Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp464871ybz; Fri, 17 Apr 2020 04:32:32 -0700 (PDT) X-Google-Smtp-Source: APiQypK1LWIxL6K51CbPhzQ2weaTBh+pdPw9UxMIjBK5yN4a6oGfROMmZAfp2dfhtr2d+yEOsinr X-Received: by 2002:a17:906:6987:: with SMTP id i7mr2607021ejr.12.1587123151882; Fri, 17 Apr 2020 04:32:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587123151; cv=none; d=google.com; s=arc-20160816; b=vACrb7zFmpF9tuaxShw7LX0KvEbV9Wis5yYtf6meX+G43khtm1gMN2wQzuAj35eJEH WQL5WB0SrtcRQTAM5USWx1tKsQRls+E5JClqvUcmYGcZd8FO5ENBDiIT7tc78OdmrzK5 Z0MGhVP+G//FOzpqRKjtEMuCPnjwphTaKFCY8MGKoFzZvApS3u7jB5frVjI0TMKQY145 cOkDM+yhPmv6iPR5pSt5Xc4cZ0fCFEeyHTEaodjrBSE4C65jptFVB83hzRlyvGfkILbh 7nd0MMjjKkIEcQaWu70qBsQRmAmCOS2Nw+IJrvJ4Xn9PCA1s3j22SVdl1fzBU0xkYINS tVWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:subject:cc:to:from; bh=JTtZli4KvC9rYIxrvBbKFU73n/sGDNDjwWANF0JA2tc=; b=FC+89iVTdDEm+ipFigGDmtFmZNGkuOrZ2Kui3yHmoViPiNbavt82pHMP5zNNrxApzg DWvZFyeO9owL2uV/NyCav8hP9fPNGYBHC0+jxk2pjiDIoh9MKY8BJ4fYmrz3pVW95MC0 edPcIGA+ToZtbsF6TGFHE9WNUGgX41EvAxAsfYxtWWdkNyVOnM3b9qq6G9aKvTRA95Fe vpFdOFK/3XjCA7LMYw18qJt4UqGf/EDLhvRzT1R/hNCxJZriNXq+fuuL+d8eF30nsavI QTVPsDVL0jhmCx8NepPfsNkQHkpSqejC2jaCMIn3Jsx3shZNX1KhDjlyBd4OojctuEi1 PkzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v1si2952720edr.198.2020.04.17.04.31.56; Fri, 17 Apr 2020 04:32:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730365AbgDQLbo convert rfc822-to-8bit (ORCPT + 99 others); Fri, 17 Apr 2020 07:31:44 -0400 Received: from mx2.suse.de ([195.135.220.15]:55428 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730236AbgDQLbo (ORCPT ); Fri, 17 Apr 2020 07:31:44 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 4A696ABEF; Fri, 17 Apr 2020 11:31:40 +0000 (UTC) From: =?utf-8?Q?Aur=C3=A9lien?= Aptel To: Chuck Lever , David Howells Cc: Florian Weimer , Linux NFS Mailing List , linux-cifs@vger.kernel.org, linux-afs@lists.infradead.org, ceph-devel@vger.kernel.org, keyrings@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: What's a good default TTL for DNS keys in the kernel In-Reply-To: <8DC44895-E904-4155-B7B8-B109A777F23C@oracle.com> References: <874ktl2ide.fsf@oldenburg2.str.redhat.com> <3865908.1586874010@warthog.procyon.org.uk> <128769.1587032833@warthog.procyon.org.uk> <8DC44895-E904-4155-B7B8-B109A777F23C@oracle.com> Date: Fri, 17 Apr 2020 13:31:39 +0200 Message-ID: <87sgh22vs4.fsf@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Chuck Lever writes: > The Linux NFS client won't connect to a new server when the server's > DNS information changes. A fresh mount operation would be needed for > the client to recognize and make use of it. > > There are mechanisms in the NFSv4 protocol to collect server IP addresses > from the server itself (fs_locations) and then try those locations if the > current server fails to respond. But currently that is not implemented in > Linux (and servers would need to be ready to provide that kind of update). We have a very similar system in CIFS. Failover can be handled in 2 ways (technically both can be used at the same time): a) with DFS, the mount can have a list of possible location to connect to, sort of like cross-server symlinks with multiple possible targets. Note that the target value uses hostnames. b) the domain controler can notice the server is down and automatically switch the server hostname DNS entry to a backup one with a different IP. >> CIFS also doesn't make direct use of the TTL, and again this may be because it >> uses the server address as part of the primary key for the superblock (see >> cifs_match_super()). When we try to reconnect after a failure (using (a) or just reconnecting to same server) we resolve the host again to try to use any new IP (in case (b) happened). This is done via upcalling using the request_key() API. The cifs.upcall prog (from cifs-utils) calls getaddrinfo() and sets a key with a default TTL of 10mn [2][3] but if the system uses DNS caching via nscd[1] there's no way to tell how long the old IP will remain in use... 1: https://linux.die.net/man/8/nscd 2: https://github.com/piastry/cifs-utils/blob/9a8c21ad9e4510a83a3a41f7a04f763a4fe9ec09/cifs.upcall.c#L66 3: https://github.com/piastry/cifs-utils/blob/9a8c21ad9e4510a83a3a41f7a04f763a4fe9ec09/cifs.upcall.c#L783 Cheers, -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)