Skip to content

ZOOKEEPER-4986 Disable reverse DNS lookup in TLS client and server #2325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
anmolnar merged 1 commit into from
Oct 7, 2025
Merged

ZOOKEEPER-4986 Disable reverse DNS lookup in TLS client and server #2325

anmolnar merged 1 commit into from
Oct 7, 2025

Conversation

@anmolnar
Copy link
Contributor

@anmolnar anmolnar commented Oct 6, 2025
edited
Loading

Inspired by the same property that was implemented in Apache HBase for the same purpose.

Disable reverse DNS lookups by default for both quorum and client protocols to be consistent. This should be safe from backward compatibility perspective in a new major (minor?) version if we cut 4.0.0 from master soon. In a branch-3.9 backport we should enable reverse lookup in the quorum protocol by default to support smooth transition.

From #2316

cc @kezhuw @onmywaytoheaven

@anmolnar anmolnar mentioned this pull request Oct 6, 2025
Closed
@onmywaytoheaven
Copy link

onmywaytoheaven commented Oct 6, 2025

Hey @anmolnar, this one looks fine from the security perspective, thanks!

kezhuw
kezhuw approved these changes Oct 7, 2025
View reviewed changes
Copy link
Member

@kezhuw kezhuw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! LGTM.

@anmolnar anmolnar merged commit 66c4efe into apache:master Oct 7, 2025
16 checks passed
@anmolnar anmolnar deleted the ZOOKEEPER-4986 branch October 7, 2025 12:39
@anmolnar anmolnar restored the ZOOKEEPER-4986 branch October 14, 2025 15:08
@anmolnar anmolnar deleted the ZOOKEEPER-4986 branch October 14, 2025 15:08
anmolnar added a commit to anmolnar/zookeeper that referenced this pull request Oct 14, 2025
@anmolnar
ZOOKEEPER-4986: Disable reverse DNS lookup in TLS client and server
54e25d1 
Reviewers: kezhuw
Author: anmolnar
Closes apache#2325 from anmolnar/ZOOKEEPER-4986
anmolnar added a commit to anmolnar/zookeeper that referenced this pull request Oct 14, 2025
@anmolnar
ZOOKEEPER-4986: Disable reverse DNS lookup in TLS client and server
9cc6f6e 
Reviewers: kezhuw
Author: anmolnar
Closes apache#2325 from anmolnar/ZOOKEEPER-4986
@anmolnar anmolnar mentioned this pull request Oct 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kezhuw kezhuw kezhuw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anmolnar @onmywaytoheaven @kezhuw