[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nscd: Was Re: long delays with LDAP nss/pam



On Wed, 27 Oct 2004 18:07, Donovan Baarda <abo@minkirri.apana.org.au> wrote:
> Sorry to subvert a thread like this, but has anyone else decided that
> nscd is pretty much essential for all systems, regardless of nss, or
> local nameservers?

No.

> It seems without it there is _no_ dns caching of any kind (except for

Run named on localhost.

> apps like squid that explicitly have it). If you ping, every single ping
> packet triggers an nslookup.

Which ping program have you seen doing this?  The ping program in iputils-ping 
only does a DNS lookup before sending the first packet and I expect that all 
other ping programs do the same.  Run tcpdump while running ping and check 
what your ping program does.

> Even if you have a local caching name 
> server, the UDP traffic on the loopback interface hurts.

How does UDP traffic on the loopback hurt more than Unix domain socket access?

> Is there any reason why nscd should not be installed on a system?

It wastes RAM on small machines.  Caches get stale some times.  It's one more 
thing that can go wrong or have a security issue.  Most people don't need it.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



Reply to: