Nscd

Home » CentOS » Nscd
CentOS 7 Comments

Has anyone had problems accessing random websites since going up to 6.4?

Since about the day after I got partly upgraded, if I try to access nytimes.com, or orbitz.com, I get server not found.

With a lot of work, I, my manager, and the other admin, found that setting options edns0 in /etc/resolv.conf fixed it – I suspect that the network folks updated their internal nameservers (which are M$) about that time… but… we got this Thurs. Friday, I went to look, lunchtime, at a story, and back to the same. Later, and I think I was playing around, it came back.

Just now, over lunch, it failed… until I restarted nscd. My manager tells me it’s caching… but it seems to be caching momentary failures.

So: has anyone else seen oddness that might be related to nscd?

mark

7 thoughts on - Nscd

  • m.roth@5-cent.us wrote:

    A quick followup of myself to provide more info: I see, in /etc/nscd.conf, that all the negative ttl’s appear to be 20 sec, but I’m resonably sure that once I lose it, it’s > 20 sec before go back to try again, and it’s still not gone.

    mark

  • Do you want the whole book? ‘nscd’ is a synonym for weird. I’ve had many strange DNS issues which have been solved by either bouncing nscd or purging its cache entries.

    However, you appear to be using nscd on your machine to cache DNS and using the internal MS DSN servers to do the actual lookups. Am I
    correct? In which case, the MS DNS server should be caching the DNS
    lookups anyway, so you probably don’t derive a lot of benefit from the nscd unless you do a lot of repeated DNS lookups.

    Cheers,

    Cliff

  • NSCD is also necessary if you’re running an LDAP or NIS environment, so don’t just turn it off if you’re using external authentication services. In a Winbind environment, NSCD is unnecessary however.

  • Not necessary in a NIS environment on a LAN ‘cos NIS is UDP based and very very fast to respond. LDAP, however, pretty much needs nscd (or sssd) in order to be halfway near performant.

  • That could be coincidence. As far as I know, Firefox will not use nscd for hostname lookups. I confirmed Firefox using strace, but not others.

    If edns0 changed your system’s behavior, I would suspect that someone recently turned on DNSSEC, and it’s not working correctly.

LEAVE A COMMENT