From: Denis Vlasenko Subject: mountd: needless DNS queries when authenticating client against numeric IP Date: Fri, 4 Mar 2005 14:24:22 +0200 Message-ID: <200503041424.22897.vda@ilport.com.ua> Mime-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Received: from sc8-sf-mx1-b.sourceforge.net ([10.3.1.11] helo=sc8-sf-mx1.sourceforge.net) by sc8-sf-list2.sourceforge.net with esmtp (Exim 4.30) id 1D7BsB-0002u3-Du for nfs@lists.sourceforge.net; Fri, 04 Mar 2005 04:25:39 -0800 Received: from [195.66.192.168] (helo=port.imtp.ilyichevsk.odessa.ua) by sc8-sf-mx1.sourceforge.net with smtp (Exim 4.41) id 1D7Bs0-0000N9-IJ for nfs@lists.sourceforge.net; Fri, 04 Mar 2005 04:25:39 -0800 To: nfs@lists.sourceforge.net Sender: nfs-admin@lists.sourceforge.net Errors-To: nfs-admin@lists.sourceforge.net List-Unsubscribe: , List-Id: Discussion of NFS under Linux development, interoperability, and testing. List-Post: List-Help: List-Subscribe: , List-Archive: mount 127.0.0.1:/ can fail if DNS is down and mountd has been restarted without re-run of exportfs -r, because /var/lib/nfs/etab contains wrong hostname ("localhost" instead of "127.0.0.1") and mountd cannot determine that these are the same. This was explained in my previous mail. Here is another, lesser problem: If mountd was restarted _with_ prior run of exportfs -r, etab is correct and mount succeeds, but with ~10 sec delay because of: nfs_export * auth_authenticate(char *what, struct sockaddr_in *caller, char *path) { nfs_export *exp = NULL; char epath[MAXPATHLEN+1]; char *p = NULL; struct hostent *hp = NULL; struct in_addr addr = caller->sin_addr; enum auth_error error; if (path [0] != '/') { xlog(L_WARNING, "bad path in %s request from %s: \"%s\"", what, inet_ntoa(addr), path); return exp; } strncpy(epath, path, sizeof (epath) - 1); epath[sizeof (epath) - 1] = '\0'; auth_fixpath(epath); /* strip duplicate '/' etc */ xlog(L_ERROR, "auth_authenticate(): get_reliable_hostbyaddr start"); //vda: ===> hp = get_reliable_hostbyaddr((const char*)&caller->sin_addr, sizeof(struct in_addr), AF_INET); ^^^^^^^^^^^^^^^^^ gethostbyaddr inside. we will wait for DNS reply (or timeout) if (!hp) hp = get_hostent((const char*)&caller->sin_addr, sizeof(struct in_addr), AF_INET); if (!hp) return exp; This DNS query is not needed in my case. Shall we first try to authenticate against numeric IP of client and retry with hostname returned from get_reliable_hostbyaddr() only if we fail auth against numeric IP? -- vda ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ NFS maillist - NFS@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs