Re: ipset causes reverse dns lookups?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 16/04/2012 09:08, Jozsef Kadlecsik wrote:
Hostname and IP address are both supported as input and resolved internally by getaddrinfo. That can generate DNS lookups, depeding on the resolver library. What kind of system do you use, with which resolver/libc version?
Thanks so much for replying!This is a uclibc 0.9.33.1 system, x86. Resolver chain is /etc/hosts, then dns. Local dnsmasq is installed.
I can very clearly observe that on something like "ipset add", if I add something that isn't quite an IP address then it generates a name lookup. What I'm confused by is why the reverse ip lookup for the ip address? I have traced it back I think to the parser.c code, but I concede I'm stuck understanding even what is generating the lookup? You mention resolver, so presumably it's a side effect of some other call, but could you spare a minute to explain the trigger please? (just interested in the background in case it occurs elsewhere?)
I could suppress DNS lookups with the price of calling twice getaddrinfo.
You are presumably giving me a clue as the source here!It would not appear to be a significant performance decrease for the normal situation to call twice? Given the outside edge case of 1+ min delays I'm definitely interested in such a change?
Is there any chance of a tentative patch or at least a stronger hint at what I should change in order that I could deploy something quite imminently? Its become a bit of a blocker here... Obviously I'm asking with as much icing as possible and a huge cherry on top...
Thanks Jozsef Ed W -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html