Re: [chrony-users] hostnames vs. IP address in chrony.conf

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


I feel like we've been over this sufficiently to solve the problem. Chrony could near-trivially poll the resolver when required with such a mechanism being rate limited if you're worried about syscall performance, and the history can remain IP-keyed.

Again this is not exactly a new problem so it should not be outside of chrony's capabilities. No other application has trouble with such a design as far as I'm aware.

Tom



----- Reply message -----
From: "Bill Unruh" <unruh@xxxxxxxxxxxxxx>
To: <chrony-users@xxxxxxxxxxxxxxxxxxxx>
Subject: [chrony-users] hostnames vs. IP address in chrony.conf
Date: Tue, Oct 30, 2012 22:16


On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:

> Chrony does not need to know. The OS's DNS resolver knows. Chrony merely needs to use it. This problem was solved decades ago.

Of course the resolver knows. The problem is that chrony does NOT query the
resolver on every packet exchange, AND chrony uses the IP address to remember
the history of the interaction with the server. If chrony queried the resolver
at each packet, then this whole discussion would be moot. But that is
increases the network load of chrony by abn order of magnitude, AND it means
that one has to have some other way of remembering the history.


>
> That ntp servers may or may not switch IPs "often" is a detail that chrony as an application is not in a position to make judgements about.

For the above reasons, yes, chrony MUST make a judgement about it precisely
because it keeps a history which can extend back days.

Chrony ( and ntpd) is not Markovian. Its behaviour depends not only on the
current packet being exchanged, but on the history. Thus it needs to have a
way of associating current packets exchanged with previous packets exchanged.
and the way it does that is via the IP address.



>
> Tom
>
> ----- Reply message -----
> From: "Bill Unruh" <unruh@xxxxxxxxxxxxxx>
> To: <chrony-users@xxxxxxxxxxxxxxxxxxxx>
> Subject: [chrony-users] hostnames vs. IP address in chrony.conf
> Date: Tue, Oct 30, 2012 21:08
>
>
> On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:
>
>> Bill
>>
>> It should work the same way as every other piece of network-enabled software in the world, by implicitly picking up DNS changes the next time the domain's TTL expires, rather than doing so never.
>>
>
> Unfortunately software has to work explicitly, not implicitly. Exactly how is
> chrony to know that the domain's TTL has expired? The only way I know to do
> that is if it makes a dns request every time it wants to send a message.
> That is the way most network enabled software works. But for something like
> chrony that multiplies the network load by a large factor for very little
> benefit since the IP address of ntp servers rarely changes.
>
>
>> Regards
>> Tom
>>
>>
>>
>> ----- Reply message -----
>> From: "Bill Unruh" <unruh@xxxxxxxxxxxxxx>
>> To: <chrony-users@xxxxxxxxxxxxxxxxxxxx>
>> Subject: [chrony-users] hostnames vs. IP address in chrony.conf
>> Date: Tue, Oct 30, 2012 20:46
>>
>>
>> On Tue, 30 Oct 2012, John.Florian@xxxxxxxx wrote:
>>
>>> Bill Unruh <unruh@xxxxxxxxxxxxxx> wrote on 10/30/2012 15:45:14:
>>>>
>>>> On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:
>>>>
>>>>> On 30/10/2012 19:21, Bill Unruh wrote:
>>>>>>  On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:
>>>>>>
>>>>>>>  Could chronyd not be made to pay attention to the TTL of the IPs
>>> it
>>>>>>>  resolves?
>>>>>>>  That would /truly/ be "using IP to make that association".
>>>>>>
>>>>>>  What is the "TTL of the IPs it resolves"?
>>>>> Let me be clearer, then.
>>>>>
>>>>> Every domain name has a TTL, short for "time to live". When chrony
>>>> resolves a
>>>>> domain name to its IP, could it not be made to abide by this TTL and
>>>>> re-resolve the domain name when it expires? This is the way that
>>>> every other
>>>>> domain resolver in the world works, and is the fundamental
>>> underpinning of
>>>>> the Domain Name System.
>>>>
>>>> So you want to saddle chrony with a whole bunch of resolver software as
>>> well?
>>>> It is complex enough as it is ( remember that every addition to the code
>>>> doubles the probability of bugs.)
>>>> Remember KISS.
>>>
>>> I don't follow you here.  Surely there isn't a resolver of any kind in
>>> chronyd is there?  I would expect nothing more than a call to
>>> getaddrinfo() or getnameinfo() -- I know far more about DNS resolution
>>> than the C library -- to be present in chronyd.  All of the actual DNS
>>> querying, /etc/host examination, caching and preference handling should
>>> come automatically.  To me, that would be KISS; like let something else
>>> handle this.
>>
>> Agreed except that the suggestion was that chrony keep track of the time to
>> live of the addresses ( which as far as I know is not part of the getaddrinfo
>> returned info) in order to tell it when it should requery the IP address for a
>> hostname. The problem is that the change in the IP address need not occur only
>> after that time expires. You can, and the suggestions was that the person did,
>> change the IP address at any  time. How is chrony to know that. The time to
>> live certainly does not give that info ( and even if it did, chrony would not
>> have that information).
>>
>> So chrony goes out and gets the IP addreess for a hostname. It then uses that
>> addresses both to send out queries and to record the history of responses to
>> the ntp packets. That is all it has. Now, exactly what protocol should chrony
>> follow in order to be able to catch that the IP address of the server has
>> changed? time to live does not seem suitable. Does it wait until the one
>> packet has failed to return? (that would again seem to load things down with
>> dns queries on poor networks, which would seem to make things worse). Does it
>> scrap the history of a IP address as soon as it cannot connect? How many times
>> should it not connect before it scraps the history? Etc. There are a lot of
>> issues here.
>>
>> Now I think that the latest chrony does have some heuristic for reconnection
>> and re querying the dns, but cannot remember it well enough right now to say
>> for sure, or know what it is.
>>
>>
>>
>
>

--
William G. Unruh   |  Canadian Institute for|     Tel: +1(604)822-3273
Physics&Astronomy  |     Advanced Research  |     Fax: +1(604)822-5324
UBC, Vancouver,BC  |   Program in Cosmology |     unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1     |      and Gravity       |  www.theory.physics.ubc.ca/

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/