On 11/29/2021 1:11 PM, Kendrick Hernandez ([email protected]) wrote: > We were able to narrow the problem down to DNS timeouts from an > internal DNS server that had reached its limit for NF connection > tracking. Once that limit was increased, the issue went away. > Along with some forwarded insights from the folks at CMU and some > isolated testing, we were able to confirm that disabling dynamic root > and DNS-based server discovery on the cache manager also worked around > issue. > I'm glad you identified a solution.
Do you know what the issued DNS queries were for? The primary reason to avoid disabling dynamic root is the machine restarts and the OpenAFS cache manager cannot read the "root.afs" volume from the cell, the system will panic. This could be due to the machine booting without a network interface or a failure of the cell similar to what occurred on January 14th of this year. The afsd -afsdb option is not required for a web server that will only be serving content from the local cell if the cell's location service list of servers is present in the local CellServDB file. Sites that want the option of being able to dynamically relocate their location service instances will want to avoid local CellServDB entries. AuriStorFS clients implement configurable ignorelists [1] to permit use of dynroot and DNS SRV/AFSDB lookups while blocking lookups for specific names either in the dynroot directory or any volume root directory. Jeffrey Altman [1] fs_ignorelist (auristor.com) <https://www.auristor.com/documentation/man/linux/1/fs_ignorelist.html>
smime.p7s
Description: S/MIME Cryptographic Signature
