Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-7104

Remove unnecessary DNS reverse lookups from RPC layer

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.22.0
    • Fix Version/s: 0.22.0
    • Component/s: ipc, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      RPC connection authorization needs to verify client's Kerberos principal name matches what specified for the protocol. For service clients like DN's, their Kerberos principal names can be specified in the form of "datanode/_HOST@DOMAIN.COM". To get the expected
      client principal name, the server needs to substitute "_HOST" with the client's fully qualified domain name, which requires a reverse DNS lookup from client IP address. However, for connections from clients whose principal name are either unspecified or specified not using the "_HOST" convention, the substitution is not required and the reverse DNS lookup should be avoided. Currently the reverse DNS lookup is done for all clients, which could slow services like NN down, when local named cache is not available.

        Attachments

        1. 7104-few-edits.patch
          14 kB
          Todd Lipcon
        2. c7104-01.patch
          12 kB
          Kan Zhang
        3. c7104-03.patch
          13 kB
          Kan Zhang

          Issue Links

            Activity

              People

              • Assignee:
                kzhang Kan Zhang
                Reporter:
                kzhang Kan Zhang
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: