2015-11-26 10:09 AM
If I have an incorrect host name in a long list of an export policy, the DSN name for the host is not resolvable. Coud that cause any issues?
to avoid any possible issue, we should then use IP instead of DNS name. Will that be appropriate?
Thanks for sharing! cdot 8.3
2015-11-26 03:38 PM
Impact is not documented clearly. As per my experience, evaluation of export policy rules will be stopped at the rule index which has unresolvable host name. In addition, by known bug fixed in 8.3.1, evaluation will be failed even if rule index of unresolvable host name is greater than the rule which matches currently accessing client.
Using host name, policy rule tends to become bigger. Evaluation by large policy brings latency and CPU load. Use of IP address and mask is better unless you need to manage rules by host name anyway.
2015-11-27 06:18 AM
>>by known bug fixed in 8.3.1, evaluation will be failed even if rule index of unresolvable host name is greater than the rule which matches currently accessing client.
Sorry, I don't quite understand this part.
Let's say I have an unresolvable host name A, and it's rule index is 100. At moment when I found the matching for the other client B at rule index 30. Will I still have a problem? which means as long as I have an unresolvable host name existing in the export policy, I will have the problem?
2015-11-28 01:40 PM
In case of your example, client access will fail.
Policy rule evaluation is aborted when the processing rule has unresolvable host name.
If client access matches any rule before that point and cDOT does not affected by bug ID 891293,cDOT does not attempt further evaluation and client access will be accepted as it is.
But in version of cDOT affected by bug ID 891293, cDOT does not stop policy evaluation operation at the point of matched rule.
Above page only mention to delay. But unresolvable host name brings access failure in conjunction with this bug.
Later rule will be also processed, and if any later rule has unresolvable host name, evaluation process is aborted and the result of previous rules is discarded. Client access fails by such reason.
2015-11-28 07:21 PM
We are running on cdot 8.3p2, so, the bug should not be affected. But, the evaluation would be still failed on the entry of unresolvable host name. Correct?