|
Package: nscd Version: 2.13-38 Severity: normal When resolvconf is installed it updates the resolver configuration file resolv.conf as needed. (It actually writes to /run/resolvconf/resolv.conf to which /etc/resolv.conf is a symbolic link.) When nscd is running and the hosts cache is enabled and resolv.conf changes, the hosts cache needs to be invalidated, but this does not currently happen. I discovered this while running nscd with the hosts cache enabled. I connected to a VPN whose internal nameservers resolve certain domain names differently from external nameservers: external nameservers resolve the name to the IP address of the company's reverse proxy whereas the internal nameservers resolve it to an internal IP address. After I connected to the VPN my resolv.conf file was updated by resolvconf such that the VPN nameserver was listed first, but nscd continued to supply the old external IP address out of its cache. Same problem again on disconnecting from the VPN. I would have expected that nscd would invalidate its hosts cache automatically when resolv.conf changed. I thought that this was the point of the patch discussed here: http://www.eglibc.org/archives/patches/msg00977.html which I believe has been integrated into Debian and Ubuntu nscd. But experimentation proves that nscd does *not* invalid its hosts cache when resolv.conf changes... at least, not under the circumstances described above. If nscd is supposed to invalidate its hosts cache when resolv.conf changes then please fix the bug which causes this not to happen under the circumstances described above. If it is not the intent to include that functionality in nscd, then please add a resolvconf update script that invalidates the hosts cache when resolv.conf is changed by resolvconf. I would suggest that this be implemented in two parts. First, add a new "invalidate-hosts" method to the initscript which invalidates the hosts cache, making use of nscd's "--invalidate" option. Then include a file named /etc/resolvconf/update-libc.d/000nscd in the nscd package with the following content. #!/bin/sh [ -x /etc/init.d/nscd ] && /etc/init.d/nscd invalidate-hosts The code in the initscript could look something like the following. invalidate-hosts) log_daemon_msg "Invalidating hosts cache of $DESC" status || nscd --invalidate hosts case "$?" in 0) log_end_msg 0 ; exit 0 ;; *) log_failure_msg " (failed)" ; exit 1 ;; esac ;; Should you implement this, please Suggest resolvconf (>= 1.70) and Conflict with resolvconf (<< 1.70), since those older versions of resolvconf restarted nscd if resolv.conf changed and nscd had the hosts cache enabled. -- Thomas Hood |