-
-
Notifications
You must be signed in to change notification settings - Fork 13.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable nscd caching #50316
Disable nscd caching #50316
Changes from all commits
eb88005
e712417
99d3279
335b41b
de76c16
a74619c
ef6ed03
1d5f4cb
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,52 @@ | ||
# We basically use nscd as a proxy for forwarding nss requests to appropriate | ||
# nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory | ||
# containing all such modules | ||
# Note that we can not use `enable-cache no` As this will actually cause nscd | ||
# to just reject the nss requests it receives, which then causes glibc to | ||
# fallback to trying to handle the request by itself. Which won't work as glibc | ||
# is not aware of the path in which the nss modules live. As a workaround, we | ||
# have `enable-cache yes` with an explicit ttl of 0 | ||
server-user nscd | ||
threads 1 | ||
paranoia no | ||
debug-level 0 | ||
|
||
enable-cache passwd yes | ||
positive-time-to-live passwd 600 | ||
negative-time-to-live passwd 20 | ||
positive-time-to-live passwd 0 | ||
negative-time-to-live passwd 0 | ||
suggested-size passwd 211 | ||
check-files passwd yes | ||
persistent passwd no | ||
shared passwd yes | ||
|
||
enable-cache group yes | ||
positive-time-to-live group 3600 | ||
negative-time-to-live group 60 | ||
positive-time-to-live group 0 | ||
negative-time-to-live group 0 | ||
suggested-size group 211 | ||
check-files group yes | ||
persistent group no | ||
shared group yes | ||
|
||
enable-cache netgroup yes | ||
positive-time-to-live netgroup 0 | ||
negative-time-to-live netgroup 0 | ||
suggested-size netgroup 211 | ||
check-files netgroup yes | ||
persistent netgroup no | ||
shared netgroup yes | ||
|
||
enable-cache hosts yes | ||
positive-time-to-live hosts 600 | ||
negative-time-to-live hosts 5 | ||
negative-time-to-live hosts 0 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I wonder if we at least should backport this one, since it can be quiet annoying if websites do not load correctly after connecting to a hotspot. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, I’ve had this problem for more than a month now, so the release must have it as well. |
||
suggested-size hosts 211 | ||
check-files hosts yes | ||
persistent hosts no | ||
shared hosts yes | ||
|
||
enable-cache services yes | ||
positive-time-to-live services 0 | ||
negative-time-to-live services 0 | ||
suggested-size services 211 | ||
check-files services yes | ||
persistent services no | ||
shared services yes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we want to disable caches where we set a zero ttl for both positive and negative? Seems less confusing to me :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As eelco mentioned, this would have a serious performance penalty. so I don't want to change it until #51911 is implemented. I think this is a good compromise where people do not get failed lookups when switching networks, but do also have performance. Until we figure out the resolved business
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh I misread: See the original commit message why we can't do this:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added this as a comment to
nscd.conf
to clarify