LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Using nscd to cache LDAP and DNS entries (https://www.linuxquestions.org/questions/linux-server-73/using-nscd-to-cache-ldap-and-dns-entries-732449/)

kenneho 06-12-2009 07:20 AM
Using nscd to cache LDAP and DNS entries
 
Hi all.


We're considering enabling nscd to cache LDAP and DNS entries. We have a very static network network-wise (no DHCP servers), so especially DNS entries remain very static.

Are there any pitfalls we should be aware of before enabling nscd on such a network?

Regards,
kenneho

acid_kewpie 06-13-2009 01:56 AM
Not really, ncsd runs by default on many systems. That said i did recently have an issue with it where we made some modifications to an LDAP account and the cache expiry for the passwd cache didn't seem to be kicking in reliably on some rhel5 boxes and on some I ended up stopping the service, deleting the db file and starting it again (I think i could of formally deleted it with the ncsd program itself but it did the job whatever...). That's the only time i've ever ever touched ncsd though, all the systems it's been running on i'd never had to learn a single thing about it.

kenneho 06-15-2009 07:34 AM
Cool. Thanks. We've been testing it for a while, and everthing seems fine. Just wanted some second opinion before using it on production systems.

kenneho 06-17-2009 02:22 AM
Just one last question: Is there any reason why starting the nscd could have a negative effect on production systems, such as hickups or anything? My boss is worried that this may happend, but I can't think of any reason why it should...

twantrd 06-17-2009 02:35 AM
I maintain roughly 100 servers at my workplace and they all run the nscd service. No problems so far...

-twantrd

kenneho 06-17-2009 03:08 AM
Quote:
Originally Posted by twantrd (Post 3576752)
I maintain roughly 100 servers at my workplace and they all run the nscd service. No problems so far...

-twantrd
And you've never experienced any hickups just as you started the nscd daemon?

acid_kewpie 06-17-2009 04:47 AM
as I said, we did have an issue with a couple of instances caching results too long. Or at least that's what it looked like from everything I knew about nscd at the time. It might have been perfectly logical, but I'm fairly sure it was misbehaving for a while, only a few hours.

kenneho 06-17-2009 05:47 AM
Quote:
Originally Posted by acid_kewpie (Post 3576889)
as I said, we did have an issue with a couple of instances caching results too long. Or at least that's what it looked like from everything I knew about nscd at the time. It might have been perfectly logical, but I'm fairly sure it was misbehaving for a while, only a few hours.
Ah, sorry, I were a little too fast there. Thanks for refreshing my memory. :)

If that error is the only (big) problem you've had with nscd I'm not very worried. Fortunately, in my organization, we don't use LDAP yet (are working on a LDAP solution using Red Hat Directory Server), and we don't use DHCP for our linux servers. So everything is very, very static, and caching results too long should not be an immediate threat to our production servers. :)


kenneho

acid_kewpie 06-30-2009 03:34 PM
fyi

http://www.linuxquestions.org/questi...server-731157/


All times are GMT -5. The time now is 08:15 AM.