Return-Path: Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: (qmail 22528 invoked from network); 15 Jan 2011 02:14:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 15 Jan 2011 02:14:09 -0000 Received: (qmail 711 invoked by uid 500); 15 Jan 2011 02:14:09 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 626 invoked by uid 500); 15 Jan 2011 02:14:08 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 616 invoked by uid 99); 15 Jan 2011 02:14:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Jan 2011 02:14:08 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Jan 2011 02:14:07 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id p0F2DlGF025333 for ; Sat, 15 Jan 2011 02:13:47 GMT Message-ID: <3011171.381651295057627030.JavaMail.jira@thor> Date: Fri, 14 Jan 2011 21:13:47 -0500 (EST) From: "Kan Zhang (JIRA)" To: common-issues@hadoop.apache.org Subject: [jira] Commented: (HADOOP-7104) Remove unnecessary DNS reverse lookups from RPC layer In-Reply-To: <29426227.356141294957727063.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-7104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12982006#action_12982006 ] Kan Zhang commented on HADOOP-7104: ----------------------------------- Todd, the changes you made look fine. Thanks again! +1. > Remove unnecessary DNS reverse lookups from RPC layer > ----------------------------------------------------- > > Key: HADOOP-7104 > URL: https://issues.apache.org/jira/browse/HADOOP-7104 > Project: Hadoop Common > Issue Type: Improvement > Components: ipc, security > Reporter: Kan Zhang > Assignee: Kan Zhang > Attachments: 7104-few-edits.patch, c7104-01.patch, c7104-03.patch > > > RPC connection authorization needs to verify client's Kerberos principal name matches what specified for the protocol. For service clients like DN's, their Kerberos principal names can be specified in the form of "datanode/_HOST@DOMAIN.COM". To get the expected > client principal name, the server needs to substitute "_HOST" with the client's fully qualified domain name, which requires a reverse DNS lookup from client IP address. However, for connections from clients whose principal name are either unspecified or specified not using the "_HOST" convention, the substitution is not required and the reverse DNS lookup should be avoided. Currently the reverse DNS lookup is done for all clients, which could slow services like NN down, when local named cache is not available. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.