Reliable Cloud host ?
david raistrick
drais at icantclick.org
Tue Feb 28 20:50:51 UTC 2012
On Tue, 28 Feb 2012, Owen DeLong wrote:
> But they don't have to... They can simply use getaddrinfo()/getnameinfo()
> and let the OS libraries do it. The fact that some applications choose to
> use their own resolvers instead of system libraries is what is broken.
Not always true - firewall software, for example, generally requires IP
addresses in their rules (ipfw, pfsense, iptables, at least a few years
ago) and for validly sane reasons (even some of our best kernel guys were
not crazy enough to change that for ipfw).
Proxy software that supports high connection rates and connection churn
generally prefer to cache the IP address internally because OS resolvers
and the caches they read from just can't keep up [except in specificly
well designed systems - which proxy developers can't expect blow joe to
know how to do]. A stress test tool I'm working with just had to be
modified for exactly that reason (and because adding more caches in front
of AWS semiauthorative caches (due to split horizon) wouldn't solve
anything. a short TTL is a short TTL is a short TTL....).
Some of those proxy developers claim that within the chrootwhatchamajiggy
that their socket handling code runs they don't have access to the
resolvers - so they have to store them at startup (see haproxy).
--
david raistrick http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org http://www.expita.com/nomime.html
More information about the NANOG
mailing list