Reverse DNS lookups on accept in network

Yitzchak Gale gale at sefer.org
Tue Apr 9 14:54:04 CEST 2013


I noticed that the accept function in the network library,
unlike the underlying C function, does a reverse DNS
lookup every time it accepts a connection.

This seems to be the cause of an acute problem:
Hackage is nearly unusable for people whose ISP
has broken reverse DNS, since every request to
the server delays for 30 seconds or more while
waiting for the broken reverse DNS server to time
out. I know, the ISP should fix it, or the user should
switch to a different ISP, but that isn't always practical.

In particular, Roman, our expert from Odessa, is
experiencing this problem. And he is hosting a
Haskell Hackathon, OdHack, in just a few weeks
time. I am concerned that all participants in the
Hackathon might also be susceptible, which would
be a Very Bad Thing.

I'll note that nowadays it seems to be widely
accepted "best practice" to avoid per-connection
RDNS lookup, e.g., by configuring web servers
to log IP addresses instead of domain names.

So there are two questions here: one is whether
we need a change to the the network and/or
cgi packages (and possibly others), and the other
is how to solve the hackage problem promptly.

My first thought on the first question is to add
a new function acceptRaw or accept' to network
that skips the lookup, and then change cgi to
use it. But I would also support changing accept
itself to skip the lookup always.

Thanks,
Yitz



More information about the Libraries mailing list