New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Requests take too long due to reverse DNS #234

Closed
tomasol opened this Issue Dec 15, 2015 · 3 comments

Comments

Projects
None yet
2 participants
@tomasol

tomasol commented Dec 15, 2015

Hi. I am using jolokia 1.1.2 but I think this applies to latest HEAD as well:
When I issue curl requests from localhost, everything works fine.
When I connect from remote machine, each response has a noticable delay of ~5 seconds. I made a thread dump and it looks like address.getHostName() in JolokiaHttpHandler is taking most of that time - seems like a request for reverse DNS is made there. Is there a way to avoid this?

  java.lang.Thread.State: RUNNABLE 
at java.net.Inet6AddressImpl.getHostByAddr(Native Method) 
at java.net.InetAddress$1.getHostByAddr(InetAddress.java:898) 
at java.net.InetAddress.getHostFromNameService(InetAddress.java:583) 
at java.net.InetAddress.getHostName(InetAddress.java:525) 
at java.net.InetAddress.getHostName(InetAddress.java:497) 
at java.net.InetSocketAddress$InetSocketAddressHolder.getHostName(InetSocketAddress.java:82) 
at java.net.InetSocketAddress$InetSocketAddressHolder.access$600(InetSocketAddress.java:56) 
at java.net.InetSocketAddress.getHostName(InetSocketAddress.java:345) 
at org.jolokia.jvmagent.JolokiaHttpHandler.handle(JolokiaHttpHandler.java:119) 
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77) 
at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:83) 
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:80) 
at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:668) 
at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:77) 
at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:640) 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
at java.lang.Thread.run(Thread.java:722)
@rhuss

This comment has been minimized.

Owner

rhuss commented Dec 15, 2015

I see you point but this is currently not possible.

The reason why a reverse DNS lookup happens is that the hostname can be configured in a policy file to restrict the access only from certain hosts. In the policy file you can set either the IP or the hostname.

In order to keep backwards compatibility the check against the hostname can not be removed by default but I could imagine to introduce a property noDnsReverseLookup to switch off this particular check (and anything which would do a reverse lookup, too.

@rhuss rhuss added this to the 1.3.3 milestone Dec 15, 2015

@tomasol

This comment has been minimized.

tomasol commented Dec 15, 2015

I agree with your proposal, thanks

rhuss added a commit that referenced this issue Jan 23, 2016

#234 : Add new option 'allowDnsReverseLookup'
During a restrictor check by default the hostname is determined which might cause a reverse DNS lookup. In order to avoid this (e.g. because there is nor restriction on the hostname), this configuration property can be set to `false`.
For backwards compatibility it is set to `true` but will change to `false` in Jolokia 2.0
@rhuss

This comment has been minimized.

Owner

rhuss commented Apr 13, 2016

Fixed in 1.3.3

@rhuss rhuss closed this Apr 13, 2016

@rhuss rhuss modified the milestones: 1.3.3, 1.3.4 Apr 13, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment