[jacorb-developer] DNS Query being madeduring Handshake even though I have disabled it in the configuration.

Alka Nand alka.nand at gmail.com
Thu Jun 27 22:43:13 CEST 2013


Solution to DNS Query issue

I was able to resolve this issue by extending SSLSocketFactory in the
application.

After creating a socket (sync,*ack*,sync-*ack*) *jacorb*-*jsse* sends out a
DNS

query to resolve the DNS name before it sends out the Client Hello. This
can take *upto* 15 *secs* and the Server times out by then. The solution is
to pass a dummy empty string as the host name, when creating the
InetAddress for the SSL connection. I changed
InetAddress.getByAddress(addrBytes) to InetAddress.getByAddress("",
addrBytes) and it no longer does the reverse DNS lookup.



Extend SSLSocketFactory and overwrite the following method as


    protected Socket doCreateSocket(String host, int port, int timeout)
throws IOException

    {



    //changed InetAddress.getByAddress(addrBytes) to
InetAddress.getByAddress("", addrBytes)

    //and it no longer does the reverse DNS lookup.



        InetAddress inetAddr = InetAddress.getByName(host);

        byte[] byteIP= inetAddr.getAddress();

    InetAddress sockAvoidDNSQuery = InetAddress.getByAddress("My NE",
byteIP);



        SSLSocket socket = (SSLSocket)factory.createSocket();

        //socket.connect(new InetSocketAddress(host, port), timeout);

        socket.connect(new InetSocketAddress(sockAvoidDNSQuery, port),
timeout);


        initSSLSocket(socket);


        return socket;

        /* Original code

        SSLSocket socket = (SSLSocket)factory.createSocket();

        socket.connect(new InetSocketAddress(host, port), timeout);


        initSSLSocket(socket);


        return socket;

        */

    }

On Thu, May 23, 2013 at 4:33 PM, Nick Cross <jacorb at goots.org> wrote:

>
> From the trace you have sent this might be a SSL issue. Have you tried
> turning on the JVM property javax.net.debug=all to debug the SSL
> connection? Have you tried a simple SSL program (without JacORB) to verify
> whether it is the SSL implementation itself? There seems to be some similar
> reports with slow SSL handshake online.
>
> Regards
>
> Nick
>
>
> On 23/05/13 17:34, Alka Nand wrote:
>
>> Nick,
>>
>> Thanks for the quick response.
>>
>> Yes - it ONLY happens with SSL, TCP  handshake does not send a DNS query.
>>
>> Here is the stack trace at the point that it sends it out
>>
>> Daemon System Thread [RMI TCP Connection(3017)-172.28.128.**207]
>> (Suspended (breakpoint at line 1061 in GIOPConnection))
>>
>>                  owns: EMSSession  (id=4706)
>>
>>
>> ClientGIOPConnection(**GIOPConnection).sendMessage(**MessageOutputStream,
>> UtcT) line: 1061
>>
>>
>> ClientGIOPConnection(**GIOPConnection).sendRequest(**MessageOutputStream,
>> boolean) line: 988
>>
>>                  ClientConnection.sendRequest(**MessageOutputStream,
>> boolean) line: 309
>>
>>                  ClientConnection.sendRequest(**MessageOutputStream,
>> ReplyPlaceholder, int, boolean) line: 290
>>
>>                  Delegate._invoke_internal(**Object, OutputStream,
>> ReplyHandler, boolean) line: 1327
>>
>>                  Delegate.invoke_internal(**Object, OutputStream,
>> ReplyHandler, boolean) line: 1152
>>
>>                  Delegate.invoke(Object, OutputStream) line: 1140
>>
>>                  Delegate.invokeBuiltin(Object, String, String) line: 2031
>>
>>                  Delegate.is_a(Object, String) line: 1894
>>
>>                  Reference(ObjectImpl)._is_a(**String) line: 53
>>
>>                  NESessionFactory_IHelper.**narrow(Object) line: 59
>>
>>                  EMSSession.establishSession() line: 817
>>
>>                  EMSSession.<init>(String, SessionManager, String,
>> byte[], String, ORB, POA, int) line: 457
>>
>>                  SessionManager.**createNESession(String) line: 405
>>
>> The Exception is
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err: 2013-05-23 11:15:46.189 SEVERE Underlying transport
>> connection closed due to errors during sendMessage(), in
>> ClientGIOPConnection to 172.28.136.191:1632 <http://172.28.136.191:1632>
>>
>> (1a6b67b)
>>
>> ClientMessageReceptor0;Thu May 23 11:15:46 CDT 2013;System.err:
>> 2013-05-23 11:15:46.190 FINE ClientGIOPConnection to 172.28.136.191:1632
>> <http://172.28.136.191:1632> (1a6b67b): streamClosed()
>>
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err: 2013-05-23 11:15:46.191 FINE ClientGIOPConnection to
>> 172.28.136.191:1632 <http://172.28.136.191:1632> (1a6b67b):
>> streamClosed()
>>
>>
>> ClientMessageReceptor0;Thu May 23 11:15:46 CDT 2013;System.err:
>> 2013-05-23 11:15:46.192 FINE ClientGIOPConnection to 172.28.136.191:1632
>> <http://172.28.136.191:1632> (1a6b67b): closeAllowReopen()
>>
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err: 2013-05-23 11:15:46.193 FINE ClientGIOPConnection to
>> 172.28.136.191:1632 <http://172.28.136.191:1632> (1a6b67b):
>>
>> closeAllowReopen()
>>
>> ClientMessageReceptor0;Thu May 23 11:15:46 CDT 2013;System.err:
>> 2013-05-23 11:15:46.200 INFO Client-side TCP transport to
>> 172.28.136.191:1632 <http://172.28.136.191:1632> closed.
>>
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err: 2013-05-23 11:15:46.200 WARNING Abnormal connection
>> termination. Lost 1 outstanding replie(s)!
>>
>> ClientMessageReceptor0;Thu May 23 11:15:46 CDT 2013;System.err:
>> 2013-05-23 11:15:46.201 FINE ClientGIOPConnection to 172.28.136.191:1632
>> <http://172.28.136.191:1632> (1a6b67b): will wait until connected
>>
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err: 2013-05-23 11:15:46.201 FINE invoke[-->]: SystemException
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.etf.**ConnectionBase.to_COMM_**
>> FAILURE(ConnectionBase.java:**152)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.iiop.**IIOPConnection.**handleCommFailure(**
>> IIOPConnection.java:79)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.etf.**StreamConnectionBase.flush(**
>> StreamConnectionBase.java:228)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.giop.**GIOPConnection.sendMessage(**
>> GIOPConnection.java:1062)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.giop.**GIOPConnection.sendRequest(**
>> GIOPConnection.java:988)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.giop.**ClientConnection.sendRequest(**
>> ClientConnection.java:309)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.giop.**ClientConnection.sendRequest(**
>> ClientConnection.java:290)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.Delegate._**invoke_internal(Delegate.java:**1327)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.Delegate.**invoke_internal(Delegate.java:**1152)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:     org.jacorb.orb.Delegate.**invoke(Delegate.java:1140)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.jacorb.orb.Delegate.**invokeBuiltin(Delegate.java:**2031)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:     org.jacorb.orb.Delegate.is_a(**Delegate.java:1894)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> org.omg.CORBA.portable.**ObjectImpl._is_a(ObjectImpl.**java:53)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> com.tellabs.ems.sb_if.emsne.**SessionMgr.NESessionFactory_**
>> IHelper.narrow(**NESessionFactory_IHelper.java:**59)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> com.tellabs.ems.idlneadapter.**EMSSession.establishSession(**
>> EMSSession.java:817)
>>
>> RMI TCP Connection(16)-172.28.128.207;**Thu May 23 11:15:46 CDT
>> 2013;System.err:
>> com.tellabs.ems.idlneadapter.**EMSSession.<init>(EMSSession.**java:457)
>>
>> Thanks a bunch
>>
>> alka
>>
>>
>> On Thu, May 23, 2013 at 9:43 AM, Nick Cross <jacorb at goots.org
>> <mailto:jacorb at goots.org>> wrote:
>>
>>
>>     Does this happen without SSL enabled? Do you have a test case?
>>
>>     Regards
>>
>>     Nick
>>
>>
>>
>>     On 23/05/13 14:54, Alka Nand wrote:
>>
>>         Hi,
>>
>>         I am using Jacorb 3.0. I saw that during SSL Handshake Jacorb is
>>         making a
>>         DNS query even when I have turned off the following
>>         configuration parameters
>>
>>         # Use DNS names in IORs
>>         jacorb.dns.enable=off
>>         jacorb.dns.eager_resolve=off
>>
>>         # Force the FQDN host name lookup. Turn off if exactly the given
>>         host
>>         # names (e.g. "short" names) should be used in IORs
>>         jacorb.dns.force_lookup=off
>>
>>         The problem is if DNS is not setup corectly the DNS query takes
>>         12 seconds
>>         to timeout and in the meanwhile the server closes the connection.
>>
>>         My question is why is the DNS query being made even though I
>>         have DNS
>>         turned off?
>>
>>         The sequence is
>>         Time 0  - Client sends a "syn" to Server
>>         Server responds with an "Syn Ack"
>>         Client sends an "ack" back
>>         Client then makes a DNS query to resolve the IP address -
>>         Standard Query -
>>         reverse IPAdd.in-addr.arpa
>>         10 secs from time 0 the Server sends a Fin and closes the
>> connection
>>         12 seconds later the DNS Query times out
>>         Client then sends a "Client Helo" but the server has already
>>         closed the
>>         connection
>>         Alert
>>
>>         Is there any other way of turning off DNS?
>>
>>         Any response would be greatly appreciated.
>>
>>         Thanks
>>         alka nand
>>         Tellabs
>>
>>
>>
>>
>>
>> --
>>
>> alka
>>
>>
>


-- 

alka


More information about the jacorb-developer mailing list