Does anyone use nscd?

Michael Bushkov bushman at
Tue Oct 11 08:32:16 UTC 2011

On Tue, Oct 11, 2011 at 1:42 PM,  <perryh at> wrote:
> Doug Barton <dougb at> wrote:
>> On 10/10/2011 11:55, David Brodbeck wrote:
>> > Is there any reason to cache negative hits?
>> It's very important for DNS since there are a fairly large number
>> of misbehaving applications that don't stop querying until they
>> get some kind of answer.
> Would this need be sufficiently covered if negative cache timeout
> were set to, say, 1/4 of a second?  That should be short enough
> to cover virtually any instance in which a missing entry is added
> manually and the new entry then needs to be found.

You can actually change negative caching timeout as well as turn it
off completely. There's negative-time-to-live option in nscd.conf (see Unfortunately it
accepts only integer number of seconds, so 1/4 of a second is
impossible. But you can turn negative caching off completely by
setting negative-time-to-live to 0.

>> And speaking of DNS, while I think that improving nscd is a good
>> goal I wonder how much use it will be in the world to come when
>> DNSSEC becomes more important ...
> Is there something about DNSSEC that makes it fundamentally
> incompatible with a local cache such as nscd, or is it simply
> a matter of nscd needing a bit of work to support DNSSEC?
> _______________________________________________
> freebsd-hackers at mailing list
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at"

More information about the freebsd-hackers mailing list