Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9339

SSL (TLS) peer reverse DNS lookup can block the event loop thread.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Accepted
    • Major
    • Resolution: Unresolved
    • None
    • None
    • libprocess

    Description

      We currently look up the peer hostname in order to perform certificate verification while accepting SSL (TLS) connections. This blocks the event loop thread in cases where it has to go over the network. We saw one issue where a misconfiguration meant that this would block for 15 seconds.

      Once we add asynchronous DNS lookup facilities (MESOS-9338), we can use them to avoid blocking the event loop thread.

      We should consider logging slow DNS reverse lookups and adding timing metrics for them.

      Attachments

        Issue Links

          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-9338 Add asynchronous DNS facilities to libprocess.

          • Major - Major loss of function.
          • Accepted
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-4665 Reverse DNS for cert validation ?

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              bmahler Benjamin Mahler
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: