[dns-operations] NSCD for Linux/UNIX stub resolver failover?

Chuck Anderson cra at WPI.EDU
Wed Apr 23 18:44:35 UTC 2014


On Wed, Apr 23, 2014 at 01:08:25PM -0500, Chuck Aurora wrote:
> On 04/23/2014 11:10 AM, Chuck Anderson wrote:
> > Has anyone had good experiences with using NSCD to solve the DNS
> > failover problem?
> 
> I'm not a fan of nscd because as best as I can tell from its manual,
> nscd does not understand DNS TTL values. On a system where most nsswitch
> lookups are file-based, I don't see a lot of value in having those cached.

Apparently that problem was fixed a decade ago at least with GLIBC but
no one got the message.  I finally found a good thread about fixing
the stub resolver that addresses people's unwillingness to use NSCD:

https://sourceware.org/ml/libc-alpha/2012-12/msg00416.html

> DNS is an exception; caching is almost always a Good Idea. But why not
> use real DNS software to do that? And I'm not entirely biased[1],
> because I've also used dnsmasq in that role. (With dnsmasq's new DNSSEC
> support it's increasingly a good choice for such tasks.)

I don't mind using a caching resolver BUT there should be a better
stub resolver that can be widely deployed in a default configuration
that doesn't require a local caching resolver to paper over its
deficiencies.  Maybe NSCD (and some of the other ideas in the link I
posted) are part of the solution.



More information about the dns-operations mailing list