[Twisted-Python] New TLS Code *Could* Cause Problems
p.mayers at imperial.ac.uk
Tue Jul 19 05:16:21 MDT 2011
On 07/19/2011 10:51 AM, Reza Lotun wrote:
> would be resolved, bombarding amazon's dns servers with requests. After
> diving in, I learned all Twisted connect* calls go through
> socket.gethostbyname, which apparently does not do any DNS caching (much
> to my surprise) unless something like nscd or a local caching nameserver
> is running (we ended up using BIND).
socket.gethostbyname is just a wrapper around the libc implementation,
and you're correct that it does no caching unless the NSS layer does, or
the DNS query you're talking to does.
> Now, since we never ran a local caching nameserver before I wondered
How did anything work then if you had no local DNS?
> what changed. Could it have been that using the _newtls code (with
> PyOpenSSL 0.12) removed some element of DNS caching that OpenSSL was
> performing behind the scene? Is this possible? If so, then I just wanted
A quick 10-line connectSSL script on my box running 10.1 does a DNS
lookup per-connection. Are you sure this behaviour has changed?
> to make sure everyone was aware that if you make a lot of DNS calls in a
> Twisted server running this code, you too could experience problems if
> you're not running a local caching nameserver.
Well, TBH if you're not running a local caching nameserver, I am failing
to see how anything works!
More information about the Twisted-Python