Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 01 Jul 2012 12:18:07 +0200
From:      Stefan Esser <se@freebsd.org>
To:        FreeBSD developers <hackers@FreeBSD.org>
Subject:   [RFT/RFC]: Please test NSCD patch (was: Re: [PATCH] Fix for negative cacheing problem in NSCD)
Message-ID:  <4FF023DF.8000003@freebsd.org>
In-Reply-To: <4FECBBC1.3000800@freebsd.org>
References:  <CAGE5yCqM4OwUyvW1OW1vz7dP2G0zTQCU4P99bJdVASndg8SpAw@mail.gmail.com> <4FEAA3C1.2040807@freebsd.org> <4FECBBC1.3000800@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
[Since I did not receive any feedback on my previous message to the
-hackers list, I try again and CC: to -current in the hope to attract
more interest ...]

The NSCD patch attached to the previous mail, which can be found at:

	http://www.mail-archive.com/freebsd-hackers@freebsd.org/msg164538.html

It fixes an often reported problem with negative cacheing in NSCD:

E.g. when a new user account is created, there is a query for this
username to give a meaningful reply to the user, if that username
has been choosen before. The query result is cached, and if the
username was not found and a new account is created, NSCD does not
notice and returns the "user does not exist" result for the cache's
time-to-live duration that is configured for negative queries (default
is 60 seconds, could be increased when the patch is applied).

The patch fixes the scenario given by marking the first negative
reply as preliminary result and requires further queries to the
original data source to deliver the same result before the cached
value is used and the data source is not queried again.

I'd want to commit this patch to -CURRENT within the next week, if
there are no objections. The patch does not violate POLA, since it
does not change the behavior without an additional configuration
line in /etc/nscd.conf.

Before I commit the patch I'd appreciate the following feedback:

1) Does it work for you with your data sources (e.g. LDAP)
   (The patch has worked on my box in the cases I tested.)

2) Should the defaults be changed, e.g. the negative confidence
   threshold could be set to 3 with a timeout of 10 minutes
   instead of the current values of 1 and 1 minute.
   (I plan to commit the change without change to the defaults
    to prevent a violation of POLA, unless there are strong
    arguments in favor of changed defaults.)

3) Is there a better name for the new option?
   I used "negative-confidence-threshold" since I could not think
   of a simpler/shorter name to express its purpose.

4) Is the patch to the man page comprehensible?
   Any suggestions to improve the wording?

5) I also added support for retries on positive cache results,
   which might for example help with DNS based load balancing.
   For example "positive-confidence-threshold hosts 4" will
   require 4 identical DNS replies before the cache trusts its
   contents and stops sending DNS queries. This may or may not
   be useful; the feature came at negligible cost, and so I kept
   it in the attached patch, but might as well commit a stripped
   down version that only supports negative cacheing.

The patch was attached to my previous mail and is also available
from:

	http://people.freebsd.org/~se/nscd-Negative-Threshold.patch

Regards, STefan



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FF023DF.8000003>