Issue #20194 has been reported by Josh Cooper. ---------------------------------------- Bug #20194: Webrick puppetmaster performs reverse DNS lookup for every request https://projects.puppetlabs.com/issues/20194
* Author: Josh Cooper * Status: Accepted * Priority: Normal * Assignee: * Category: * Target version: 3.2.0 * Affected Puppet version: 0.22.1 * Keywords: dns * Branch: ---------------------------------------- This issue is about reverse DNS lookups (PTR records) that the webrick puppetmaster performs for each client connection that it accepts. It is different than issue #18573, which is about the agent performing multiple DNS (A record) lookups of the master. When running webrick, its `HTTPServer` calls `HTTPRequest#parse` on the accepted socket, and that results in a call to `IPSocket#peeraddr`. In ruby versions prior to 1.9.2p0, this <b>always</b> results in a reverse DNS lookup (as does calling `IPSocket#addr`). In ruby 1.9.0, the webrick [:DoNotReverseLookup](https://github.com/ruby/ruby/commit/0d8a0904d93e9600ccd095eabd5e4165c15987ff) option was added to allow users to disable reverse lookups. And [Rails](https://github.com/rails/rails/issues/4542) did. During development of ruby 1.9.2p0, the default value of `BasicSocket#do_not_reverse_lookup` was changed to `true` in [ruby-core:r9858](https://github.com/ruby/ruby/commit/85176676e5067117a8494ad207bbaf0796564bc3). At some point the default was accidentally changed back to false, and then was fixed again in [ruby-core:r26541](https://github.com/ruby/ruby/commit/4dfd71005cf4ee14db965cd155417f8657ed2c24) in time for ruby 1.9.2p0. As a result, when running 1.8.x-1.9.1, webrick-based puppetmasters will always perform reverse DNS lookups, for every request, and therefore, every catalog request, every pluginsync'ed file, etc. A second issue is that the puppetmaster calls `HTTPRequest#peeraddr` on every REST request, even though all we need is the peer IP address: <pre> if peer = request.peeraddr and ip = peer[3] result[:ip] = ip end </pre> This doesn't lead to additional reverse DNS lookups, because the `HTTPRequest` caches the parsed `@peeraddr` value, but it seems unnecessary. I think we should instead call `HTTPRequest#remote_ip`, which will never result in a reverse DNS lookup and it also handles [X-Forwarded-For](http://en.wikipedia.org/wiki/X-Forwarded-For) headers that identify the originating client IP, but that method is only in ruby 1.9.1p378 and up. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
