From owner-freebsd-hackers Fri Nov 17 11:20:58 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id LAA23379 for hackers-outgoing; Fri, 17 Nov 1995 11:20:58 -0800 Received: from gateway.cybernet.com ([192.245.33.1]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id LAA23371 for ; Fri, 17 Nov 1995 11:20:51 -0800 Received: from root@spiffy.cybernet.com by gateway.cybernet.com (8.6.8/1.0A) id PAA20401; Fri, 17 Nov 1995 15:25:25 -0500 Date: Fri, 17 Nov 1995 15:25:25 -0500 Content-Length: 2317 Message-ID: X-Mailer: XFMail 0.3-beta [p0] on FreeBSD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Reply-To: root@spiffy.cybernet.com Organization: Cybernet Systems Corporation From: "Mark J. Taylor" To: Subject: gethostbyXXX() blocking too long Sender: owner-hackers@freebsd.org Precedence: bulk For quite some time now, our site has been plagued by long delays during connecting to machines on the Internet. The connection is established quickly, followed by LONG delays in getting any data, login prompt, etc. I think that I've stumbled upon the answer. Many services (ftpd, telnetd, rshd, etc.) perform a gethostbyaddr() call right after a connection is established. Of course, this call blocks until the nameserver(s) are asked to reverse-name resolve the IP address string. Well, it turns out that our site (at least) does not have any reverse name entries in our primary Internet name servers (we have them here locally, but our DNS primaries do not point to our DNS). Therefore, any program on any machine on the Internet will BLOCK until the DNS queries time out, which takes anywhere from 60 to 240 seconds. For example: mymachine FTPs to oak.oakland.edu inetd on oak.oakland.edu starts up a ftpd (socket is established) ftpd on oak does a gethostbyaddr() call on mymachine's IP address DNS stuff starts LONG DELAY DNS times out (no replies) ftpd continues, logs IP address instead of hostname There are two ways that I can see to fix this problem: 1) get the reverse name entries in one of our primary Internet DNS servers 2) call alarm()/setitimer() before any blocking DNS calls (gethostbyname, gethostbyaddr) with a small time value (10 seconds or so) in all software that performs these calls (this would be a change in the remote site's software) Of course, (2) will require the everyone to modify their software. :) (some already have, so it would seem) So, am I totally wrong in requesting that change (2) go into FreeBSD daemons, so that at least when someone at sites w/o reverse DNS lookup entries connects to FreeBSD machines, there will not be these LONG delays that speak of? (would be a great win for FreeBSD- "My 'time to login:' at most sites sucks, but the ones that use FreeBSD as their server really jams!") I'm sure that my site (cybernet.com) is not the only one on the Internet w/o DNS reverse name entries. (I'm currently getting on my ISP's case about getting reverse DNS set up for us at their site- it's not that hard to set up secondary name servers.) Thanks for listening. I hope that I've made myself clear. -Mark Taylor mtaylor@cybernet.com