Hi Yann,2016-05-28 0:31 GMT+02:00 Yann Ylavic <ylavic.dev@xxxxxxxxx>:Hi Luca,
On Mon, May 23, 2016 at 2:21 PM, Luca Toscano <toscano.luca@xxxxxxxxx> wrote:
>
> I replied to the comment that you pointed out with Jim's answer and I
> updated the trunk documentation with a note about DNS resolution:
>
> http://httpd.apache.org/docs/trunk/mod/mod_proxy.html#workers
>
> HTML diff only:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_proxy.html.en?r1=1745170&r2=1745169&pathrev=1745170
I don't think this is correct.
When disablereuse is true (including the default workers), the DNS
resolution occurs for each connection.
But when mod_proxy is reusing connections (including addresses), each
worker/backend address is resolved only once per child process, and
reused for all further connections (until the child is recycled).
AIUI, this is not related to the TTL.Thanks a lot for the explanation and for the info. So httpd does cache origin DNS resolution and there is no way to control it via mod-proxy settings (maybe the only thing that could be used is MaxConnectionsPerChild?).
>From ap_proxy_determine_connection():
/*
* Worker can have the single constant backend adress.
* The single DNS lookup is used once per worker.
* If dynamic change is needed then set the addr to NULL
* inside dynamic config to force the lookup.
*/
AFAICT, nothing sets "addr to NULL" anywhere in httpd, that would be
racy anyway.
There is indeed a worker 'is_address_reusable' flag distinct from
'disablereuse', but it is not exposed to the admin and seems to be
internally mapped to 'disablereuse'.
I have a patch which introduces 'addressTTL' if one is interested, but
it's not that simple because it addresses the race locklessly (and
leaklessly :), thus with refcounting, address pool...If I got everything correctly, the description of the TTL might be a bit misleading because it is not clear IMHO that the DNS resolution won't be performed:"Time to live for inactive connections and associated connection pool entries, in seconds. Once reaching this limit, a connection will not be used again; it will be closed at some later time."What would happen when an admin performs a change of the origin DNS A or AAAA record? If httpd doesn't happen to recycle workers at that time it will try to connect to the old IP address probably triggering a 502 due to timeouts or connection failures right?The perfect thing, IMHO, would be to force the DNS resolution every time a new connection to origin needs to be performed (transparently to all the options), but as you mentioned the implementation could be messy and I am not sure how many people would like this feature.Anyhow, I'll wait for some replies to check that I got everything correctly and then I'll updated the documentation (unless somebody wants to do it before me).
|