Date: Fri, 30 Sep 2011 16:50:09 -0700 From: Chuck Swiger <cswiger@mac.com> To: Doug Barton <dougb@FreeBSD.org> Cc: freebsd-stable@FreeBSD.org Subject: Re: 7.3 + kqueue + apache/php + DNS lookup problem Message-ID: <44206D3D-B15C-4A47-A812-67C81C13CDDA@mac.com> In-Reply-To: <4E865146.8090108@FreeBSD.org> References: <4E865146.8090108@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 30, 2011, at 4:31 PM, Doug Barton wrote: > o, this is a bit of an odd one .... I've got a web server running > apache 2.2.17 and php 5.3.5. The host itself is running 7.3-RELEASE, > i386, and is not busy. I can do DNS queries on the command line all day > long and they are very snappy. Using nslookup, dig, whatever. Are you using prefork or worker/threaded MPM with Apache? While some PHP modules claim to be threadsafe, experience has left me convinced that neither threaded PHP nor threaded mod_perl is reliable under even minimal load. If you haven't tried using prefork MPM, consider using it, and maybe add fastcgi if you need to. > The weirdness comes in when the httpd process needs to do a DNS lookup. [ ... ] > I'm open to suggestions on where to look to improve this situation. One of the major problems with doing any DNS lookups in Apache is that you can easily encounter a DoS as all of the child processes try to resolve addresses; a malware scan coming from an IP with broken reverse DNS can cause things to grind to a halt for a few seconds. If at all possible, do not perform any DNS resolution in Apache, either for Allow/Deny rules in Location blocks, or for log processing. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44206D3D-B15C-4A47-A812-67C81C13CDDA>