I am running nscd-2.12-2.i686 on F13.
my /etc/resolv.conf contains: nameserver 127.0.0.1 followed by other nameservers from my provider. I am using the default nscd.conf file
My email client is Thunderbird.
Every time i check for email, or send a message, thunderbird takes it many seconds to find the ip address of pop.gmail.com
Similarly, firefox takes it sometimes almost 60 seconds to resolve web site ip addresses.
Mu machine is not loaded at all. I have other machines (windows) on same subnet and are mostly quiet, but they do not have this problem.
What do I need to do as far as configuration to make nscd a better cacher?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/01/2010 09:22 AM, JD wrote:
What do I need to do as far as configuration to make nscd a better cacher?
This has nothing to do with nscd. You most likely have IPv6 interfaces configured and your ISP simply doesn't handle IPv6 name lookups (AAAA) and ignores them. This is causing timeouts which explain the long timeouts.
If you don't need IPv6 internally configure your system to not bring up IPv6 interfaces.
- -- ➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
On 07/01/2010 09:26 AM, Ulrich Drepper wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/01/2010 09:22 AM, JD wrote:
What do I need to do as far as configuration to make nscd a better cacher?
This has nothing to do with nscd. You most likely have IPv6 interfaces configured and your ISP simply doesn't handle IPv6 name lookups (AAAA) and ignores them. This is causing timeouts which explain the long timeouts.
If you don't need IPv6 internally configure your system to not bring up IPv6 interfaces.
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAkwswaUACgkQ2ijCOnn/RHRuRwCeJlPZW4tJlwMFYGGRtGD9dTC2 +VwAn3Xg/rDaOrBwU1luBFu7CxnzaGxP =Vlr2 -----END PGP SIGNATURE-----
How do I disable it?
On 07/01/2010 09:47 AM, JD wrote:
On 07/01/2010 09:26 AM, Ulrich Drepper wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/01/2010 09:22 AM, JD wrote:
What do I need to do as far as configuration to make nscd a better cacher?
This has nothing to do with nscd. You most likely have IPv6 interfaces configured and your ISP simply doesn't handle IPv6 name lookups (AAAA) and ignores them. This is causing timeouts which explain the long timeouts.
If you don't need IPv6 internally configure your system to not bring up IPv6 interfaces.
- -- ➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain
View, CA ❖ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAkwswaUACgkQ2ijCOnn/RHRuRwCeJlPZW4tJlwMFYGGRtGD9dTC2 +VwAn3Xg/rDaOrBwU1luBFu7CxnzaGxP =Vlr2 -----END PGP SIGNATURE-----
How do I disable it?
How do I even find out that ipv6 is enabled?
On 07/01/2010 09:56 AM, JD wrote:
On 07/01/2010 09:47 AM, JD wrote:
On 07/01/2010 09:26 AM, Ulrich Drepper wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/01/2010 09:22 AM, JD wrote:
What do I need to do as far as configuration to make nscd a better cacher?
This has nothing to do with nscd. You most likely have IPv6 interfaces configured and your ISP simply doesn't handle IPv6 name lookups (AAAA) and ignores them. This is causing timeouts which explain the long timeouts.
If you don't need IPv6 internally configure your system to not bring up IPv6 interfaces.
- -- ➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain
View, CA ❖ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAkwswaUACgkQ2ijCOnn/RHRuRwCeJlPZW4tJlwMFYGGRtGD9dTC2 +VwAn3Xg/rDaOrBwU1luBFu7CxnzaGxP =Vlr2 -----END PGP SIGNATURE-----
How do I disable it?
How do I even find out that ipv6 is enabled?
$ grep ip6 /etc/sysctl.conf net.bridge.bridge-nf-call-ip6tables = 0
I checked on all running services' .conf files and none of them enable nor require ipv6.
Unfortunately, enabling or disabling IPV6 doesn't seem to have much to do with the library doing V6 DNS lookups. I could swear there was something added to nsswitch.conf or resolv.conf that you could set to disable v6 dns requests, but I can't remember what it was called.
I run bind as a caching nameserver, forwarding lookups to my ISP's server and set the -4 option on the command line to make it stick to ipv4 and all my DNS lookup problems vanished.
On 07/01/2010 10:42 AM, Tom Horsley wrote:
Unfortunately, enabling or disabling IPV6 doesn't seem to have much to do with the library doing V6 DNS lookups. I could swear there was something added to nsswitch.conf or resolv.conf that you could set to disable v6 dns requests, but I can't remember what it was called.
I run bind as a caching nameserver, forwarding lookups to my ISP's server and set the -4 option on the command line to make it stick to ipv4 and all my DNS lookup problems vanished.
bind is too complex to run and maintain. Really, it is a huge overkill for what I need.
I hope nscd authors will fix it soon so it does not purge it's cache every few seconds. I check'ed it's config file and the restart-interval 3600 seems reasonable.
On 07/01/2010 11:20 AM, JD wrote:
On 07/01/2010 10:42 AM, Tom Horsley wrote:
Unfortunately, enabling or disabling IPV6 doesn't seem to have much to do with the library doing V6 DNS lookups. I could swear there was something added to nsswitch.conf or resolv.conf that you could set to disable v6 dns requests, but I can't remember what it was called.
I run bind as a caching nameserver, forwarding lookups to my ISP's server and set the -4 option on the command line to make it stick to ipv4 and all my DNS lookup problems vanished.
bind is too complex to run and maintain. Really, it is a huge overkill for what I need.
I hope nscd authors will fix it soon so it does not purge it's cache every few seconds. I check'ed it's config file and the restart-interval 3600 seems reasonable.
Please check the "positive-time-to-live" option in the "hosts" section of /etc/nscd.conf and make sure it's set to 3600.
"restart-interval" is only of use if you have "paranoia" set to "yes". It's set to "no" by default, so "restart-interval" isn't even used. "man nscd.conf" for further info. I think these are where your problems are. I use nscd assiduously and it doesn't behave like that for me.
If you really want to disable IPV6, edit /etc/modprobe.conf/blacklist.conf and add a line:
blacklist ipv6
Go through any /etc/sysconfig/network-scripts/ifcfg-* scripts and if you see any "IPV6INIT=" or "IPV6_AUTOCONF=" lines, make sure they're set to "no". Finally, edit /etc/sysconfig/network and if you see a "NETWORKING_IPV6=yes" line, either remove it or set it to "no". Reboot and ipv6 goes bye-bye.
Sidenote: Of course, 'twould be better if all ISPs did IPV6 correctly. We WILL need it eventually. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, C2 Hosting ricks@nerd.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - All generalizations are false. - ----------------------------------------------------------------------
On 07/01/2010 06:05 PM, Rick Stevens wrote:
On 07/01/2010 11:20 AM, JD wrote:
On 07/01/2010 10:42 AM, Tom Horsley wrote:Unfortunately, enabling or disabling IPV6 doesn't seem to have much to do with the library doing V6 DNS lookups. I could swear there was something added to nsswitch.conf or resolv.conf that you could set to disable v6 dns requests, but I can't remember what it was called.
I run bind as a caching nameserver, forwarding lookups to my ISP's server and set the -4 option on the command line to make it stick to ipv4 and all my DNS lookup problems vanished.
bind is too complex to run and maintain. Really, it is a huge overkill for what I need.
I hope nscd authors will fix it soon so it does not purge it's cache every few seconds. I check'ed it's config file and the restart-interval 3600 seems reasonable.
Please check the "positive-time-to-live" option in the "hosts" section of /etc/nscd.conf and make sure it's set to 3600.
I edited /etc/nscd.conf and set positive-time-to-live 3600
and I was no longer able to restart nscd service. I commented that line out, and I was able to restart it.
"restart-interval" is only of use if you have "paranoia" set to "yes". It's set to "no" by default, so "restart-interval" isn't even used. "man nscd.conf" for further info. I think these are where your problems are. I use nscd assiduously and it doesn't behave like that for me.
If you really want to disable IPV6, edit /etc/modprobe.conf/blacklist.conf and add a line:
blacklist ipv6
You mean /etc/modprobe.d/blacklist.conf OK. I did that. But that was not the issue that was causing me any problems with nscd.
Go through any /etc/sysconfig/network-scripts/ifcfg-* scripts and if you see any "IPV6INIT=" or "IPV6_AUTOCONF=" lines, make sure they're set to "no". Finally, edit /etc/sysconfig/network and if you see a "NETWORKING_IPV6=yes" line, either remove it or set it to "no". Reboot and ipv6 goes bye-bye.
My /etc/sysconfig/networking/devices/ifcfg-ra0 already has:
IPV6INIT=no
On Thu, 2010-07-01 at 11:20 -0700, JD wrote:
bind is too complex to run and maintain.
It might be difficult to set up (I don't think so, though), but requires no real maintenance. And changes to the root servers would be provided to you by yum updates. The rests looks after itself.
On Thu, 2010-07-01 at 09:22 -0700, JD wrote:
I am running nscd-2.12-2.i686 on F13.
my /etc/resolv.conf contains: nameserver 127.0.0.1 followed by other nameservers from my provider. I am using the default nscd.conf file
My email client is Thunderbird.
Every time i check for email, or send a message, thunderbird takes it many seconds to find the ip address of pop.gmail.com
Similarly, firefox takes it sometimes almost 60 seconds to resolve web site ip addresses.
Well, you want to get your local nameserver resolving internet IP addresses. Because, by the sound of things, it's not. Or get rid of it, and just use the ISP's nameservers. Or decrease the timeout period before the computer consults another name server.
Your computer tries the first name server (listed in resolv.conf) to resolve an address, and when it doesn't an answer, it tries the next one, after a time out period. For the next name look up, it repeats that process (from the first nameserver, again). If that time out period is long, you're always going to have long delays.
You can use the dig tool to test things out. See the man file for more details, but in a nutshell. Type the name you want to test after the command, followed by the nameserver you want to query, after an @ sign.
e.g. dig example.com @127.0.0.1
Quite how to get nscd working, in the first place, I really don't know. I've never bothered with half-baked name serving, I run BIND. Looking at the nscd and nscd.conf man files. But I don't think you put 127.0.0.1 in as a nameserver, I think you stick with your ISP's name servers in the resolv.conf file. And play with the nsswitch.conf file to change /how/ name solving lookups are done, rather than where. To put caching somewhere into the equation. Look at the "hosts" line in that conf file.
Mine has this in it:
#hosts: db files nisplus nis dns hosts: files dns
The uncommented line means that mine *first* looks in the /etc/hosts file, *then* does a DNS query. The commented line was the original.
My guess would be that you need something else before dns, to make use of nscd, first. Unless, nscd puts data into the hosts file.
In my case, I ignore the name servers provided by my ISP. Every ISP that I've used over the last 10 years (I think), has had problems. Some were just useless, including two of the biggest ISPs in the country. I run BIND, and it consults the top root servers like a real DNS server is supposed to do, when it doesn't already have an answer. And it caches the results, like it's supposed to (according to the TTL data in the original records). All the computers on my LAN use my nameserver.
-
JD -
Rick Stevens -
Tim -
Tom Horsley -
Ulrich Drepper