[SunRescue] Solaris 8 DNS?

[Devin L. Ganger]

On Fri, May 18, 2001 at 03:00:52AM -0400, Greg A. Woods wrote:

> [ On Thursday, May 17, 2001 at 22:57:14 (-0700), Devin L. Ganger wrote: ]
 
> > I do a hosts lookup for a host that hasn't been added to the naming service
> > yet.  nscd will cache that negative result (NXDOMAIN is it's DNS, etc.) for
> > some indeterminate period of time, even though the record could be added
> > just a few seconds later and subsequent lookups should succeed.
 
> You've got the basic idea right, but I think you should have said
> "named", not "nscd".

No.  One of nscd's problems is that it does do negative caching, but
since its general caching algorithms are so poor, it fails just as
miserably at that as it does at anything else.
 
> Obviously if the information you've cached (be it a valid record or just
> a negative response) might change at some time in the future then you
> don't want to keep that information infinitely and so you have to have a
> "time to live" on the cached information.  From what I understand nscd
> also just has a fixed-length TTL for everything it caches, thus it
> violates the DNS semantics for TTL.

Exactly.  It doesn't do so hot, as well, for NIS or NIS+.

When Sun's own performance and security experts tell you to shut it off,
it makes you wonder.
 
-- 
Devin L. Ganger <devin at thecabal.org>
find / -name *base* -exec chown us:us {} \;
su -c someone 'export UP_US=thebomb'
for f in great justice ; do sed -e 's/zig//g' < $f ; done