Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Add experimental support for TLS asynchronous engines #10734

Merged
merged 11 commits into from
Dec 15, 2021

Conversation

rgacogne
Copy link
Member

Short description

Tested with the Intel QAT engine on a C3XXX, where it seems to reduce the CPU usage significantly, to a third of the CPU usage seen in normal mode.
At the moment this is only implemented for incoming DNS over TLS, but it should not be too hard to implement for outgoing DNS over TLS and outgoing DNS over HTTPS. Incoming DNS over HTTPS would be more tricky since it requires implementing the feature in libh2o as well.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne
Copy link
Member Author

SSL_waiting_for_async and friends require OpenSSL >= 1.1.0, I'll need to handle that.

@rgacogne rgacogne force-pushed the ddist-async-tls branch 2 times, most recently from 6ecc3b7 to c5a01f9 Compare September 23, 2021 07:23
@rgacogne
Copy link
Member Author

Rebased to fix CI failures (missing promtool).

Copy link
Member

@omoerbeek omoerbeek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reviewed this concentrating mostly on two questions:

  • Does it build with libressl (it does)
  • Does it not breakk the non-async way of doing things (it does not)

As for the async code itself: I never worked with that libssl mode, so it's new territory. I will try to look at that part in a next round of review later.

pdns/libssl.cc Outdated Show resolved Hide resolved
pdns/libssl.cc Outdated Show resolved Hide resolved
pdns/tcpiohandler.hh Show resolved Hide resolved
pdns/libssl.cc Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
pdns/dnsdist-lua.cc Outdated Show resolved Hide resolved
pdns/dnsdist-tcp.cc Outdated Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
@rgacogne
Copy link
Member Author

rgacogne commented Dec 3, 2021

I rebased that PR on master to fix the conflicts then applied the suggestions made during code review.

@rgacogne
Copy link
Member Author

@omoerbeek Do you want to take a new look at this PR before I merge it? d10c305 in particular affects the recursor.

@rgacogne rgacogne merged commit 0a5139f into PowerDNS:master Dec 15, 2021
@rgacogne rgacogne deleted the ddist-async-tls branch December 15, 2021 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants