Date: Sat, 23 Nov 1996 00:42:42 -0500 (EST) From: Bill Paul <wpaul@skynet.ctr.columbia.edu> To: Tor.Egge@idt.ntnu.no Cc: bugs@freebsd.org Subject: Re: bin/2090: clients may bind to FreeBSD ypserv refusing to serve them Message-ID: <199611230542.AAA02255@skynet.ctr.columbia.edu> In-Reply-To: <199611230431.FAA16781@ikke.idt.unit.no> from "Tor Egge" at Nov 23, 96 05:31:36 am
next in thread | previous in thread | raw e-mail | index | archive | help
Of all the gin joints in all the towns in all the world, Tor Egge had to walk into mine and say: > >Description: > > NetBSD/FreeBSD/SunOS 4 machines uses broadcast via portmapper > to find an yp server that serves the relevant domain. Since > the request is forwarded by the local portmapper on the > FreeBSD machine, the securenets mechanism is inactive, and > an positive acknowledge is sent back to the client via the > portmapper. The client may be bound to an yp server > that refuses to handle requests from the client. Oh blorg. Wait a minute. Does the SunOS ypserv behave the same way? If not, I wonder that they did to shut it up. > >How-To-Repeat: > > Have a FreeBSD machine that runs a local ypserv due to > performance reasons. Hm... may I ask what this performance reasons are? > Configure ypserv to run without DNS forwarding, > since it is expensive (fork()). Configure it to only serve > local host, to avoid SunOS 4 machines needing DNS forwarding > binding to it. Observe that nearby NetBSD/FreeBSD/SunOS 4 machines > may bind to the FreeBSD machine, causing problems > (e.g. users not being able to login). [chop] > - Don't let the ypserv process fork for gethostbyname() > lookups. Use async dns lookups instead. This has been on my mind for a while, but it's fallen victim to a severe lack of round tuits. One reason I've been putting it off is that doing this 'correctly' would probably mean bolting some of the BIND code directly onto ypserv. This would lead to yet another upgrade headache when new BIND versions are released. Another problem is YPPROC_ALL, which uses a TCP pipe to transmit the entire map to the caller. If the map is large, the server can stay busy for a long time. At the moment, this is also dealt with using a fork(). I haven't found an elegant solution for this that I really like. (This is probably because I don't like threads.) -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "If you're ever in trouble, go to the CTR. Ask for Bill. He will help you." =============================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611230542.AAA02255>