Date: Tue, 11 Oct 2011 10:32:15 +0200 From: Michael Bushkov <bushman@freebsd.org> To: perryh@pluto.rain.com Cc: freebsd-hackers@freebsd.org, dougb@freebsd.org Subject: Re: Does anyone use nscd? Message-ID: <CANkaO_GMY4TiaJW3k0KxQ_x=JdsWLpyV1jXB_S4jjLhSt4Sw2g@mail.gmail.com> In-Reply-To: <4e942bc2.diL95Gr/XYELJ%2Bgj%perryh@pluto.rain.com> References: <20111004160043.GA16034@lpthe.jussieu.fr> <051853CE-03EC-4EEC-A5AC-C380131B28E4@gsoft.com.au> <alpine.BSF.2.00.1110050931310.18373@mail.fig.ol.no> <j6k00t$2tk$1@dough.gmane.org> <4e8f073c.3g2aD/Zz9KdsWOKN%perryh@pluto.rain.com> <CAFHbX1LN5zidePrusaSyD_nE79VwbjNpc4s7TwMszYKBK=n4NQ@mail.gmail.com> <CANkaO_ESdeoSiuwatqaPEY%2BDDN8eGGj_ymPsxOsu9AOtHX6ydQ@mail.gmail.com> <CAHHaOuYkhYp_x5ONbRcr_8Zb6ZcyPaZZvG02f6f1%2B8XyQYUe%2Bg@mail.gmail.com> <4E935105.1090602@FreeBSD.org> <4e942bc2.diL95Gr/XYELJ%2Bgj%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 11, 2011 at 1:42 PM, <perryh@pluto.rain.com> wrote: > Doug Barton <dougb@freebsd.org> wrote: > >> On 10/10/2011 11:55, David Brodbeck wrote: >> > Is there any reason to cache negative hits? >> >> It's very important for DNS since there are a fairly large number >> of misbehaving applications that don't stop querying until they >> get some kind of answer. > > Would this need be sufficiently covered if negative cache timeout > were set to, say, 1/4 of a second? =A0That should be short enough > to cover virtually any instance in which a missing entry is added > manually and the new entry then needs to be found. You can actually change negative caching timeout as well as turn it off completely. There's negative-time-to-live option in nscd.conf (see http://www.freebsd.org/cgi/man.cgi?query=3Dnscd.conf). Unfortunately it accepts only integer number of seconds, so 1/4 of a second is impossible. But you can turn negative caching off completely by setting negative-time-to-live to 0. > >> And speaking of DNS, while I think that improving nscd is a good >> goal I wonder how much use it will be in the world to come when >> DNSSEC becomes more important ... > > Is there something about DNSSEC that makes it fundamentally > incompatible with a local cache such as nscd, or is it simply > a matter of nscd needing a bit of work to support DNSSEC? > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= " > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANkaO_GMY4TiaJW3k0KxQ_x=JdsWLpyV1jXB_S4jjLhSt4Sw2g>