linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Chuck Lever <chuck.lever@oracle.com>
To: David Howells <dhowells@redhat.com>
Cc: Florian Weimer <fweimer@redhat.com>,
	Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
	linux-cifs@vger.kernel.org, linux-afs@lists.infradead.org,
	ceph-devel@vger.kernel.org, keyrings@vger.kernel.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: What's a good default TTL for DNS keys in the kernel
Date: Thu, 16 Apr 2020 09:40:30 -0400	[thread overview]
Message-ID: <8DC44895-E904-4155-B7B8-B109A777F23C@oracle.com> (raw)
In-Reply-To: <128769.1587032833@warthog.procyon.org.uk>

Hi David-

> On Apr 16, 2020, at 6:27 AM, David Howells <dhowells@redhat.com> wrote:
> 
> Florian Weimer <fweimer@redhat.com> wrote:
> 
>> You can get the real TTL if you do a DNS resolution on the name and
>> match the addresses against what you get out of the NSS functions.  If
>> they match, you can use the TTL from DNS.  Hackish, but it does give you
>> *some* TTL value.
> 
> I guess I'd have to do that in parallel.  Would calling something like
> res_mkquery() use local DNS caching?
> 
>> The question remains what the expected impact of TTL expiry is.  Will
>> the kernel just perform a new DNS query if it needs one?  Or would you
>> expect that (say) the NFS client rechecks the addresses after TTL expiry
>> and if they change, reconnect to a new NFS server?
> 
> It depends on the filesystem.

Agreed. For example:

The Linux NFS client won't connect to a new server when the server's
DNS information changes. A fresh mount operation would be needed for
the client to recognize and make use of it.

There are mechanisms in the NFSv4 protocol to collect server IP addresses
from the server itself (fs_locations) and then try those locations if the
current server fails to respond. But currently that is not implemented in
Linux (and servers would need to be ready to provide that kind of update).


> AFS keeps track of the expiration on the record and will issue a new lookup
> when the data expires, but NFS doesn't make use of this information.  The
> keyring subsystem will itself dispose of dns_resolver keys that expire and
> request_key() will only upcall again if the key has expired.

Our NFS colleagues working on Solaris have noted that handling the expiry
of DNS information can be tricky. It is usually desirable to continue using
expired information when a new DNS query fails temporarily (times out, or
the network is partitioned, etc). That makes for a more robust network file
service.


> The problem for NFS is that the host IP address is the primary key for the
> superblock (see nfs_compare_super_address()).

I thought that NFSv4.1 and newer have server-provided unique information
that might be used in place of the server's IP address. This information
is supposed to be independent of a server's network addresses.


> CIFS also doesn't make direct use of the TTL, and again this may be because it
> uses the server address as part of the primary key for the superblock (see
> cifs_match_super()).

--
Chuck Lever




  parent reply	other threads:[~2020-04-16 14:01 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-14 14:20 What's a good default TTL for DNS keys in the kernel David Howells
2020-04-14 20:16 ` Jeff Layton
2020-04-15 17:07   ` Steve French
2020-04-16 10:15   ` David Howells
2020-04-15  9:44 ` Florian Weimer
2020-04-16 10:27 ` David Howells
2020-04-16 10:33   ` Florian Weimer
2020-04-16 13:01   ` David Howells
2020-04-16 13:40   ` Chuck Lever [this message]
2020-04-17 11:31     ` Aurélien Aptel
2020-04-17 23:23 ` Steve French
2020-04-18 18:10   ` Florian Weimer
2020-04-19  4:53     ` Steve French
2020-04-19  8:37 ` David Howells
2020-04-20  0:58   ` Paulo Alcantara
2020-04-20 13:13   ` David Howells
2020-04-20 18:21     ` Paulo Alcantara
2020-04-20 22:14     ` cifs - Race between IP address change and sget()? David Howells
2020-04-20 22:30       ` Jeff Layton
2020-04-21  1:29         ` Ronnie Sahlberg
2020-04-21  2:26           ` Steve French
2020-04-21  2:29         ` Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8DC44895-E904-4155-B7B8-B109A777F23C@oracle.com \
    --to=chuck.lever@oracle.com \
    --cc=ceph-devel@vger.kernel.org \
    --cc=dhowells@redhat.com \
    --cc=fweimer@redhat.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).