Date: Sun, 01 Jul 2012 12:18:07 +0200 From: Stefan Esser <se@freebsd.org> To: FreeBSD developers <hackers@FreeBSD.org> Subject: [RFT/RFC]: Please test NSCD patch (was: Re: [PATCH] Fix for negative cacheing problem in NSCD) Message-ID: <4FF023DF.8000003@freebsd.org> In-Reply-To: <4FECBBC1.3000800@freebsd.org> References: <CAGE5yCqM4OwUyvW1OW1vz7dP2G0zTQCU4P99bJdVASndg8SpAw@mail.gmail.com> <4FEAA3C1.2040807@freebsd.org> <4FECBBC1.3000800@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[Since I did not receive any feedback on my previous message to the -hackers list, I try again and CC: to -current in the hope to attract more interest ...] The NSCD patch attached to the previous mail, which can be found at: http://www.mail-archive.com/freebsd-hackers@freebsd.org/msg164538.html It fixes an often reported problem with negative cacheing in NSCD: E.g. when a new user account is created, there is a query for this username to give a meaningful reply to the user, if that username has been choosen before. The query result is cached, and if the username was not found and a new account is created, NSCD does not notice and returns the "user does not exist" result for the cache's time-to-live duration that is configured for negative queries (default is 60 seconds, could be increased when the patch is applied). The patch fixes the scenario given by marking the first negative reply as preliminary result and requires further queries to the original data source to deliver the same result before the cached value is used and the data source is not queried again. I'd want to commit this patch to -CURRENT within the next week, if there are no objections. The patch does not violate POLA, since it does not change the behavior without an additional configuration line in /etc/nscd.conf. Before I commit the patch I'd appreciate the following feedback: 1) Does it work for you with your data sources (e.g. LDAP) (The patch has worked on my box in the cases I tested.) 2) Should the defaults be changed, e.g. the negative confidence threshold could be set to 3 with a timeout of 10 minutes instead of the current values of 1 and 1 minute. (I plan to commit the change without change to the defaults to prevent a violation of POLA, unless there are strong arguments in favor of changed defaults.) 3) Is there a better name for the new option? I used "negative-confidence-threshold" since I could not think of a simpler/shorter name to express its purpose. 4) Is the patch to the man page comprehensible? Any suggestions to improve the wording? 5) I also added support for retries on positive cache results, which might for example help with DNS based load balancing. For example "positive-confidence-threshold hosts 4" will require 4 identical DNS replies before the cache trusts its contents and stops sending DNS queries. This may or may not be useful; the feature came at negligible cost, and so I kept it in the attached patch, but might as well commit a stripped down version that only supports negative cacheing. The patch was attached to my previous mail and is also available from: http://people.freebsd.org/~se/nscd-Negative-Threshold.patch Regards, STefan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF023DF.8000003>