[
https://issues.apache.org/jira/browse/HADOOP-7104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12983339#action_12983339
]
Koji Noguchi commented on HADOOP-7104:
--------------------------------------
Kan, Deveraj, isn't this a regression bug instead of an improvement?
A single accept thread falling behind due to reverse DNS lookup leading to
unresponsive Namenode. (still to be confirmed.)
Nigel and dev, please consider this for 0.22.
> Remove unnecessary DNS reverse lookups from RPC layer
> -----------------------------------------------------
>
> Key: HADOOP-7104
> URL: https://issues.apache.org/jira/browse/HADOOP-7104
> Project: Hadoop Common
> Issue Type: Improvement
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Fix For: 0.23.0
>
> Attachments: 7104-few-edits.patch, c7104-01.patch, c7104-03.patch
>
>
> RPC connection authorization needs to verify client's Kerberos principal name
> matches what specified for the protocol. For service clients like DN's, their
> Kerberos principal names can be specified in the form of
> "datanode/_h...@domain.com". To get the expected
> client principal name, the server needs to substitute "_HOST" with the
> client's fully qualified domain name, which requires a reverse DNS lookup
> from client IP address. However, for connections from clients whose principal
> name are either unspecified or specified not using the "_HOST" convention,
> the substitution is not required and the reverse DNS lookup should be
> avoided. Currently the reverse DNS lookup is done for all clients, which
> could slow services like NN down, when local named cache is not available.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
