[INN] #76: innd doesn't honor DNS TTLs

INN rra at stanford.edu
Thu Dec 25 19:44:50 UTC 2008


#76: innd doesn't honor DNS TTLs
------------------------+---------------------------------------------------
 Reporter:  eagle       |        Owner:  eagle
     Type:  defect      |       Status:  new  
 Priority:  low         |    Milestone:       
Component:  innd        |      Version:       
 Severity:  normal      |   Resolution:       
 Keywords:  compliance  |  
------------------------+---------------------------------------------------
Changes (by iulius):

  * keywords:  => compliance


Comment:

 RFC 3977 says:

     If NNTP clients or servers cache the results of host name lookups in
 order to achieve a performance improvement, they MUST observe the TTL
 information reported by DNS.

 innd caches DNS lookups when reading incoming.conf and doesn't refresh its
 knowledge of DNS except when incoming.conf is reloaded.

 Impact:  An explicit reload is required whenever the IP address of any
 peer changes, and in the presence of network renumbering innd is
 vulnerable to spoofing if DNS is the only authentication mechanism used.

 Suggested fix:  This is hard to fix without unacceptable performance
 impact.  The only good fix is to either fork a separate helper process to
 do DNS lookups (since gethostbyname may block for essentially an
 arbitrarily long period) or to use the direct resolver library so that one
 can get access to a file descriptor and throw it into the select loop.
 Either way, this requires keeping a DNS file descriptor in the main select
 loop and updating knowledge of DNS periodically, which is a substantial
 amount of additional complexity.

-- 
Ticket URL: <http://inn.eyrie.org/trac/ticket/76#comment:1>
INN <http://www.eyrie.org/~eagle/software/inn/>
InterNetNews


More information about the inn-bugs mailing list