[OpenAFS] dynroot question]

Derrick Brashear shadow@gmail.com
Fri, 7 Aug 2009 10:46:01 -0400

On Fri, Aug 7, 2009 at 10:43 AM, Jack Neely<jjneely@pams.ncsu.edu> wrote:
> On Wed, Aug 05, 2009 at 07:08:30PM +0100, Simon Wilkinson wrote:
>> On 5 Aug 2009, at 19:03, Russ Allbery wrote:
>>> Apache recursively ascends the file hierarchy looking for .htaccess
>>> files
>>> even if that directory itself is not being served, so it will attempt
>>> to
>>> read /afs/.htaccess if you are serving any directory anywhere under /
>>> afs.
>> I haven't looked at the code, so we may be already doing this, but it
>> seems to me that we could just bounce requests for /afs/.htaccess
>> immediately. In fact, there's probably a range of things that it makes
>> no sense to do DNS lookups for.
>> S.
> I agree here. =A0Turns out I am sending out DNS queries from each of the
> web servers for the htaccess cell 20 or so times a second.

A hardcoded blacklist would be good, configurable blacklist would be
better, but at the same time, we could stand to cache negative answers
for a bit longer in some manner.