"the system administrator will need to install and configure
sssd to replace it after the update. Even when this is not done, the
only visible affect will be slower resolution of named service queries
due to a missing cache."

I use nscd on a few application servers that point to unreliable DNS servers that we have no control over (thanks to our Microsofties) and find caching only the positive responses smooths things out very well.

From the day ncsd was created it has always been easy to set up and always had funny execution quirks. My nscd implementation occasionally bloats to 600Mb of memory usage just on host caching but fortunately nscd has an auto restart feature which I've set to run daily to cure this.

Definitely happy to throw nscd out for something better that was just as simple and easy to set up. Unfortunately sssd is quite sophisticated and therefore complex, and does caching secondary from its main purpose which seems overkill if that was the only reason for running it. I'll leave systemd-resolved for the trail blazers.

I'd still like to see nscd continue to be available but wholeheartedly agree it's showing its age.



On Thu, 5 Nov 2020 at 22:49, Florian Weimer <fweimer@redhat.com> wrote:
* Petr Menšík:

> nscd has no important active bugs in Fedora. I am not sure what bugs are
> mentioned, but just a few active bugs are on glibc component in Fedora.
> Therefore it seems just fine no commits are good.
>
> Just unlike systemd-resolved, which actively breaks some use cases. It
> changes resolution order of search directive in resolv.conf, breaks
> DNSSEC, breaks one label names resolution. It is famous among DNS
> community [1].
>
> There is no controversy with nscd, it just caches names and nothing
> more. I think this is its advantage. Unless there is any stronger
> reason, I am against this change in advance.
>
> If serious bugs are in NSCD, please fill bugs on the component.

nscd has more usage downstream, leading to bugs such as:

  <https://bugzilla.redhat.com/show_bug.cgi?id=1551616>

Most of them are private, but you should be able to view them.

> Instead, I request again, split systemd-resolved into subpackage. I want
> it removed on my system and so do more people. Also, when I disable it,
> I have to fix /etc/resolv.conf by hand. I would think NetworkManager
> restart would refresh classic /etc/resolv.conf, like in F32.

This proposal is about nscd, not systemd-resolved.

If Fedora chooses to adopt another local DNS cache, glibc will use that
(probably using the built-in nss_dns service module) systemd-resolved is
just what we have for now, so the proposal references it.  But any other
DNS cache will work as well.

The hosts cache in nscd is arguably the weakest part of it, so
deprecating really shouldn't be controversial at all.

Thanks,
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org