Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[core] add a DNS cache #3197

Merged
merged 9 commits into from
Mar 8, 2017
Merged

[core] add a DNS cache #3197

merged 9 commits into from
Mar 8, 2017

Conversation

truthbk
Copy link
Member

@truthbk truthbk commented Feb 15, 2017
edited by degemer
Loading

What does this PR do?

This PR adds a DNS cache to the agent, if disabled the agent just skips any local DNS resolution. Otherwise we've implemented a very simple cache that should allow us to reduce the number of DNS queries made.

Motivation

A customer was complaining about too many DNS queries. We suggested some local caching like dnsmasq, apparently that was not an option for them. Unfortunately there was no way to do this using requests, which was the preferred approach.

Testing Guidelines

An overview on testing
is available in our contribution guidelines.

truthbk
truthbk commented Feb 15, 2017
View reviewed changes
ddagent.py
@@ -209,6 +212,8 @@ def __sizeof__(self):

def get_url(self, endpoint, api_key):
endpoint_base_url = get_url_endpoint(endpoint)
if self._application.agent_dns_caching:
endpoint_base_url = self._application.get_from_dns_cache(endpoint_base_url)
Copy link
Member Author

@truthbk truthbk Feb 15, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could mess up the SSL/TLS verification, which is domain name based. This sort of DNS caching would therefore require making the requests with verify=False. Big issue because it would open the door to man-in-the-middle attacks. That said, that option already exists in the agent.

@truthbk
[test][transaction] fix broken test.
5ac2145 
[core][tests] further test fixes.
@truthbk
Copy link
Member Author

truthbk commented Feb 16, 2017

Should we document the option in datadog.conf?

@remh remh added this to the 5.12.0 milestone Feb 21, 2017
@gmmeyer gmmeyer requested a review from degemer March 6, 2017 19:39
@degemer degemer self-assigned this Mar 6, 2017
degemer
degemer approved these changes Mar 7, 2017
View reviewed changes
Copy link
Member

@degemer degemer left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It works and indeed requires skip_ssl_validation: yes.
LGTM!

I'm not sure it's worth documenting (since it requires disabling the SSL validation), it's only useful in very specific cases that usually go through support.

@truthbk truthbk merged commit 5abae9b into master Mar 8, 2017
@truthbk truthbk deleted the jaime/dnscache branch March 8, 2017 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@degemer degemer degemer approved these changes

Assignees

@degemer degemer

Labels
None yet
Projects
None yet
Milestone
5.12.0
Development

Successfully merging this pull request may close these issues.
3 participants
@truthbk @degemer @remh