2009/5/4 Michael Conigliaro <mconigli...@fandotech.com>: > > Ok guys, this was a tough nut to crack, but I think I figured it out. > > This problem only occurred on clients that lived within a certain > security zone behind my firewall. When a client was on the same vlan as > the puppetmaster, everything worked fine. As soon as I moved it into any > one of a particular set of vlans (all within the same security zone on > my firewall), I got this slowness problem. I spent most of my time > trying to figure out why/how my firewall could be causing things to be > slow rather than just denying the connections altogether. But I > digress... > > The root cause was that I did not have reverse dns records set up for > any of these vlans. Using tcpdump, I was able to see that every time a > client connects, the puppetmaster attempts a reverse dns lookup on the > client's ip. I'm not exactly sure why yet, but dns lookups against > nonexistent in-addr.arpa domains take *for-freaking-ever* on my network. > Once I set up the reverse lookup zone and added the necessary ptr > records, catalog runs were completing in a few seconds again. > > I hope someone out there benefits from this thread, because I was > pulling my hair out over this problem!
Indeed Puppet is completely unusable when the reverse DNS entries are not declared, and especially when DNS timeouts are experienced. I filed an issue for this http://projects.reductivelabs.com/issues/2708 Please feel free to comment with your own experience to have a more comprehensive bug report. -- Jean-Baptiste Quenot http://jbq.caraldi.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
