these small changes give a +1 and I'll commit.

> Remove unnecessary DNS reverse lookups from RPC layer
> -----------------------------------------------------
>
>                 Key: HADOOP-7104
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7104
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc, security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: 7104-few-edits.patch, c7104-01.patch, c7104-03.patch
>
>
> RPC connection authorization needs to verify client's Kerberos principal name 
> matches what specified for the protocol. For service clients like DN's, their 
> Kerberos principal names can be specified in the form of  
> "datanode/[email protected]". To get the expected
> client principal name, the server needs to substitute "_HOST" with the 
> client's fully qualified domain name, which requires a reverse DNS lookup 
> from client IP address. However, for connections from clients whose principal 
> name are either unspecified or specified not using the "_HOST" convention, 
> the substitution is not required and the reverse DNS lookup should be 
> avoided. Currently the reverse DNS lookup is done for all clients, which 
> could slow services like NN down, when local named cache is not available.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to