Mailing List Archive

Slow connection time - turning off reverse DNS lookup
Hello!

I am currently using conserver to access several serial interfaces
spread out among a few servers. We have a single conserver-server
acting as master, and 6 servers have their serial interfaces
accessible via this star topology.

We've just had an IP address migration and our conserver clients no
longer have proper reverse DNS lookup.

Users are complaining that console now takes a long time to show the
current status (console -u) and also a long time to connect. For
instance, console -u takes 45 seconds to show all the available serial
ports (at most 8 serial ports per server)

Just for comparison purposes, a similar problem was found with SSH,
but it is possible to solve it by disabling the UseDNS parameter in
/etc/ssh/sshd_config file ("UseDNS no") at the server.

Is it possible to turn off reverse DNS lookup on conserver? If so, how
is it done? I have searched for this in the man pages but couldn't
find anything... A workaround is to add all known hosts to each
server's /etc/hosts file, but this is the dumb way of solving it...
Any other ideas?

Thanks in advance for any feedback! And also many thanks for the
conserver app, it is a really useful tool :)

Best Regards
Felipe Rechia
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Slow connection time - turning off reverse DNS lookup [ In reply to ]
I have to admit that sometimes it is easier for me to edit the code then
to read the manual :)

In 7.2.X I had this problem and simply commented out the revers look up.

In my use I have no need to know the name that is associated with and
address.

Chris


_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
RE: Slow connection time - turning off reverse DNS lookup [ In reply to ]
Without having the slightest clue about your setup aside from what you've told me, what type of system(s) are we dealing with? For instance, in Solaris you can define search orders in /etc/nsswitch.conf for hosts databases:

hosts: files dns

Then add the appropriate entries to your /etc/hosts file and things should speed up a bit.

As an aside, it doesn't make much sense to me that you'd get a 45 sec timeout if a DNS server is responding with an NXDOMAIN error. It seems to me that you're looking for DNS servers that aren't responding. I'd check to see if your DNS server settings are correct prior to trying to alter source code to circumvent this behavior.

-Alex

________________________________________
From: users-bounces@conserver.com [users-bounces@conserver.com] On Behalf Of Felipe Rechia [feliperechia@gmail.com]
Sent: Friday, October 21, 2011 3:32 PM
To: users@conserver.com
Subject: Slow connection time - turning off reverse DNS lookup

Hello!

I am currently using conserver to access several serial interfaces
spread out among a few servers. We have a single conserver-server
acting as master, and 6 servers have their serial interfaces
accessible via this star topology.

We've just had an IP address migration and our conserver clients no
longer have proper reverse DNS lookup.

Users are complaining that console now takes a long time to show the
current status (console -u) and also a long time to connect. For
instance, console -u takes 45 seconds to show all the available serial
ports (at most 8 serial ports per server)

Just for comparison purposes, a similar problem was found with SSH,
but it is possible to solve it by disabling the UseDNS parameter in
/etc/ssh/sshd_config file ("UseDNS no") at the server.

Is it possible to turn off reverse DNS lookup on conserver? If so, how
is it done? I have searched for this in the man pages but couldn't
find anything... A workaround is to add all known hosts to each
server's /etc/hosts file, but this is the dumb way of solving it...
Any other ideas?

Thanks in advance for any feedback! And also many thanks for the
conserver app, it is a really useful tool :)

Best Regards
Felipe Rechia
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Slow connection time - turning off reverse DNS lookup [ In reply to ]
Hi Felipe,

apart from deconfiguring reverse lookup for every
client side instance using DNS I would rather try
to understand what's going on. Look into the client
system logs and DNS logs, as well as looking into
the DNS network traffic.

If the IP address migration "just" occured, maybe
there's a caching issue on the server side. Or all
of a sudden clients try UDP first which fails for
some strange reason, then TCP? Or whatever....

On the client side you could as well use nscd to cache
DNS entries. However it might be also a good idea
to restart it, if you changed DNS on the server
side, if you have NSCD it running already.

HTH,

Dirk

Am 10/21/2011 03:32 PM, schrieb Felipe Rechia:
> Hello!
>
> I am currently using conserver to access several serial interfaces
> spread out among a few servers. We have a single conserver-server
> acting as master, and 6 servers have their serial interfaces
> accessible via this star topology.
>
> We've just had an IP address migration and our conserver clients no
> longer have proper reverse DNS lookup.
>
> Users are complaining that console now takes a long time to show the
> current status (console -u) and also a long time to connect. For
> instance, console -u takes 45 seconds to show all the available serial
> ports (at most 8 serial ports per server)
>
> Just for comparison purposes, a similar problem was found with SSH,
> but it is possible to solve it by disabling the UseDNS parameter in
> /etc/ssh/sshd_config file ("UseDNS no") at the server.
>
> Is it possible to turn off reverse DNS lookup on conserver? If so, how
> is it done? I have searched for this in the man pages but couldn't
> find anything... A workaround is to add all known hosts to each
> server's /etc/hosts file, but this is the dumb way of solving it...
> Any other ideas?
>
> Thanks in advance for any feedback! And also many thanks for the
> conserver app, it is a really useful tool :)
>
> Best Regards
> Felipe Rechia
> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Slow connection time - turning off reverse DNS lookup [ In reply to ]
Hi Alex!

> Without having the slightest clue about your setup aside from what you've told me, what type of system(s) are we dealing with? For instance, in Solaris you can define search orders in /etc/nsswitch.conf for hosts databases:
>
> hosts: files dns
>
I am using both conserver-server and client installed as packages for
ubuntu 10.04.

> Then add the appropriate entries to your /etc/hosts file and things should speed up a bit.
>

Yes, this works. I've edited the /etc/hosts file of one server to test
it , but since I have 6 conserver-servers, I'd always have to
replicate any hostname updates to the /etc/hosts file of all servers.
Currently I have around 10 different users which could connect from
different IP addresses from our internal network, and some also from a
range of IP addresses acquired via DHCP. So I'd have to create lots of
entries in the files, and I'm currently looking for a simpler option.

> As an aside, it doesn't make much sense to me that you'd get a 45 sec timeout if a DNS server is responding with an NXDOMAIN error. It seems to me that you're looking for DNS servers that aren't responding. I'd check to see if your DNS server settings are correct prior to trying to alter source code to circumvent this behavior.
>

The DNS server previously had all the access network hosts mapped as
entries following a rule like this:
192.168.0.1 accessnetworkhost1
192.168.0.2 accessnetworkhost2
192.168.0.3 accessnetworkhost3
192.168.0.4 accessnetworkhost4

But after our IP migration, the DNS server was not updated.

Currently I don't have access to the DNS server, and I'd have to
contact IT staff and ask them to add 254 IP entries to the server (I'm
not sure if this can be done by specifying an IP range, I have no clue
about how to configure the DNS server). I was trying to skip this
because I want to avoid this reverse DNS lookup.

Or I could create my own DNS server and add those entries... In any
case, I'd prefer to just turn off reverse dns lookup, if that is
possible. :)

An explanation about the 45 seconds timeout: it is the sum of all
timeouts from each conserver-server when I run console -u (I've
removed usernames from the output):

$ time console -u
lombardiCom1 up xxxxx@10.1.64.1
lombardi7 up xxxxx@10.1.64.13
lombardi6 up xxxxx@10.1.64.1
lombardi5 up <none>
lombardi4 up <none>
lombardi3 up xxxxx@10.1.64.13
lombardi2 up xxxxx@10.1.64.13
lombardi1 up xxxxx@10.1.64.1
lombardi0 up xxxxx@10.1.64.1
console: connect(): 3109@setubal: Connection refused
eneasCom1 up <none>
eneas2 up <none>
adelir5 up <none>
adelir2 up <none>
cortez3 up xxxxx@10.1.64.13
cortez2 up xxxxx@10.1.64.13
cortez1 up <none>
osama1 up <none>
osama4 up xxxxx@10.1.64.13
dalborga0 up <none>

real 0m45.503s
user 0m0.128s
sys 0m0.016s
$

lombardi is the master server (ports belonging to it are preceded by
'lombardi'), while all the other ports are located in other servers
which just refer to lombardi as Master.

Thanks for your feedback :)!
Best Regards
Felipe

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Slow connection time - turning off reverse DNS lookup [ In reply to ]
What do you get if you do nslookup on the different host names? Do you see delays there too?

The reason I ask is that if you indeed have a DNS server responding your replies should be instant. Suppose the DNS server itself has some problems left over from your IP migration. I perused the code briefly and I see nothing that leads me to believe conserver is deliberately trying to look up IP addresses in reverse, other than the regular gethost* functions.

Look at your DNS configuration first. Seems something is broken there.

On Oct 21, 2011, at 9:27 PM, "Felipe Rechia" <feliperechia@gmail.com> wrote:

> Hi Alex!
>
>> Without having the slightest clue about your setup aside from what you've told me, what type of system(s) are we dealing with? For instance, in Solaris you can define search orders in /etc/nsswitch.conf for hosts databases:
>>
>> hosts: files dns
>>
> I am using both conserver-server and client installed as packages for
> ubuntu 10.04.
>
>> Then add the appropriate entries to your /etc/hosts file and things should speed up a bit.
>>
>
> Yes, this works. I've edited the /etc/hosts file of one server to test
> it , but since I have 6 conserver-servers, I'd always have to
> replicate any hostname updates to the /etc/hosts file of all servers.
> Currently I have around 10 different users which could connect from
> different IP addresses from our internal network, and some also from a
> range of IP addresses acquired via DHCP. So I'd have to create lots of
> entries in the files, and I'm currently looking for a simpler option.
>
>> As an aside, it doesn't make much sense to me that you'd get a 45 sec timeout if a DNS server is responding with an NXDOMAIN error. It seems to me that you're looking for DNS servers that aren't responding. I'd check to see if your DNS server settings are correct prior to trying to alter source code to circumvent this behavior.
>>
>
> The DNS server previously had all the access network hosts mapped as
> entries following a rule like this:
> 192.168.0.1 accessnetworkhost1
> 192.168.0.2 accessnetworkhost2
> 192.168.0.3 accessnetworkhost3
> 192.168.0.4 accessnetworkhost4
>
> But after our IP migration, the DNS server was not updated.
>
> Currently I don't have access to the DNS server, and I'd have to
> contact IT staff and ask them to add 254 IP entries to the server (I'm
> not sure if this can be done by specifying an IP range, I have no clue
> about how to configure the DNS server). I was trying to skip this
> because I want to avoid this reverse DNS lookup.
>
> Or I could create my own DNS server and add those entries... In any
> case, I'd prefer to just turn off reverse dns lookup, if that is
> possible. :)
>
> An explanation about the 45 seconds timeout: it is the sum of all
> timeouts from each conserver-server when I run console -u (I've
> removed usernames from the output):
>
> $ time console -u
> lombardiCom1 up xxxxx@10.1.64.1
> lombardi7 up xxxxx@10.1.64.13
> lombardi6 up xxxxx@10.1.64.1
> lombardi5 up <none>
> lombardi4 up <none>
> lombardi3 up xxxxx@10.1.64.13
> lombardi2 up xxxxx@10.1.64.13
> lombardi1 up xxxxx@10.1.64.1
> lombardi0 up xxxxx@10.1.64.1
> console: connect(): 3109@setubal: Connection refused
> eneasCom1 up <none>
> eneas2 up <none>
> adelir5 up <none>
> adelir2 up <none>
> cortez3 up xxxxx@10.1.64.13
> cortez2 up xxxxx@10.1.64.13
> cortez1 up <none>
> osama1 up <none>
> osama4 up xxxxx@10.1.64.13
> dalborga0 up <none>
>
> real 0m45.503s
> user 0m0.128s
> sys 0m0.016s
> $
>
> lombardi is the master server (ports belonging to it are preceded by
> 'lombardi'), while all the other ports are located in other servers
> which just refer to lombardi as Master.
>
> Thanks for your feedback :)!
> Best Regards
> Felipe

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Slow connection time - turning off reverse DNS lookup [ In reply to ]
> What do you get if you do nslookup on the different host names? Do you see delays there too?
>

since the lookup time that I am wasting is in my conserver-server,
here is the output that I get with nslookup and host commands:

felipe.rechia@lombardi:~$ nslookup 10.1.64.2
Server: 10.1.1.185
Address: 10.1.1.185#53

** server can't find 2.64.1.10.in-addr.arpa.: NXDOMAIN

felipe.rechia@lombardi:~$ host 10.1.64.2
Host 2.64.1.10.in-addr.arpa. not found: 3(NXDOMAIN)
felipe.rechia@lombardi:~$



> The reason I ask is that if you indeed have a DNS server responding your replies should be instant.

The replies are indeed immediate. The DNS server simply replies that a
name is not known. The problem is that my conserver-servers keep
trying again to lookup a hostname for my client address, as I've
verified by using wireshark to capture DNS traffic... :(

>Suppose the DNS server itself has some problems left over from your IP migration. I perused the code briefly and I see nothing that leads me to believe conserver is deliberately trying to look up IP addresses in reverse, other than the regular gethost* functions.
>

Well, Chris Fowler has made this statement at the beginning of the
discussion, which makes me think that there is indeed reverse dns
lookup going on:
>>In 7.2.X I had this problem and simply commented out the revers look up.
>>
>>In my use I have no need to know the name that is associated with and
>>address.

I didn't want to have the trouble to update the code and generate new
binaries just to turn off DNS... :(. Maybe that is my only option now.
I was looking for a more user-friendly solution, because I have 6
servers and 10 clients to update now...

> Look at your DNS configuration first. Seems something is broken there.
>
>

It is certainly broken, I don't have name resolution for this ip
address range! But I don't want to have!
I will take a better look at the DNS issue, maybe I could solve it by
using a different approach as suggested by Dirk in another e-mail!

Thanks again for your input :)

Regards
Felipe

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Slow connection time - turning off reverse DNS lookup [ In reply to ]
On Fri, 2011-10-21 at 18:35 -0200, Felipe Rechia wrote:
> It is certainly broken, I don't have name resolution for this ip
> address range! But I don't want to have!
> I will take a better look at the DNS issue, maybe I could solve it by
> using a different approach as suggested by Dirk in another e-mail!
>
>

for i in `seq 1 254`
do
echo "10.1.64.${i} host-10-1-64-${i}.yourdomain.com" >> /etc/hosts
done



_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
Re: Slow connection time - turning off reverse DNS lookup [ In reply to ]
I give up on the point of not using the workaround at the /etc/hosts
file... I was reluctant at first, but your 4-line shell script has
convinced me that it is the easiest way.

Thinking about it, I am feeling quite dumb now. Lol!

>for i in `seq 1 254`
>do
> echo "10.1.64.${i} host-10-1-64-${i}.yourdomain.com" >> /etc/hosts
>done

Thanks for all the quick feedback you guys provided! :)
Cheers
Felipe
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users