Re: nscd: Was Re: long delays with LDAP nss/pam
On Wed, 27 Oct 2004 18:07, Donovan Baarda <abo@minkirri.apana.org.au> wrote:
> Sorry to subvert a thread like this, but has anyone else decided that
> nscd is pretty much essential for all systems, regardless of nss, or
> local nameservers?
No.
> It seems without it there is _no_ dns caching of any kind (except for
Run named on localhost.
> apps like squid that explicitly have it). If you ping, every single ping
> packet triggers an nslookup.
Which ping program have you seen doing this? The ping program in iputils-ping
only does a DNS lookup before sending the first packet and I expect that all
other ping programs do the same. Run tcpdump while running ping and check
what your ping program does.
> Even if you have a local caching name
> server, the UDP traffic on the loopback interface hurts.
How does UDP traffic on the loopback hurt more than Unix domain socket access?
> Is there any reason why nscd should not be installed on a system?
It wastes RAM on small machines. Caches get stale some times. It's one more
thing that can go wrong or have a security issue. Most people don't need it.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: