-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Nigel Wade wrote:
| Given that nscd is the "problem", you can alter the time for which nscd | caches failed DNS lookups. In /etc/nscd.conf change the timeout value in | | negative-time-to-live hosts 300 | | to a smaller value than 300 seconds.
As I understand it the behaviour of ncsd is just a symptom of the "real" problem which is wrongful intermittent failed lookups, presumably due to a timed-out lookup. One might imagine it would be better to treat that disease than just try to minimize the pain by reducing the negative time to live?
DNS timeouts are a fact of life, they are not "wrongful", you have to live with them. If your DNS server doesn't have an entry for the hostname you request (all entries have a fixed TTL), then it has to request it from its upstream server. This goes all the way up to a top level domain, and then back down to the authoritative server for the domain in question. If this takes longer than 30s (the ususal timeout for DNS lookup) then you get a failed lookup returned by your DNS server. You can't treat it, it isn't a "disease", it's part of the way DNS works.
The root of this particular problem is that nscd caches this failed lookup for you, DNS does not.
-- Nigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : nmw@xxxxxxxxxxxx Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555