Hi Kirk, Sorry, I've only just noticed this thread. I've also experienced the same problem. I've commented on this issue (although it might not be the correct bug after all, since it's not quite the same problem): https://projects.puppetlabs.com/issues/18812#note-1
It would be great to disable reverse lookup by default if possible (although I must admit I'm using Ruby 1.8, so this might be difficult). Trying to debug this issue is quite involved (Wireshark, strace...), and is indeed an unnecessary distraction, especially in an initial test environment, where I guess it's typical to find client nodes that don't have a reverse DNS entry. My guess is that Webrick performs a reverse lookup either for no reason at all or for potential logging (this reverse lookup is turned off by default in Apache Httpd as far as I know). Best wishes, Bruno. On Friday, 11 January 2013 19:13:16 UTC, Kirk Steffensen wrote: > > Josh, thanks for the info. Based on your description, I think I was > seeing a bug. Because the agents were all definitely getting certificates. > When I did the tcpdump, I could see them being used in the exchange. So, > it sounds like the puppetmaster running in webrick was still performing a > reverse lookup even with the agent having a client cert. > > Is there anything that would be helpful for me to try to nail down if it's > doing the right thing or not? > > Kirk > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.