From owner-freebsd-stable@FreeBSD.ORG Sat Oct 1 00:50:16 2011 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D35D106564A; Sat, 1 Oct 2011 00:50:16 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout018.mac.com (asmtpout018.mac.com [17.148.16.93]) by mx1.freebsd.org (Postfix) with ESMTP id 55E008FC0A; Sat, 1 Oct 2011 00:50:16 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp018.mac.com (Oracle Communications Messaging Server 7u4-23.01 (7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTPSA id <0LSD00KPM0VL2Y20@asmtp018.mac.com>; Fri, 30 Sep 2011 16:50:09 -0700 (PDT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-09-30_08:2011-09-30, 2011-09-30, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1012030000 definitions=main-1109300290 From: Chuck Swiger In-reply-to: <4E865146.8090108@FreeBSD.org> Date: Fri, 30 Sep 2011 16:50:09 -0700 Message-id: <44206D3D-B15C-4A47-A812-67C81C13CDDA@mac.com> References: <4E865146.8090108@FreeBSD.org> To: Doug Barton X-Mailer: Apple Mail (2.1084) Cc: freebsd-stable@FreeBSD.org Subject: Re: 7.3 + kqueue + apache/php + DNS lookup problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Oct 2011 00:50:16 -0000 On Sep 30, 2011, at 4:31 PM, Doug Barton wrote: > o, this is a bit of an odd one .... I've got a web server running > apache 2.2.17 and php 5.3.5. The host itself is running 7.3-RELEASE, > i386, and is not busy. I can do DNS queries on the command line all day > long and they are very snappy. Using nslookup, dig, whatever. Are you using prefork or worker/threaded MPM with Apache? While some PHP modules claim to be threadsafe, experience has left me convinced that neither threaded PHP nor threaded mod_perl is reliable under even minimal load. If you haven't tried using prefork MPM, consider using it, and maybe add fastcgi if you need to. > The weirdness comes in when the httpd process needs to do a DNS lookup. [ ... ] > I'm open to suggestions on where to look to improve this situation. One of the major problems with doing any DNS lookups in Apache is that you can easily encounter a DoS as all of the child processes try to resolve addresses; a malware scan coming from an IP with broken reverse DNS can cause things to grind to a halt for a few seconds. If at all possible, do not perform any DNS resolution in Apache, either for Allow/Deny rules in Location blocks, or for log processing. Regards, -- -Chuck