httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] mod_proxy and DNS resolving
Date Sat, 28 May 2016 10:25:42 GMT
Hi Yann,

2016-05-28 0:31 GMT+02:00 Yann Ylavic <ylavic.dev@gmail.com>:

> Hi Luca,
>
> On Mon, May 23, 2016 at 2:21 PM, Luca Toscano <toscano.luca@gmail.com>
> wrote:
> >
> > I replied to the comment that you pointed out with Jim's answer and I
> > updated the trunk documentation with a note about DNS resolution:
> >
> > http://httpd.apache.org/docs/trunk/mod/mod_proxy.html#workers
> >
> > HTML diff only:
> >
> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.en?r1=1745170&r2=1745169&pathrev=1745170
>
> I don't think this is correct.
> When disablereuse is true (including the default workers), the DNS
> resolution occurs for each connection.
> But when mod_proxy is reusing connections (including addresses), each
> worker/backend address is resolved only once per child process, and
> reused for all further connections (until the child is recycled).
> AIUI, this is not related to the TTL.
>


Thanks a lot for the explanation and for the info. So httpd does cache
origin DNS resolution and there is no way to control it via mod-proxy
settings (maybe the only thing that could be used
is MaxConnectionsPerChild?).


>
> From ap_proxy_determine_connection():
>                 /*
>                  * Worker can have the single constant backend adress.
>                  * The single DNS lookup is used once per worker.
>                  * If dynamic change is needed then set the addr to NULL
>                  * inside dynamic config to force the lookup.
>                  */
> AFAICT, nothing sets "addr to NULL" anywhere in httpd, that would be
> racy anyway.
>
> There is indeed a worker 'is_address_reusable' flag distinct from
> 'disablereuse', but it is not exposed to the admin and seems to be
> internally mapped to 'disablereuse'.
>
> I have a patch which introduces 'addressTTL' if one is interested, but
> it's not that simple because it addresses the race locklessly (and
> leaklessly :), thus with refcounting, address pool...
>
>
If I got everything correctly, the description of the TTL might be a bit
misleading because it is not clear IMHO that the DNS resolution won't be
performed:

"Time to live for inactive connections and associated connection pool
entries, in seconds. Once reaching this limit, a connection will not be
used again; it will be closed at some later time."

What would happen when an admin performs a change of the origin DNS A or
AAAA record? If httpd doesn't happen to recycle workers at that time it
will try to connect to the old IP address probably triggering a 502 due to
timeouts or connection failures right?

The perfect thing, IMHO, would be to force the DNS resolution every time a
new connection to origin needs to be performed (transparently to all the
options), but as you mentioned the implementation could be messy and I am
not sure how many people would like this feature.

Anyhow, I'll wait for some replies to check that I got everything correctly
and then I'll updated the documentation (unless somebody wants to do it
before me).

Thanks!

Luca

Mime
View raw message