[OpenAFS-devel] AFS with DNS using AFSDB records

[Jeff Riegel]

Nickolai Zeldovich writes:
> In user-space I did essentially the same thing (though using res_search
> instead of manually constructing DNS queries), and for the kernel module,
> afsd spawns another process that blocks in the kernel waiting for AFSDB
> lookup requests, performs them in user-space using afsconf_GetCellInfo,
> and passes the information back into the kernel.

Your approach sounds cleaner in some ways.  It's definitely nicer to use
res_search than to manually construct packets.  However, for performance I
think it's better to do the network I/O in the kernel.  Since a DNS lookup
is done each time you stat a mount point, there can be a huge number of
requests (e.g, ls -l on a directory containing user home directories.)
Does the Linux resolver do caching of DNS records?  My code currently does
a new DNS lookup each time and always overwrites the existing cell database
entry.  It should be fairly easy to do internal caching by using the DB
entry but invalidating it after some reasonable time (a few hours or so.)

I think the DNS should be more authoritative than the CellServDB, at
least initially.  This is to allow clients to keep the existing CellServDB
for cells that have not yet been entered into a name server.  Otherwise,
clients will end up using the (potentially stale) CellServDB when the
cell should be resolved by DNS.  Once AFSDB usage becomes widespread,
it makes sense to make the CellServDB authoritative and prune it to just
those cells that the administrator wants to override the DNS entries.
Sounds like it would be useful to implement a way to switch between the
two behaviors (e.g. nsswitch.conf as Thomas Vincent suggested.)

Jeff Riegel