Skip to main content

Red Hat name caching

Got a question about Linux name caching today. Some servers are requesting the same hostname to the DNS server every 2 seconds...
Looked into it and the name caching daemon is not running. Got all the answers I needed here: alt.os.linux.redhat: Re: DNS cache on a RH9 system?. Also found a separate package called dnscache. And a HOWTO for bind to create a local DNS cache on your workstation or server. Simply starting nscd and editing nscd.conf seems sufficient for me now.

BTW, here is my updated /etc/nscd.conf. If anyone has more pointers, please comment.

logfile        /var/log/nscd.log
# use 1-10 for more verbose debugging into log
debug-level    0
# 3 minimum, 5 default
filethreads    5
# 32 is default
max-threads    32
# restart intervals may fail if non-root
server-user    nscd
# user granted to check nscd stats using 'nscd -g'
stat-user      nagios
# 5 is default
reload-count   5 
# restart periodically
paranoia       yes
# restart every 4 hrs, default is 1 hour
#restart-interval  14400 

enable-cache   passwd   no
enable-cache   group    no

enable-cache   hosts    yes
# default in sec; prune hits after this long
positive-time-to-live   hosts 3600 
# default in sec; prune misses after this long
negative-time-to-live   hosts 20 
# entries in hash table, default 211, must be prime!
suggested-size hosts    211  
check-files    hosts    yes
persistent     hosts    yes
shared         hosts    yes
# 16 MiB in bytes
#max-db-size    hosts    16777216

Update: one more important thing, the suggested-size is the size of the hash table. Hashing works well if your table is sparsely populated. I.e. your table should be larger than the actual number of entries it will have. So if you're caching 20 web server on the intranet, the default is fine. If you are caching 3000 IMAP userids and password (see this example), it needs to be a large prime number about 5-10 larger than the 3000 userids.
Labels:

Comments

Post a Comment

Popular posts from this blog

Tuning the nscd name cache daemon

I've been playing a bit with the nscd now and want to share some tips related to tuning the nscd.conf file. To see how the DNS cache is doing, use nscd -g. nscd configuration: 0 server debug level 26m 57s server runtime 5 current number of threads 32 maximum number of threads 0 number of times clients had to wait yes paranoia mode enabled 3600 restart internal passwd cache: no cache is enabled [other zero output removed] group cache: no cache is enabled [other zero output removed] hosts cache: yes cache is enabled yes cache is persistent yes cache is shared 211 suggested size <==== 216064 total data pool size 1144 used data pool size 3600 seconds time to live for positive entries <==== 20 seconds time to live for negative entries
2 comments
Read more

Preventing PuTTY timeouts

Just found a great tip to prevent timeouts of PuTTY sessions. I'm fine with timeouts by the host, but in our case the firewall kills sessions after 30 minutes of inactivity... When using PuTTY to ssh to your Linux/Unix servers, be sure to use the feature to send NULL packets to prevent a timeout. I've set it to once every 900 seconds, i.e. 15 minutes... See screenshot on the right.
1 comment
Read more

Setting up SR-IOV in RHEL6 on PowerEdge servers

Dell Community : "RHEL 6 provides SR-IOV functionality on supported hardware which provides near native performance for virtualized guests. Single-Root I/O Virtualization (SR-IOV) specification, introduced by PCI-SIG details how a single PCIe device can be shared between various virtualization guests. Devices capable of SR-IOV functionality support multiple virtual functions on top of the physical function. Virtual Function is enabled in hardware as a light weight PCIe function. Operating System cannot discover this function as it does not respond to the PCI bus scan and requires support in the host’s driver. As in PCIe pass-through, a Virtual function of a SR-IOV capable card can be directly assigned to the guest operating system. A virtual function driver running in the guest manages this device."
3 comments
Read more