(Moving the discussion back to haskell-infrastructure) Thanks for looking into this, Yitz.
It's interesting that I face this problem only on the hackage.h.o-hosted services (hackage itself and trac), and not, say, on haskellwiki or trac.h.o. It it true that only hackage.h.o-hosted services use CGI? Roman * Yitzchak Gale <[email protected]> [2013-04-09 17:24:08+0300] > Answering my own question: > > I retract the proposal for changes here. > > Although the function Network.accept > does an implied reverse DNS lookup, > it does so lazily. So the actual lookup > should not happen unless the library client > actually tries to use the host name. > > As for the Hackage problem, this problem > is inherent to CGI, which is what Hackage > currently uses. The CGI protocol supplies > the resolved client host name to the web > application in an environment variable. So > the web server (Apache in this case) will > always have do a reverse DNS lookup by definition. > (Environment variables are strict. Too bad.) > > So until we upgrade to a complete rewrite of > Hackage (any day now, right?), I guess the > only solution is to access Hackage via a > proxy on a host whose reverse DNS is > working. > > Thanks, > Yitz > > On Tue, Apr 9, 2013 at 3:54 PM, Yitzchak Gale <[email protected]> wrote: > > I noticed that the accept function in the network library, > > unlike the underlying C function, does a reverse DNS > > lookup every time it accepts a connection. > > > > This seems to be the cause of an acute problem: > > Hackage is nearly unusable for people whose ISP > > has broken reverse DNS, since every request to > > the server delays for 30 seconds or more while > > waiting for the broken reverse DNS server to time > > out. I know, the ISP should fix it, or the user should > > switch to a different ISP, but that isn't always practical. > > > > In particular, Roman, our expert from Odessa, is > > experiencing this problem. And he is hosting a > > Haskell Hackathon, OdHack, in just a few weeks > > time. I am concerned that all participants in the > > Hackathon might also be susceptible, which would > > be a Very Bad Thing. > > > > I'll note that nowadays it seems to be widely > > accepted "best practice" to avoid per-connection > > RDNS lookup, e.g., by configuring web servers > > to log IP addresses instead of domain names. > > > > So there are two questions here: one is whether > > we need a change to the the network and/or > > cgi packages (and possibly others), and the other > > is how to solve the hackage problem promptly. > > > > My first thought on the first question is to add > > a new function acceptRaw or accept' to network > > that skips the lookup, and then change cgi to > > use it. But I would also support changing accept > > itself to skip the lookup always. > > > > Thanks, > > Yitz > > _______________________________________________ > Libraries mailing list > [email protected] > http://www.haskell.org/mailman/listinfo/libraries _______________________________________________ haskell-infrastructure mailing list [email protected] http://community.galois.com/mailman/listinfo/haskell-infrastructure
