Answering my own question: I retract the proposal for changes here. Although the function Network.accept does an implied reverse DNS lookup, it does so lazily. So the actual lookup should not happen unless the library client actually tries to use the host name. As for the Hackage problem, this problem is inherent to CGI, which is what Hackage currently uses. The CGI protocol supplies the resolved client host name to the web application in an environment variable. So the web server (Apache in this case) will always have do a reverse DNS lookup by definition. (Environment variables are strict. Too bad.) So until we upgrade to a complete rewrite of Hackage (any day now, right?), I guess the only solution is to access Hackage via a proxy on a host whose reverse DNS is working. Thanks, Yitz On Tue, Apr 9, 2013 at 3:54 PM, Yitzchak Gale wrote:

I noticed that the accept function in the network library, unlike the underlying C function, does a reverse DNS lookup every time it accepts a connection.

This seems to be the cause of an acute problem: Hackage is nearly unusable for people whose ISP has broken reverse DNS, since every request to the server delays for 30 seconds or more while waiting for the broken reverse DNS server to time out. I know, the ISP should fix it, or the user should switch to a different ISP, but that isn't always practical.

In particular, Roman, our expert from Odessa, is experiencing this problem. And he is hosting a Haskell Hackathon, OdHack, in just a few weeks time. I am concerned that all participants in the Hackathon might also be susceptible, which would be a Very Bad Thing.

I'll note that nowadays it seems to be widely accepted "best practice" to avoid per-connection RDNS lookup, e.g., by configuring web servers to log IP addresses instead of domain names.

So there are two questions here: one is whether we need a change to the the network and/or cgi packages (and possibly others), and the other is how to solve the hackage problem promptly.

My first thought on the first question is to add a new function acceptRaw or accept' to network that skips the lookup, and then change cgi to use it. But I would also support changing accept itself to skip the lookup always.

Thanks, Yitz

On Apr 9, 2013, at 8:54 AM, Yitzchak Gale wrote:

This seems to be the cause of an acute problem: Hackage is nearly unusable for people whose ISP has broken reverse DNS, since every request to the server delays for 30 seconds or more while waiting for the broken reverse DNS server to time out.

So THAT's what was making Hackage totally unusable for me... So many hours (days?) blown on just waiting for it. -- Darius Jahandarie

On Tue, Apr 9, 2013 at 2:54 PM, Yitzchak Gale wrote:

My first thought on the first question is to add a new function acceptRaw or accept' to network that skips the lookup

Network.Socket.accept doesn't do the reverse lookup. G -- Gregory Collins