Remove unnecessary DNS reverse lookups from RPC layer
-----------------------------------------------------
Key: HADOOP-7104
URL: https://issues.apache.org/jira/browse/HADOOP-7104
Project: Hadoop Common
Issue Type: Improvement
Components: ipc, security
Reporter: Kan Zhang
Assignee: Kan Zhang
RPC connection authorization needs to verify client's Kerberos principal name
matches what specified for the protocol. For service clients like DN's, their
Kerberos principal names can be specified in the form of
"datanode/_h...@domain.com". To get the expected
client principal name, the server needs to substitute "_HOST" with the client's
fully qualified domain name, which requires a reverse DNS lookup from client IP
address. However, for connections from clients whose principal name are either
unspecified or specified not using the "_HOST" convention, the substitution is
not required and the reverse DNS lookup should be avoided. Currently the
reverse DNS lookup is done for all clients, which could slow services like NN
down, when local named cache is not available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
