You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/04/30 20:13:19 UTC
[GitHub] [pulsar] lhotari opened a new pull request, #15403: [Proxy/Client] Fix DNS server denial-of-service issue when DNS entry expires
lhotari opened a new pull request, #15403:
URL: https://github.com/apache/pulsar/pull/15403
### Motivation
- `DnsNameResolver` doesn't coordinate concurrency and this leads to DNS server DoS
under high load
Dns lookups will timeout since the DNS server will get overloaded and won't be able to respond in time.
Example error message `query via UDP timed out after 5000 milliseconds`:
```
Caused by: io.netty.resolver.dns.DnsResolveContext$SearchDomainUnknownHostException: Failed to resolve 'pulsar-testenv-pulsar-broker-2.pulsar-testenv-pulsar-broker.pulsar-testenv.svc.cluster.local' and search domain query for configured domains failed as well: [pulsar-testenv.svc.cluster.local, svc.cluster.local, cluster.local]
at io.netty.resolver.dns.DnsResolveContext.finishResolve(DnsResolveContext.java:1047) ~[io.netty-netty-resolver-dns-4.1.76.Final.jar:4.1.76.Final]
... 22 more
Caused by: io.netty.resolver.dns.DnsNameResolverTimeoutException: [/172.30.183.10:53] query via UDP timed out after 5000 milliseconds (no stack trace available)
```
- In Netty, `DnsAddressResolverGroup` internally uses internal `InflightNameResolver`
class to address the problem
### Modification
- use DnsAddressResolverGroup instead of instantiating DnsNameResolver directly
### Additional context
Similar issue in AsyncHttpClient: https://github.com/AsyncHttpClient/async-http-client/issues/1650
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] Technoboy- merged pull request #15403: [Proxy/Client] Fix DNS server denial-of-service issue when DNS entry expires
Posted by GitBox <gi...@apache.org>.
Technoboy- merged PR #15403:
URL: https://github.com/apache/pulsar/pull/15403
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on pull request #15403: [Proxy/Client] Fix DNS server denial-of-service issue when DNS entry expires
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on PR #15403:
URL: https://github.com/apache/pulsar/pull/15403#issuecomment-1118847730
I'm a bit late, but LGTM.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org