| The current agent behavior may be good enough here, because it uses persistent HTTP connections. So during a normal agent run, it will try to reuse the same TCP connection. If the connection is idle, such as due to a long running exec, package install, etc, then the agent will timeout the idle connection and create a new one, retriggering the lookup. But that's more of the exception than the rule. If we need to do something more than that, then we probably want to handle the DNS resolution ourselves via Resolv::DNS and store the resolved IP address for the run. However, we'll have to do some extra work to handle the certname mismatch since the IP we tried to connect to doesn't match the server's certname. |
