From owner-freebsd-bugs Fri Nov 22 21:43:28 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA10844 for bugs-outgoing; Fri, 22 Nov 1996 21:43:28 -0800 (PST) Received: from skynet.ctr.columbia.edu (skynet.ctr.columbia.edu [128.59.64.70]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id VAA10823 for ; Fri, 22 Nov 1996 21:43:10 -0800 (PST) Received: (from wpaul@localhost) by skynet.ctr.columbia.edu (8.6.12/8.6.9) id AAA02255; Sat, 23 Nov 1996 00:42:43 -0500 From: Bill Paul Message-Id: <199611230542.AAA02255@skynet.ctr.columbia.edu> Subject: Re: bin/2090: clients may bind to FreeBSD ypserv refusing to serve them To: Tor.Egge@idt.ntnu.no Date: Sat, 23 Nov 1996 00:42:42 -0500 (EST) Cc: bugs@freebsd.org In-Reply-To: <199611230431.FAA16781@ikke.idt.unit.no> from "Tor Egge" at Nov 23, 96 05:31:36 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Of all the gin joints in all the towns in all the world, Tor Egge had to walk into mine and say: > >Description: > > NetBSD/FreeBSD/SunOS 4 machines uses broadcast via portmapper > to find an yp server that serves the relevant domain. Since > the request is forwarded by the local portmapper on the > FreeBSD machine, the securenets mechanism is inactive, and > an positive acknowledge is sent back to the client via the > portmapper. The client may be bound to an yp server > that refuses to handle requests from the client. Oh blorg. Wait a minute. Does the SunOS ypserv behave the same way? If not, I wonder that they did to shut it up. > >How-To-Repeat: > > Have a FreeBSD machine that runs a local ypserv due to > performance reasons. Hm... may I ask what this performance reasons are? > Configure ypserv to run without DNS forwarding, > since it is expensive (fork()). Configure it to only serve > local host, to avoid SunOS 4 machines needing DNS forwarding > binding to it. Observe that nearby NetBSD/FreeBSD/SunOS 4 machines > may bind to the FreeBSD machine, causing problems > (e.g. users not being able to login). [chop] > - Don't let the ypserv process fork for gethostbyname() > lookups. Use async dns lookups instead. This has been on my mind for a while, but it's fallen victim to a severe lack of round tuits. One reason I've been putting it off is that doing this 'correctly' would probably mean bolting some of the BIND code directly onto ypserv. This would lead to yet another upgrade headache when new BIND versions are released. Another problem is YPPROC_ALL, which uses a TCP pipe to transmit the entire map to the caller. If the map is large, the server can stay busy for a long time. At the moment, this is also dealt with using a fork(). I haven't found an elegant solution for this that I really like. (This is probably because I don't like threads.) -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "If you're ever in trouble, go to the CTR. Ask for Bill. He will help you." =============================================================================