[HADOOP-7104] Remove unnecessary DNS reverse lookups from RPC layer - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.22.0
Fix Version/s: 0.22.0
Component/s: ipc, security
Labels:
None

Hadoop Flags:

Reviewed

Description

RPC connection authorization needs to verify client's Kerberos principal name matches what specified for the protocol. For service clients like DN's, their Kerberos principal names can be specified in the form of "datanode/_HOST@DOMAIN.COM". To get the expected
client principal name, the server needs to substitute "_HOST" with the client's fully qualified domain name, which requires a reverse DNS lookup from client IP address. However, for connections from clients whose principal name are either unspecified or specified not using the "_HOST" convention, the substitution is not required and the reverse DNS lookup should be avoided. Currently the reverse DNS lookup is done for all clients, which could slow services like NN down, when local named cache is not available.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

7104-few-edits.patch
14/Jan/11 23:30
14 kB
Todd Lipcon
c7104-03.patch
14/Jan/11 22:42
13 kB
Kan Zhang
c7104-01.patch
13/Jan/11 22:47
12 kB
Kan Zhang

Issue Links

relates to

HADOOP-7215 RPC clients must connect over a network interface corresponding to the host name in the client's kerberos principal key

Closed

Activity

People

Assignee:: Kan Zhang

Reporter:: Kan Zhang

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 13/Jan/11 22:28

Updated:: 12/Dec/11 06:19

Resolved:: 15/Jan/11 02:41