Re: [chrony-users] hostnames vs. IP address in chrony.conf

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:

I feel like we've been over this sufficiently to solve the problem. Chrony could near-trivially poll the resolver when required with such a mechanism being rate limited if you're worried about syscall performance, and the history can remain IP-keyed.

Again this is not exactly a new problem so it should not be outside of chrony's capabilities. No other application has trouble with such a design as far as I'm aware.


ntpd has similar problems.


Tom



----- Reply message -----
From: "Bill Unruh" <unruh@xxxxxxxxxxxxxx>
To: <chrony-users@xxxxxxxxxxxxxxxxxxxx>
Subject: [chrony-users] hostnames vs. IP address in chrony.conf
Date: Tue, Oct 30, 2012 22:16


On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:

Chrony does not need to know. The OS's DNS resolver knows. Chrony merely needs to use it. This problem was solved decades ago.

Of course the resolver knows. The problem is that chrony does NOT query the
resolver on every packet exchange, AND chrony uses the IP address to remember
the history of the interaction with the server. If chrony queried the resolver
at each packet, then this whole discussion would be moot. But that is
increases the network load of chrony by abn order of magnitude, AND it means
that one has to have some other way of remembering the history.



That ntp servers may or may not switch IPs "often" is a detail that chrony as an application is not in a position to make judgements about.

For the above reasons, yes, chrony MUST make a judgement about it precisely
because it keeps a history which can extend back days.

Chrony ( and ntpd) is not Markovian. Its behaviour depends not only on the
current packet being exchanged, but on the history. Thus it needs to have a
way of associating current packets exchanged with previous packets exchanged.
and the way it does that is via the IP address.




Tom

----- Reply message -----
From: "Bill Unruh" <unruh@xxxxxxxxxxxxxx>
To: <chrony-users@xxxxxxxxxxxxxxxxxxxx>
Subject: [chrony-users] hostnames vs. IP address in chrony.conf
Date: Tue, Oct 30, 2012 21:08


On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:

Bill

It should work the same way as every other piece of network-enabled software in the world, by implicitly picking up DNS changes the next time the domain's TTL expires, rather than doing so never.


Unfortunately software has to work explicitly, not implicitly. Exactly how is
chrony to know that the domain's TTL has expired? The only way I know to do
that is if it makes a dns request every time it wants to send a message.
That is the way most network enabled software works. But for something like
chrony that multiplies the network load by a large factor for very little
benefit since the IP address of ntp servers rarely changes.


Regards
Tom



----- Reply message -----
From: "Bill Unruh" <unruh@xxxxxxxxxxxxxx>
To: <chrony-users@xxxxxxxxxxxxxxxxxxxx>
Subject: [chrony-users] hostnames vs. IP address in chrony.conf
Date: Tue, Oct 30, 2012 20:46


On Tue, 30 Oct 2012, John.Florian@xxxxxxxx wrote:

Bill Unruh <unruh@xxxxxxxxxxxxxx> wrote on 10/30/2012 15:45:14:

On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:

On 30/10/2012 19:21, Bill Unruh wrote:
 On Tue, 30 Oct 2012, Tomalak Geret'kal wrote:

 Could chronyd not be made to pay attention to the TTL of the IPs
it
 resolves?
 That would /truly/ be "using IP to make that association".

 What is the "TTL of the IPs it resolves"?
Let me be clearer, then.

Every domain name has a TTL, short for "time to live". When chrony
resolves a
domain name to its IP, could it not be made to abide by this TTL and
re-resolve the domain name when it expires? This is the way that
every other
domain resolver in the world works, and is the fundamental
underpinning of
the Domain Name System.

So you want to saddle chrony with a whole bunch of resolver software as
well?
It is complex enough as it is ( remember that every addition to the code
doubles the probability of bugs.)
Remember KISS.

I don't follow you here.  Surely there isn't a resolver of any kind in
chronyd is there?  I would expect nothing more than a call to
getaddrinfo() or getnameinfo() -- I know far more about DNS resolution
than the C library -- to be present in chronyd.  All of the actual DNS
querying, /etc/host examination, caching and preference handling should
come automatically.  To me, that would be KISS; like let something else
handle this.

Agreed except that the suggestion was that chrony keep track of the time to
live of the addresses ( which as far as I know is not part of the getaddrinfo
returned info) in order to tell it when it should requery the IP address for a
hostname. The problem is that the change in the IP address need not occur only
after that time expires. You can, and the suggestions was that the person did,
change the IP address at any  time. How is chrony to know that. The time to
live certainly does not give that info ( and even if it did, chrony would not
have that information).

So chrony goes out and gets the IP addreess for a hostname. It then uses that
addresses both to send out queries and to record the history of responses to
the ntp packets. That is all it has. Now, exactly what protocol should chrony
follow in order to be able to catch that the IP address of the server has
changed? time to live does not seem suitable. Does it wait until the one
packet has failed to return? (that would again seem to load things down with
dns queries on poor networks, which would seem to make things worse). Does it
scrap the history of a IP address as soon as it cannot connect? How many times
should it not connect before it scraps the history? Etc. There are a lot of
issues here.

Now I think that the latest chrony does have some heuristic for reconnection
and re querying the dns, but cannot remember it well enough right now to say
for sure, or know what it is.








--
William G. Unruh   |  Canadian Institute for|     Tel: +1(604)822-3273
Physics&Astronomy  |     Advanced Research  |     Fax: +1(604)822-5324
UBC, Vancouver,BC  |   Program in Cosmology |     unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1     |      and Gravity       |  www.theory.physics.ubc.ca/

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject. For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/