Hi,
Going through the docs I'm not entirely clear whether SSSD should be caching host lookups (if hosts has sss added in nsswitch.conf)
Should it cache like this (with negative cache timeouts etc via the directives in [nss]) or should nscd be used alongside if host caching is required?
Regards,
James
On Thu, Nov 29, 2012 at 03:30:48PM +0000, James Hogarth wrote:
Hi,
Going through the docs I'm not entirely clear whether SSSD should be caching host lookups (if hosts has sss added in nsswitch.conf)
Should it cache like this (with negative cache timeouts etc via the directives in [nss]) or should nscd be used alongside if host caching is required?
Regards,
James
No, hosts are not supported.
Currently the SSSD supports (and caches) these maps: * passwd (aka users) * groups * netgroups * services
If you need other maps to be cached, then the recommended setup is to use nscd for those maps only. It is not recommended to use both sssd and nscd for the same map.
On Thu 29 Nov 2012 04:35:26 PM EST, James Hogarth wrote:
No, hosts are not supported.
Currently the SSSD supports (and caches) these maps: * passwd (aka users) * groups * netgroups * services
Confirms what I thought thanks Jacob
Hosts are also not on the plan, primarily because there already exist better caching mechanisms such as dnsmasq. Secondarily, the long-term plan over the next few years is to convert hosts lookups to using unbound or other similar projects to enable dnssec, which necessitates a caching application on the client machine anyway. So SSSD would become superfluous in that situation in any case.
Hosts are also not on the plan, primarily because there already exist better caching mechanisms such as dnsmasq. Secondarily, the long-term plan over the next few years is to convert hosts lookups to using unbound or other similar projects to enable dnssec, which necessitates a caching application on the client machine anyway. So SSSD would become superfluous in that situation in any case.
Cheers for the info Stephen - nscd it is for now then (hadoop bug causing very high levels of negative lookups impacting my DNS infrastructure essentially)
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
James Hogarth -
Stephen Gallagher