Bug 181586 - [patch] nscd(8): nscd negative responses
Summary: [patch] nscd(8): nscd negative responses
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 9.1-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: Allan Jude
URL:
Keywords:
Depends on:
Blocks: 202135
  Show dependency treegraph
 
Reported: 2013-08-27 18:00 UTC by oleg
Modified: 2016-10-14 17:49 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description oleg 2013-08-27 18:00:00 UTC
nscd (8) daemon caches negative responses for infinite time.
Parameter 'negative-time-to-live' in /etc/nscd.conf doesn't correct this behavior.

Fix: Supplied below corrects nscd behaviour on 9.1-RELEASE-p4 and HEAD:



if (read_response->error_code == -2) {
-               read_response->error_code = 0;
-               read_response->data = NULL;
-               read_response->data_size = 0;
+               read_response->data = malloc(
+                   read_response->data_size);
+               assert(read_response != NULL);
+               read_response->error_code = cache_read(neg_c_entry,
+                   read_request->cache_key,
+                   read_request->cache_key_size,
+                   read_response->data,
+                   &read_response->data_size);
            }
        }
        configuration_unlock_entry(qstate->config_entry, CELT_NEGATIVE);--gWC5PrrXOzg1QvWcCoB7krostOmUDgByPCTXeREr3OSdbDs2
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

--- usr.sbin/nscd/query.c.orig  2013-08-22 11:59:03.921956888 +0400
+++ usr.sbin/nscd/query.c   2013-08-22 12:00:01.515957178 +0400
@@ -743,9 +743,14 @@
                &read_response->data_size);
How-To-Repeat: Try set 'negative-time-to-live hosts 1' in /etc/nscd.conf and 'hosts: files cache dns' in /etc/nsswitch.conf.
Restart nscd: '/etc/rc.d/nscd onerestart'.
Now we can see output of 'tcpdump udp and port 53' and repeat many times: 'ping -c1 some.nonexistent'.
Only first time there will be actual dns search (with expected negative response).
Comment 1 Mark Felder freebsd_committer 2015-09-18 16:37:48 UTC
Allan may also be interested in this
Comment 2 olevole 2016-06-22 15:22:43 UTC
In 2016, still interesting in this
Comment 3 Mark Felder freebsd_committer 2016-07-06 16:09:59 UTC
Allan, if you're wrapped up in other work and don't think this will be feasible could you document what you know about it on the Junior Jobs page? Maybe a community member can pick it up.

Thanks!
Comment 4 Allan Jude freebsd_committer 2016-07-06 20:17:10 UTC
I am happy to give this bug up if someone is interested