Re: Fedora 34 Change proposal: Remove and deprecate nscd in favour of sssd and systemd-resolved (Self-Contained Change)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On So, 15.11.20 15:36, Samuel Sieb (samuel@xxxxxxxx) wrote:

> On 11/15/20 7:31 AM, Lennart Poettering wrote:
> > Implementing this does not come without drawbacks though: right now
> > resolved tries hard to use the same server if at all possible, since
> > we want to use newer DNS features if possible, but many DNS servers
> > (wifi routers, yuck) tend to support them quite badly. This means
> > resolved has an elaborate scheme to learn about the feature set of the
> > DNS servers it contacts. And that can be slow, in particular on
> > servers where we step-by-step have to downgrade to the most minimal of
> > DNS protocols. This learning phase is run only when first contacting
> > some server (and after some grace period). If we'd switch servers all
> > the time, for every single lookup, then we'd start from zero every
> > time, not knowing what the server supports, and thus having to learn
> > about it over and over again. This would hence make all,
> > *every*single* transaction pretty slow. And that sucks.
>
> Wouldn't you just need to do it once for each server and cache that info?
> And why do you need to re-do the learning phase for a server you've already
> checked?

We do remember that. But if you stick to talking to one server for 500
transactions, you will have one slow lookup, the initial one that
needs to probe the feature set, plus 499 speedy ones. If you however
spread your 500 lookups over 250 servers, you will get 250 slow looups
plus 250 speedy ones — all in the worst case. Simply becaue we then
need to probe 250 servers for the first time... (See other mail)

> > DoT becomes efficient when we can reuse the established TCP/TLS connection
> > for multiple lookups. But if we'd switch servers all the time, then of
> > course there's no reuse of TCP/TLS connections possible.
>
> Same thing here.  Would it be a problem to keep a connection open for each
> server?

We keep one connection open for each server, if it let's us. Typically
they don't let us keep it open for long though. if you have actually
have a ton of servers and distribute lookups over all of them, it
decreases the chance of connection reuse, and thus increases the
chance that connections will go idle from perspective of the server
operator, and thus will be disconnected. Given the short idle timeouts
of popular servers such as 8.8.8.8 this actually matters a lot.

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux