Use of pool servers reveals unacceptable crash rate in async DNS

Eric S. Raymond esr at thyrsus.com
Sat Jun 25 15:00:39 UTC 2016 

Yesterday I pushed some erroneous commits that got out because my
smoke-test procedure was throwing false negatives. To deal with this,
I've improved the way I test; everything now gets tried on snark
before being pushed to the public repo so the test farm machines can
see it.

While this did enable me to recover from my errors, it also turned up
a serious problem.  The combination of the buggy async-DNS code we
inherited from Classic and use of pool servers causes *very* frequent
crashes.

I was getting hints of this last week, but my test setup on snark has
flushed it into the open.  This is a release blocker.  As I see it, we
have only the following alternatives:

1. Apply Classic's workaround for the problem, which I don't remember
the details of but involved some dodgy nonstandard linker hacks done
through the build system.  *However, I did not trust this method when
I understood it.* It seemed sure to cause porting difficulties and is
inherently fragile.

2. Fix the actual problem. Well, that'd be nice, but Hal looked into
it months ago and said he understood it but couldn't generate a fix.
IIRC, he said it needed a full rewrite.  That tells me the code is
probably not salvageable.

3. Drop the asynchronous-DNS support entirely. This is sure to work,
we know that code path is solid.  It will have performance
implications, though.  Clock updates will stall while DNS lookups are
completing.  This is not really a problem at startup, but potentially
could be when a pool server drpops out and ntpd needs to re-aacquire one.

4. Drop the Classic lookup code and use the non-standardized
getaddrinfo_a() async DNS lookup in glibc. Means we won't get
async lookup on some odd toolchains, but we get a well-tested
implementation and to drop a lot of nasty code with known bugs.

I favor #4.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

The biggest hypocrites on gun control are those who live in upscale
developments with armed security guards -- and who want to keep other
people from having guns to defend themselves.  But what about
lower-income people living in high-crime, inner city neighborhoods?
Should such people be kept unarmed and helpless, so that limousine
liberals can 'make a statement' by adding to the thousands of gun laws
already on the books?"
	--Thomas Sowell

More information about the devel mailing list