[SunRescue] Solaris 8 DNS?

Greg A. Woods rescue at sunhelp.org
Fri May 18 17:06:14 CDT 2001 

[ On Friday, May 18, 2001 at 11:09:28 (-0700), Devin L. Ganger wrote: ]
> Subject: Re: [SunRescue] Solaris 8 DNS?
>
> Well, man nscd.conf says differently; there's specifically tunable
> paramters for positive caching and negative caching.  Not that this
> would be the first time Solaris docs lied, but I'm pretty sure that I've
> seen other stuff that talks about it and have seen some problems that
> are best explained as nscd doing negative caching.

You are right!  Perhaps I've been over-zealous in my criticism of nscd.
It may be that what's really wrong with it, w.r.t. hostname caching and
DNS, is that it doesn't follow DNS semantics for caching of NXDOMAIN
responses.  Certainly without understanding DNS TTLs it cannot.

> Hmm.  That completely contradicts what's published about it -- that it
> was meant as an aide for NIS+.  At the time it was introduced, Sun was
> still trying to give NIS the old heave-ho and never took interaction
> with NIS into account except in the most superficial manner.
> 
> Which, again, sqaures with my own experiences with the beast. :)
> However, here I'm relying on published material (Sun Press's _Solaris
> Security_ for one) and don't have direct information from Sun.

Note that there are many components and improvements in Solaris that
were originally "commissioned" by large customers.  A Sun group here in
Toronto are/were responsible for actually filling many of these orders.

There's a half-decent description of "doors" (the IPC technique used by
nscd) in Stevens' "UNIX Network Programming", vol. 2, 2nd ed., p. 355 on.

As Stevens says, "doors" were originally part of Spring.

>From the rumours I heard "doors" were brought into Solaris to help make
nscd possible without resorting to horrid coding tricks and without
changing the APIs of all the programs that look up such names.

The trail of rumours I've heard directly regarding the inspiration of
nscd are much more faint, but it wasn't there until Solaris 2.5, IIRC,
and I know there were many complaints about performance prior to 2.5.
Obviously it doesn't really matter whether nscd was commissioned or just
came about as a hopeful answer to more general complaints.

Certainly nscd is an aid to NIS+ in some configurations.

(Doors are somewhat cool too, and they support file descriptor passing
in Solaris too, which is handy.)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>     <woods at robohack.ca>
Planix, Inc. <woods at planix.com>;   Secrets of the Weird <woods at weird.com>

More information about the rescue mailing list