Issue #20194 has been updated by Matthaus Owens.
Released in Puppet 3.2.0-rc1 ---------------------------------------- Bug #20194: Webrick puppetmaster performs reverse DNS lookup for every request https://projects.puppetlabs.com/issues/20194#change-89585 * Author: Josh Cooper * Status: Closed * Priority: Normal * Assignee: * Category: * Target version: 3.2.0 * Affected Puppet version: 0.22.1 * Keywords: dns * Branch: https://github.com/puppetlabs/puppet/pull/1593 ---------------------------------------- This issue is about reverse DNS lookups (PTR records) that the webrick puppetmaster performs for each client connection that it accepts. It is different than issue #18573, which is about the agent performing multiple DNS (A record) lookups of the master. When running webrick, its `HTTPServer` calls `HTTPRequest#parse` on the accepted socket, and that results in a call to `IPSocket#peeraddr`. In ruby versions prior to 1.9.2p0, this <b>always</b> results in a reverse DNS lookup (as does calling `IPSocket#addr`). In ruby 1.9.0, the webrick [:DoNotReverseLookup](https://github.com/ruby/ruby/commit/0d8a0904d93e9600ccd095eabd5e4165c15987ff) option was added to allow users to disable reverse lookups. And [Rails](https://github.com/rails/rails/issues/4542) did. During development of ruby 1.9.2p0, the default value of `BasicSocket#do_not_reverse_lookup` was changed to `true` in [ruby-core:r9858](https://github.com/ruby/ruby/commit/85176676e5067117a8494ad207bbaf0796564bc3). At some point the default was accidentally changed back to false, and then was fixed again in [ruby-core:r26541](https://github.com/ruby/ruby/commit/4dfd71005cf4ee14db965cd155417f8657ed2c24) in time for ruby 1.9.2p0. As a result, when running 1.8.x-1.9.1, webrick-based puppetmasters will always perform reverse DNS lookups, for every request, and therefore, every catalog request, every pluginsync'ed file, etc. A second issue is that the puppetmaster calls `HTTPRequest#peeraddr` on every REST request, even though all we need is the peer IP address: <pre> if peer = request.peeraddr and ip = peer[3] result[:ip] = ip end </pre> This doesn't lead to additional reverse DNS lookups, because the `HTTPRequest` caches the parsed `@peeraddr` value, but it seems unnecessary. I think we should instead call `HTTPRequest#remote_ip`, which will never result in a reverse DNS lookup and it also handles [X-Forwarded-For](http://en.wikipedia.org/wiki/X-Forwarded-For) headers that identify the originating client IP, but that method is only in ruby 1.9.1p378 and up. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
