hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Created: (HADOOP-7104) Remove unnecessary DNS reverse lookups from RPC layer
Date Thu, 13 Jan 2011 22:28:47 GMT
Remove unnecessary DNS reverse lookups from RPC layer
-----------------------------------------------------

                 Key: HADOOP-7104
                 URL: https://issues.apache.org/jira/browse/HADOOP-7104
             Project: Hadoop Common
          Issue Type: Improvement
          Components: ipc, security
            Reporter: Kan Zhang
            Assignee: Kan Zhang


RPC connection authorization needs to verify client's Kerberos principal name matches what
specified for the protocol. For service clients like DN's, their Kerberos principal names
can be specified in the form of  "datanode/_HOST@DOMAIN.COM". To get the expected
client principal name, the server needs to substitute "_HOST" with the client's fully qualified
domain name, which requires a reverse DNS lookup from client IP address. However, for connections
from clients whose principal name are either unspecified or specified not using the "_HOST"
convention, the substitution is not required and the reverse DNS lookup should be avoided.
Currently the reverse DNS lookup is done for all clients, which could slow services like NN
down, when local named cache is not available.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message