Reliable Cloud host ?

david raistrick drais at icantclick.org
Tue Feb 28 20:50:51 UTC 2012


On Tue, 28 Feb 2012, Owen DeLong wrote:

> But they don't have to... They can simply use getaddrinfo()/getnameinfo()
> and let the OS libraries do it. The fact that some applications choose to
> use their own resolvers instead of system libraries is what is broken.

Not always true - firewall software, for example, generally requires IP 
addresses in their rules (ipfw, pfsense, iptables, at least a few years 
ago) and for validly sane reasons (even some of our best kernel guys were 
not crazy enough to change that for ipfw).


Proxy software that supports high connection rates and connection churn 
generally prefer to cache the IP address internally because OS resolvers 
and the caches they read from just can't keep up [except in specificly 
well designed systems - which proxy developers can't expect blow joe to 
know how to do].  A stress test tool I'm working with just had to be 
modified for exactly that reason (and because adding more caches in front 
of AWS semiauthorative caches (due to split horizon) wouldn't solve 
anything.  a short TTL is a short TTL is a short TTL....).

Some of those proxy developers claim that within the chrootwhatchamajiggy 
that their socket handling code runs they don't have access to the 
resolvers - so they have to store them at startup (see haproxy).



--
david raistrick        http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org             http://www.expita.com/nomime.html





More information about the NANOG mailing list