[INN] #76: innd doesn't honor DNS TTLs
INN
rra at stanford.edu
Thu Dec 25 19:44:50 UTC 2008
#76: innd doesn't honor DNS TTLs
------------------------+---------------------------------------------------
Reporter: eagle | Owner: eagle
Type: defect | Status: new
Priority: low | Milestone:
Component: innd | Version:
Severity: normal | Resolution:
Keywords: compliance |
------------------------+---------------------------------------------------
Changes (by iulius):
* keywords: => compliance
Comment:
RFC 3977 says:
If NNTP clients or servers cache the results of host name lookups in
order to achieve a performance improvement, they MUST observe the TTL
information reported by DNS.
innd caches DNS lookups when reading incoming.conf and doesn't refresh its
knowledge of DNS except when incoming.conf is reloaded.
Impact: An explicit reload is required whenever the IP address of any
peer changes, and in the presence of network renumbering innd is
vulnerable to spoofing if DNS is the only authentication mechanism used.
Suggested fix: This is hard to fix without unacceptable performance
impact. The only good fix is to either fork a separate helper process to
do DNS lookups (since gethostbyname may block for essentially an
arbitrarily long period) or to use the direct resolver library so that one
can get access to a file descriptor and throw it into the select loop.
Either way, this requires keeping a DNS file descriptor in the main select
loop and updating knowledge of DNS periodically, which is a substantial
amount of additional complexity.
--
Ticket URL: <http://inn.eyrie.org/trac/ticket/76#comment:1>
INN <http://www.eyrie.org/~eagle/software/inn/>
InterNetNews
More information about the inn-bugs
mailing list