Replace DseGssAuthProvider.reverseDnsResolver with resolver that uses dns.lookupService instead and make it default
Description
The documentation for setting up kerberos with DataStax enterprises demonstrates setting up principals for each C* node using FQDNs.
The service URI generated by the driver will effectively be dse@<rpc_address>, which may in fact work when used as the service principal depending on the kerberos server implementation, but it's possible it will not. For some reason the same kerberos server implementation i am using will handle IP addresses in service uris fine when using a FQDN principal on linux, but not on OS X.
Since the docs show using FQDNs, we should make this the default as well in all the drivers. I found out while testing that DseGssapiAuthProvider.reverseDnsResolver did not solve my issue for doing hostname lookups, while the java-driver's use of InetAddress.getCanonicalHostName() does. This was because I was using 'localhost' for the FQDN, which is typically not resolved using a DNS lookup, but instead may be in /etc/hosts. Using dns.lookupService will make a getnameinfo() system call which checks both /etc/hosts and does a reverse DNS lookup. The cpp-driver does this by default as well.
In the typical case, using dns.lookupService over dns.reverse is not particularly useful, but it's nice to have for evaluating/testing kerberos support, so it might be more user friendly.
The documentation for setting up kerberos with DataStax enterprises demonstrates setting up principals for each C* node using FQDNs.
The service URI generated by the driver will effectively be
dse@<rpc_address>
, which may in fact work when used as the service principal depending on the kerberos server implementation, but it's possible it will not. For some reason the same kerberos server implementation i am using will handle IP addresses in service uris fine when using a FQDN principal on linux, but not on OS X.Since the docs show using FQDNs, we should make this the default as well in all the drivers. I found out while testing that
DseGssapiAuthProvider.reverseDnsResolver
did not solve my issue for doing hostname lookups, while the java-driver's use ofInetAddress.getCanonicalHostName()
does. This was because I was using 'localhost' for the FQDN, which is typically not resolved using a DNS lookup, but instead may be in /etc/hosts. Usingdns.lookupService
will make agetnameinfo()
system call which checks both /etc/hosts and does a reverse DNS lookup. The cpp-driver does this by default as well.In the typical case, using
dns.lookupService
overdns.reverse
is not particularly useful, but it's nice to have for evaluating/testing kerberos support, so it might be more user friendly.