[dns-operations] NSCD for Linux/UNIX stub resolver failover?

Mark Andrews marka at isc.org
Wed Apr 23 22:44:01 UTC 2014


In message <20140423184434.GL16334 at angus.ind.WPI.EDU>, Chuck Anderson writes:
> On Wed, Apr 23, 2014 at 01:08:25PM -0500, Chuck Aurora wrote:
> > On 04/23/2014 11:10 AM, Chuck Anderson wrote:
> > > Has anyone had good experiences with using NSCD to solve the DNS
> > > failover problem?
> > 
> > I'm not a fan of nscd because as best as I can tell from its manual,
> > nscd does not understand DNS TTL values. On a system where most nsswitch
> > lookups are file-based, I don't see a lot of value in having those cached.
> 
> Apparently that problem was fixed a decade ago at least with GLIBC but
> no one got the message.  I finally found a good thread about fixing
> the stub resolver that addresses people's unwillingness to use NSCD:
> 
> https://sourceware.org/ml/libc-alpha/2012-12/msg00416.html
> 
> > DNS is an exception; caching is almost always a Good Idea. But why not
> > use real DNS software to do that? And I'm not entirely biased[1],
> > because I've also used dnsmasq in that role. (With dnsmasq's new DNSSEC
> > support it's increasingly a good choice for such tasks.)
> 
> I don't mind using a caching resolver BUT there should be a better
> stub resolver that can be widely deployed in a default configuration
> that doesn't require a local caching resolver to paper over its
> deficiencies.  Maybe NSCD (and some of the other ideas in the link I
> posted) are part of the solution.

Over two decades ago I extended the stub resolver to use 127.0.0.1
first.  It switched to other servers immediately if it got port
unreachable by using a connected sockets for both UDP and TCP when
talking to 127.0.0.1.  These days you would use 127.0.0.1 and/or
::1.

It also used connected sockets to talk to other servers which helped
when the service was down but the server was up.

I still effectively do the same thing today by forcing the dhcp
client to prepend 127.0.0.1 to the list of nameservers being used
and running my own validating caching server.

Mark

> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list