[ https://issues.apache.org/jira/browse/HADOOP-7104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12983339#action_12983339 ]
Koji Noguchi commented on HADOOP-7104: -------------------------------------- Kan, Deveraj, isn't this a regression bug instead of an improvement? A single accept thread falling behind due to reverse DNS lookup leading to unresponsive Namenode. (still to be confirmed.) Nigel and dev, please consider this for 0.22. > Remove unnecessary DNS reverse lookups from RPC layer > ----------------------------------------------------- > > Key: HADOOP-7104 > URL: https://issues.apache.org/jira/browse/HADOOP-7104 > Project: Hadoop Common > Issue Type: Improvement > Components: ipc, security > Reporter: Kan Zhang > Assignee: Kan Zhang > Fix For: 0.23.0 > > Attachments: 7104-few-edits.patch, c7104-01.patch, c7104-03.patch > > > RPC connection authorization needs to verify client's Kerberos principal name > matches what specified for the protocol. For service clients like DN's, their > Kerberos principal names can be specified in the form of > "datanode/_h...@domain.com". To get the expected > client principal name, the server needs to substitute "_HOST" with the > client's fully qualified domain name, which requires a reverse DNS lookup > from client IP address. However, for connections from clients whose principal > name are either unspecified or specified not using the "_HOST" convention, > the substitution is not required and the reverse DNS lookup should be > avoided. Currently the reverse DNS lookup is done for all clients, which > could slow services like NN down, when local named cache is not available. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.