Does anyone use nscd?
bushman at freebsd.org
Tue Oct 11 08:32:16 UTC 2011
On Tue, Oct 11, 2011 at 1:42 PM, <perryh at pluto.rain.com> wrote:
> Doug Barton <dougb at freebsd.org> wrote:
>> On 10/10/2011 11:55, David Brodbeck wrote:
>> > Is there any reason to cache negative hits?
>> It's very important for DNS since there are a fairly large number
>> of misbehaving applications that don't stop querying until they
>> get some kind of answer.
> Would this need be sufficiently covered if negative cache timeout
> were set to, say, 1/4 of a second? That should be short enough
> to cover virtually any instance in which a missing entry is added
> manually and the new entry then needs to be found.
You can actually change negative caching timeout as well as turn it
off completely. There's negative-time-to-live option in nscd.conf (see
http://www.freebsd.org/cgi/man.cgi?query=nscd.conf). Unfortunately it
accepts only integer number of seconds, so 1/4 of a second is
impossible. But you can turn negative caching off completely by
setting negative-time-to-live to 0.
>> And speaking of DNS, while I think that improving nscd is a good
>> goal I wonder how much use it will be in the world to come when
>> DNSSEC becomes more important ...
> Is there something about DNSSEC that makes it fundamentally
> incompatible with a local cache such as nscd, or is it simply
> a matter of nscd needing a bit of work to support DNSSEC?
> freebsd-hackers at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers