On Wed, 06 Aug 2014 17:05:57 +0200 Markus Köberl <[email protected]> wrote:
> On Wednesday 06 August 2014 10:45:56 chas williams - CONTRACTOR wrote: > > I started working on a patch to 'fix' this issue: > > good to know Sadly, I got distracted by other work and didn't go any further. Negative caching has merit although your local DNS resolver probably already caches negative information for you and it doesn't resolve the first lookup pain. > > But as pointed out in the comments, it's too specific and should be a > > more general mechanism. Unfortunately, the preceding '.' is stripped > > from names before passing down to afsd for resolution so it wouldn't be > > possible to block /afs/.git without also blocking /afs/git > > Should there not be at least one '.' after removing the one from the begin > included to make sense searching for a SRV record? Those would be 'aliases' which some sites rely on (as mentioned by in the comments related to that possible patch). As mentioned, since the kernel module removes the prefixed '.' for R/W paths, so a 'list in user space' fix that would disallow /afs/.git would also block /afs/git (/afs/git might an alias at your local site for your git repository realm). This still might be worthwhile though. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
