DNS questions not making use of nscd for caching

I'm attempting to make use of nscd (Nameservices Cache Daemon) to cache DNS in your area so I can stop making use of Bind to do it. I've obtained it began and also ntpd appears to try to utilize it. Yet every little thing else for hosts appears to overlook it. e.g if I do dig apache.org 3 times none will certainly strike the cache. I'm watching the cache statistics making use of nscd -g to establish whether it is been made use of. I've additionally transformed the debug log degree approximately see if I can see it striking and also the questions do not also strike nscd.


# Begin /etc/nsswitch.conf
passwd: files
group: files
shadow: files

publickey: files

hosts: cache files dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files
# End /etc/nsswitch.confenter code here


# /etc/nscd.conf
# An example Name Service Cache config file.  This file is needed by nscd.
# Legal entries are:
#       logfile                 <file>
#       debug-level             <level>
#       threads                 <initial #threads to use>
#       max-threads             <maximum #threads to use>
#       server-user             <user to run server as instead of root>
#               server-user is ignored if nscd is started with -S parameters
#       stat-user               <user who is allowed to request statistics>
#       reload-count            unlimited|<number>
#       paranoia                <yes|no>
#       restart-interval        <time in seconds>
#       enable-cache            <service> <yes|no>
#       positive-time-to-live   <service> <time in seconds>
#       negative-time-to-live   <service> <time in seconds>
#       suggested-size          <service> <prime number>
#       check-files             <service> <yes|no>
#       persistent              <service> <yes|no>
#       shared                  <service> <yes|no>
#       max-db-size             <service> <number bytes>
#       auto-propagate          <service> <yes|no>
# Currently supported cache names (services): passwd, group, hosts, services

    logfile                 /var/log/nscd.log
    threads                 4
    max-threads             32
    server-user             nobody
#   stat-user               somebody
    debug-level             9
#   reload-count            5
    paranoia                no
#   restart-interval        3600

    enable-cache            passwd          yes
    positive-time-to-live   passwd          600
    negative-time-to-live   passwd          20
    suggested-size          passwd          211
    check-files             passwd          yes
    persistent              passwd          yes
    shared                  passwd          yes
    max-db-size             passwd          33554432
    auto-propagate          passwd          yes

    enable-cache            group           yes
    positive-time-to-live   group           3600
    negative-time-to-live   group           60
    suggested-size          group           211
    check-files             group           yes
    persistent              group           yes
    shared                  group           yes
    max-db-size             group           33554432
    auto-propagate          group           yes

    enable-cache            hosts           yes
    positive-time-to-live   hosts           3600
    negative-time-to-live   hosts           20
    suggested-size          hosts           211
    check-files             hosts           yes
    persistent              hosts           yes
    shared                  hosts           yes
    max-db-size             hosts           33554432

    enable-cache            services        yes
    positive-time-to-live   services        28800
    negative-time-to-live   services        20
    suggested-size          services        211
    check-files             services        yes
    persistent              services        yes
    shared                  services        yes
    max-db-size             services        33554432


# Generated by dhcpcd from eth0
domain westell.com

as sort of a side note I'm making use of Arch Linux.

note: this has actually been relocated two times, I've never ever identified why applications, leaving out dig, are not striking the nscd cache, internet browsers, IM, IRC, all need to have been, yet they really did not

2019-05-18 22:38:40
Source Share
Answers: 5

I do not recognize that much concerning nscd other than that it so usually created problem with DNS lookups that I constantly disabled it (or at the very least the host lookups component of it). Nscd allows you set the moment - to - real-time values and also I recognize DNS anticipates to "possess" those values and also have all resolvers recognize them. You can wind up with unusual outcomes if the TTLs in DNS aren't recognized. My referral is not to make use of nscd for caching DNS. It resembles you currently have a caching name web server working on your neighborhood box, so no demand to cache DNS lookups two times.

2019-05-21 08:54:43

You are missing out on the hosts configuration in nscd.conf. I'm uploading my own as an instance:

enable-cache            hosts           yes
positive-time-to-live   hosts           3600
negative-time-to-live   hosts           20
suggested-size          hosts           211
check-files             hosts           yes
persistent              hosts           yes
shared                  hosts           yes
max-db-size             hosts           33554432

This will certainly damage some points. The adhering to details is from the Debian plan:

  Since this release, hosts caching in nscd is off by default: for some of the
  libc calls (gethostby* calls) nscd does not respect the DNS TTLs.  It can
  lead to system lockups (e.g. if you are using pam-ldap and change the IP of
  your authentication server) hence is not considered safe.

  See debian bug #335476 and how upstream answered to that in

 -- Pierre Habouzit <[email protected]>  Sat, 28 Apr 2007 11:10:56 +0200
2019-05-21 08:52:41

nscd is actually unstable for every little thing, not simply DNS. It is well worth staying clear of unless you seriously require it for one reason or another. You need to make use of an objective - made DNS caching daemon if you intend to cache DNS in your area (which is an excellent suggestion!).

2 of my favourites are dnsmasq and also dnscache from djbdns.

2019-05-21 08:50:38

If there is DNS caching in Hell, it is given by nscd. Do not. Usage. It.

Simply to be various: pdnsd is in fact a really wonderful substitute. Or unscd (made use of by default at the very least in openSUSE).

2019-05-21 08:47:26

The reason that you are missing out on the cache strikes is that dig quizs the DNS straight. You can attempt and also see whether the cache collaborates with the getent command:

getent hosts host.example.com

Running a different caching DNS is an excellent suggestion, yet you need to take into consideration running it on the network degree when possible. If each host cache the information independently they will certainly still run numerous questions for the very same hosts. Solitary cache functions around this trouble.

Nscd itself is a caching daemon for NSS functions. So the emphasis is a bit various than indigenous caching nameservers. So if you simply desire a caching nameserver, usage another thing than nscd. If rather you desire to cache points like common usernames and also hostdata beyond the regular DNS system, go with nscd.

And also for the document, I've expanded fairly keen on powerdns resolver (pdns - resolver).

2019-05-21 08:44:37