| commit | d497d7e4a796c6bda153e7f10fe9478724b855ab | |
| author | Roland C. Dowdeswell <roland.dowdeswell@twosigma.com> | |
| Fri, 10 May 2019 18:13:26 +0000 (10 19:13 +0100) | ||
| committer | Jeffrey Altman <jaltman@auristor.com> | |
| Tue, 14 May 2019 19:52:01 +0000 (14 15:52 -0400) | ||
| tree | d6b36c1d88530be97a5637bad55e71b9edf1680c | treesnapshot (tar.gz zip) |
| parent | 5ca229e0d9c19699eb39345a2a8513a956518cb7 | commitdiff |
krb5_sendto_kdc: failover for multiple AAAA/A RRs on one domain
We found that the libraries behaviour when dealing with domains with
more than one entry in them is slightly suboptimal. The situation
was
kdc1 IN A 1.2.3.4
kdc1 IN AAAA ff02::1
I.e. a single hostmame with both IPv6 and IPv4 addresses. When we
run krb5_sendto_kdc on a box with only IPv4 addresses, there is a
3s delay before it fails back to the IPv4 address. This is because
the library sets the 2nd address on each hostname to be 3s in the
future and each additional one another 3s.
We change wait_response() s.t. if one is able to make progress, we
iterate over the list of hosts and move them all 1s forward. We
also modify submit_request() to skip hosts if host_connect() fails.
We found that the libraries behaviour when dealing with domains with
more than one entry in them is slightly suboptimal. The situation
was
kdc1 IN A 1.2.3.4
kdc1 IN AAAA ff02::1
I.e. a single hostmame with both IPv6 and IPv4 addresses. When we
run krb5_sendto_kdc on a box with only IPv4 addresses, there is a
3s delay before it fails back to the IPv4 address. This is because
the library sets the 2nd address on each hostname to be 3s in the
future and each additional one another 3s.
We change wait_response() s.t. if one is able to make progress, we
iterate over the list of hosts and move them all 1s forward. We
also modify submit_request() to skip hosts if host_connect() fails.
| lib/krb5/send_to_kdc.c | diffblobblamehistory |