[OpenAFS] Re: freezes acessing /afs/.git

Andrew Deason adeason@sinenomine.net
Thu, 14 Aug 2014 11:22:44 -0500


On Thu, 14 Aug 2014 08:45:16 -0400
chas williams - CONTRACTOR <chas@cmf.nrl.navy.mil> wrote:

> On Wed, 13 Aug 2014 22:26:36 -0500
> Andrew Deason <adeason@sinenomine.net> wrote:
> 
> > This generally sounds reasonable to me. But I think you want to just
> > require a dot if the name doesn't exist in the csdb at all, so you can
> > just put it in the local csdb if you want to use it, without needing to
> > alias it to a full cell name. (This may have been mentioned earlier, but
> > I don't see it here.) I'd call such an option -afsdb-ndots, which would
> > set the minimum number of dots (like resolv.conf's "option ndots").
> 
> I would probably prefer to have a whitelist of some sort that would
> support regular expressions.  You could then do something stupid like
> require entries to have atleast a single . and end in one of the more
> common domain suffixes.

I prefer a blacklist, because I'd rather err on the side allowing too
many entries than restricting too many. I imagined this would be a list
set by e.g. Linux distribution packaging, to reduce the 'out of the box'
experience of things hanging. But if you restrict too much, someone's
cell in a DNS TLD you've never heard of (maybe it doesn't exist right
now) stops working for seemingly strange (to them) reasons.

But it's sounding like maybe it's better to get by without either a
whitelist or blacklist. Improving the caching means this would work more
'automatically' and with fewer additional configuration directives, etc.

-- 
Andrew Deason
adeason@sinenomine.net