CA-408550: XSI-1834: Host netbios name should be added to local hosts file to avoid DNS lookup #6386
Conversation
hosts file to avoid DNS lookup Without adding netbios name into /etc/hosts, a DNS query for localhost name is performed when talks to Domain Controller. This waste resources, especially when XenServer is monitorred by ControllUP, who perform external auth very frequently Adding netbios name into /etc/hosts to avoid the DNS query and keep consistent with PBIS Signed-off-by: Lin Liu <Lin.Liu01@cloud.com>
Signed-off-by: Lin Liu <Lin.Liu01@cloud.com>
liulinC
force-pushed
the
private/linl/dev
branch
from
b40a0de to
6ac37d7
Compare
|
Can this be done without touching the "/etc/hosts"? E.g. a configuration for the specific sub process? |
|
|
I agree that this should not be per process but as general as possible. However, it is strange that this is required for efficiency. I consider DNS resolution an OS task and would expect this to be efficient from caching (since DNS has lifetime data) without having to update /etc/hosts. |
We do not use local OS cache (we do not have systemd-resolved, or ncsd) |
|
A process ususally calls gethostbyname() and its up to libraries and system configuration how this is resolved - which includes using /etc/hosts. This is configured with /etc/nsswitch.conf. |
| | true -> | ||
| String.split_on_char sep line | ||
| |> List.filter (fun x -> x <> name && x <> fqdn) | ||
| |> (fun x -> match op with Add -> x @ [name; fqdn] | Remove -> x) |
There was a problem hiding this comment.
Before we add something, should we make sure there is not previous entry for it? That is - should an addition always include a removal of any existing entry such that the new entry is the definitive one? Is that even possible?
There was a problem hiding this comment.
- Every entry should only exists once for an IP address
- The order does not really matter
- We remove the entry and add new one if necessary, to keep unify for
AddandRemoveoperation.
There was a problem hiding this comment.
Does this still work when name or fqdn changes? So: the file contains an outdated entry; and the current name or fqdn does not match the previous one.
|
Is this an enhancement to speed up many AD logins in a short time span? We have another possible solution for that, which is currently still disabled by default pending further testing: AD login caching, which completely avoids reaching out to the AD server if the same login request was made recently. Would that be enough to solve this problem? |
|
The cache is good to resolve the issue, and I have already suggested that to customer to give it a try. However, goes to DNS to resolve local host is totally unnecessary, and is a regression comparing to PBIS needs fix. |
Without adding netbios name into /etc/hosts, a DNS query for localhost name is performed when talks to Domain Controller.
This waste resources, especially when XenServer is monitorred by ControllUP, who perform external auth very frequently
Adding netbios name into /etc/hosts to avoid the DNS query and keep consistent with PBIS