Re: Disable rdns for Kerberos tests

[Stephen Frost]

Greetings,

* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost <sfr...@snowman.net> writes:
> > Push, thanks again!
> 
> Why'd you only change HEAD?  Isn't the test equally fragile in the
> back branches?

Following on from this after some additional cross-platform testing,
turns out there's other options we should be disabling in these tests to
avoid depending on DNS for the test.

Attached is another patch which, for me at least, seems to prevent the
tests from causing any DNS requests to happen.  This also means that the
tests run in a reasonable time even in cases where DNS is entirely
broken (the resolver set in /etc/resolv.conf doesn't respond).

Barring objections, my plan is to commit this change soon and to
back-patch both patches to supported branches.

Thanks!

Stephen

From 604097f8acb6c53b5dd7dd710486282cf731ab08 Mon Sep 17 00:00:00 2001
From: Stephen Frost <sfr...@snowman.net>
Date: Mon, 3 Apr 2023 15:15:29 -0400
Subject: [PATCH] For Kerberos testing, disable DNS lookups

Similar to 8dff2f224, this disables DNS lookups by the Kerberos library
to look up the KDC and the realm while the Kerberos tests are running.
In some environments, these lookups can take a long time and end up
timing out and causing tests to fail.  Further, since this isn't really
our domain, we shouldn't be sending out these DNS requests during our
tests.
---
 src/test/kerberos/t/001_auth.pl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl
index a0ed3a0a0b..458246b4d7 100644
--- a/src/test/kerberos/t/001_auth.pl
+++ b/src/test/kerberos/t/001_auth.pl
@@ -107,6 +107,11 @@ $krb5_version = $1;
 # that information in DNS, and also because we're using a
 # non-standard KDC port.
 #
+# Also explicitly disable DNS lookups since this isn't really
+# our domain and we shouldn't be causing random DNS requests
+# to be sent out (not to mention that broken DNS environments
+# can cause the tests to take an extra long time and timeout).
+#
 # Reverse DNS is explicitly disabled to avoid any issue with a
 # captive portal or other cases where the reverse DNS succeeds
 # and the Kerberos library uses that as the canonical name of
@@ -118,6 +123,8 @@ default = FILE:$krb5_log
 kdc = FILE:$kdc_log
 
 [libdefaults]
+dns_lookup_realm = false
+dns_lookup_kdc = false
 default_realm = $realm
 rdns = false
 
-- 
2.34.1

signature.asc
Description: PGP signature