From owner-freebsd-isp  Wed Jul 23 21:54:54 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id VAA08259
          for isp-outgoing; Wed, 23 Jul 1997 21:54:54 -0700 (PDT)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA08254
          for <freebsd-isp@FreeBSD.ORG>; Wed, 23 Jul 1997 21:54:50 -0700 (PDT)
Received: from znep.com (uucp@localhost)
	by scanner.worldgate.com (8.8.5/8.8.5) with UUCP id WAA08415;
	Wed, 23 Jul 1997 22:54:30 -0600 (MDT)
Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id WAA01560; Wed, 23 Jul 1997 22:53:54 -0600 (MDT)
Date: Wed, 23 Jul 1997 22:53:53 -0600 (MDT)
From: Marc Slemko <marcs@znep.com>
To: spork <spork@super-g.com>
cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Limits on apache
In-Reply-To: <Pine.BSF.3.95q.970724003016.14460A-100000@super-g.inch.com>
Message-ID: <Pine.BSF.3.95.970723225123.1040E-100000@alive.znep.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 24 Jul 1997, spork wrote:

> On Wed, 23 Jul 1997, Marc Slemko wrote:
> 
> > With 1.2.0, that won't work a lot of the time because BIND has broken code
> > that sets a hard limit based on the FD_SETSIZE setting when BIND was
> > compiled.  You would have to recompile the resolver library with a larger
> > FD_SETSIZE to fix that on 1.2.0. 
> 
> On a tangent...
> 
> I assume (correct me if I'm wrong...) what you are talking about here is
> apache doing the reverse lookups for logging.  We used to let apache do

Not really.  Apache has to do DNS lookups as part of its normal startup.
Turning them off during operation doesn't really help this particular
problem.

> this until I hit some of our sites from unnamed hosts and saw an
> incredible slowness in downloading just about anything from our
> webservers.  Ping and traceroute showed excellent connectivity, and I
> figured out the delay was apache doing the lookups and waiting on the
> timeout...  Turning off dns lookups in the apache configs made things fly,
> and we now run sans dns lookups and let analog do the lookups when it
> processes the logs.  We've since gotten some positive responses from
> clients coming in from ISPs that don't do revs on most of their dialup
> connections.

Turning off hostname lookups is a good thing.  It may be the default for
1.3.  You should do so if you aren't silly enough to get confused by it. 
The biggest gotcha is that domain based access restrictions no longer
work, but that can (and I think is, in the 1.3 source tree... not sure if
the patch is in or not) be fixed so Apache only does the lookups if
required for authentication.