hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jakob Homan (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-7104) Remove unnecessary DNS reverse lookups from RPC layer
Date Tue, 18 Jan 2011 19:30:45 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12983345#action_12983345

Jakob Homan commented on HADOOP-7104:

Trusting Koji (always a good idea), this sounds like this is a bug, not an improvement.  To
22 it should go.

> Remove unnecessary DNS reverse lookups from RPC layer
> -----------------------------------------------------
>                 Key: HADOOP-7104
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7104
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc, security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>             Fix For: 0.23.0
>         Attachments: 7104-few-edits.patch, c7104-01.patch, c7104-03.patch
> RPC connection authorization needs to verify client's Kerberos principal name matches
what specified for the protocol. For service clients like DN's, their Kerberos principal names
can be specified in the form of  "datanode/_HOST@DOMAIN.COM". To get the expected
> client principal name, the server needs to substitute "_HOST" with the client's fully
qualified domain name, which requires a reverse DNS lookup from client IP address. However,
for connections from clients whose principal name are either unspecified or specified not
using the "_HOST" convention, the substitution is not required and the reverse DNS lookup
should be avoided. Currently the reverse DNS lookup is done for all clients, which could slow
services like NN down, when local named cache is not available.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message