Re: [gentoo-user] nscd; what am I doing wrong?
On Fri, Dec 23, 2005 at 10:26:30AM -0700, Richard Fish wrote > If I had to make a guess, I would say that your ISP has got some > kind of proxy service setup that lies to you about the address of > www.google.com, so that you actually connect through one of their > servers. > > If that is the case, then it is also possible that they set the > expire time on the DNS responses to expire immediately to prevent > any local caching of the addresses. Probably some load-balancing "magic" by Google... Searching for 72.14.203.104 in whois.arin.net OrgName:Google Inc. OrgID: GOGL Address:1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country:US NetRange: 72.14.192.0 - 72.14.239.255 CIDR: 72.14.192.0/19, 72.14.224.0/20 NetName:GOOGLE NetHandle: NET-72-14-192-0-1 Parent: NET-72-0-0-0-0 NetType:Direct Allocation NameServer: NS1.GOOGLE.COM NameServer: NS2.GOOGLE.COM Comment: RegDate:2004-11-10 Updated:2005-07-01 > You might test with a less popular address, something that is unlikely > to be cached/proxied by your ISP. > > Anyway nscd appears to be setup and working correctly. Ping connected > to the nscd socket, and did not send any DNS queries directly. So > your end looks like it is setup and working correctly. More proof that it "works"... I tried connecting to a Yahoo forum, and got a negative response for messages.yahoo.com on the first try. The "negative cache" feature certainly "worked". Several retries failed as well. I set "negative-time-to-live hosts 2" and re-started nscd, and the forum now works. I'm obviously able to specify a shorter negative cache time. Is there any way for nscd to over-ride the maximum TTL from the DNS server for a positive hit? On a more positive note, ZDNet forums seem much snappier now. They've been slow in the past, 3 megabits ADSL notwithstanding. -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] nscd; what am I doing wrong?
> There is something strange here > > When I lookup "www.google.com", I get: > > carcharias ~ # host www.google.com > www.google.com has address 66.102.7.104 > carcharias ~ # host 66.102.7.104 > 104.7.102.66.in-addr.arpa domain name pointer www.google.com. > > However for www.google.com, you get 72.14.203.104. But that address > doesn't resolve to a host name when I do a reverse lookup. > > carcharias ~ # host 72.14.203.104 > 104.203.14.72.in-addr.arpa has no PTR record > > If I had to make a guess, I would say that your ISP has got some kind > of proxy service setup that lies to you about the address of > www.google.com, so that you actually connect through one of their > servers. > google.com isn't a good test case. They use some Really advanced load balancing/routing/ localization algorithism for their network. Best to use a smaller, single-homed Name for a test. -Lares -- Lares Moreau <[EMAIL PROTECTED]> | LRU: 400755 http://counter.li.org lares/irc.freenode.net | Gentoo x86 Arch Tester | ::0 Alberta, Canada Public Key: 0D46BB6E @ subkeys.pgp.net | Encrypted Mail Preferred Key fingerprint = 0CA3 E40D F897 7709 3628 C5D4 7D94 483E 0D46 BB6E signature.asc Description: This is a digitally signed message part
Re: [gentoo-user] nscd; what am I doing wrong?
On 12/22/05, Walter Dnes <[EMAIL PROTECTED]> wrote: > On Wed, Dec 21, 2005 at 09:07:12PM -0700, Richard Fish wrote > > > Everything looks ok. Could you try: > > > > strace -f -o /tmp/strace.out ping -c 4 www.google.com > > I uncommented most of nscd.conf and rebooted, but still no luck. I > don't know the attachment policy here, so I'm putting the stack trace > (all 12 kbytes) on my webpage. Execute... > > wget www.waltdnes.org/strace.txt > > ...to have a look. It appears to be opening files all over the place. There is something strange here When I lookup "www.google.com", I get: carcharias ~ # host www.google.com www.google.com has address 66.102.7.104 carcharias ~ # host 66.102.7.104 104.7.102.66.in-addr.arpa domain name pointer www.google.com. However for www.google.com, you get 72.14.203.104. But that address doesn't resolve to a host name when I do a reverse lookup. carcharias ~ # host 72.14.203.104 104.203.14.72.in-addr.arpa has no PTR record If I had to make a guess, I would say that your ISP has got some kind of proxy service setup that lies to you about the address of www.google.com, so that you actually connect through one of their servers. If that is the case, then it is also possible that they set the expire time on the DNS responses to expire immediately to prevent any local caching of the addresses. You might test with a less popular address, something that is unlikely to be cached/proxied by your ISP. Anyway nscd appears to be setup and working correctly. Ping connected to the nscd socket, and did not send any DNS queries directly. So your end looks like it is setup and working correctly. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] nscd; what am I doing wrong?
On Thu, Dec 22, 2005 at 08:18:08PM +0100, Benno Schulenberg wrote > Richard Fish wrote: > > What version and use flags do you have for net- > > [ebuild R ] net-misc/iputils-021109-r3 -doc -ipv6 -static 0 kB Me too. Exact same version and flags. -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] nscd; what am I doing wrong?
On Wed, Dec 21, 2005 at 09:07:12PM -0700, Richard Fish wrote > Everything looks ok. Could you try: > > strace -f -o /tmp/strace.out ping -c 4 www.google.com I uncommented most of nscd.conf and rebooted, but still no luck. I don't know the attachment policy here, so I'm putting the stack trace (all 12 kbytes) on my webpage. Execute... wget www.waltdnes.org/strace.txt ...to have a look. It appears to be opening files all over the place. -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] nscd; what am I doing wrong?
Richard Fish wrote: > On 12/22/05, Benno Schulenberg <[EMAIL PROTECTED]> wrote: > > apparently ping somehow bypasses the > > cache, because when doing several wgets on a single domain, > > only the first time a DNS query is sent out. > > Interesting. It doesn't happen on my system. Even stranger, a 'ping -c 1 www.planet.nl' (my ISP) will sometimes even do two DNS queries about 2 hundreths of a second apart. > What version and use flags do you have for net- [ebuild R ] net-misc/iputils-021109-r3 -doc -ipv6 -static 0 kB Benno -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] nscd; what am I doing wrong?
On 12/22/05, Benno Schulenberg <[EMAIL PROTECTED]> wrote: > Walter Dnes wrote: > > But "ping -c 4 google.com" sends traffic to > > 192.168.123.254 port 53 each time, even if only 30 seconds apart. > > This was confirmed by running "tcpdump -n dst port 53" in > > another console and watching the output. > > Same thing here. But apparently ping somehow bypasses the cache, > because when doing several wgets on a single domain, only the first > time a DNS query is sent out. Interesting. It doesn't happen on my system. What version and use flags do you have for net-misc/iputils? (emerge -pv iputils) -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] nscd; what am I doing wrong?
Walter Dnes wrote: > But "ping -c 4 google.com" sends traffic to > 192.168.123.254 port 53 each time, even if only 30 seconds apart. > This was confirmed by running "tcpdump -n dst port 53" in > another console and watching the output. Same thing here. But apparently ping somehow bypasses the cache, because when doing several wgets on a single domain, only the first time a DNS query is sent out. Benno -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] nscd; what am I doing wrong?
On 12/21/05, Walter Dnes <[EMAIL PROTECTED]> wrote:
> On Fri, Dec 09, 2005 at 05:08:55PM -0700, Richard Fish wrote
>
> > nscd does this, and is much simpler. It is already installed as part
> > of glibc. Just do rc-update -a nscd default.
>
> My system is connecting to the net, but nscd doesn't seem to be
> caching DNS requests.
>
> Yes, I did "rc-update add nscd default" and "/etc/init.d/nscd start".
> But "ping -c 4 google.com" sends traffic to 192.168.123.254 port 53
> each time, even if only 30 seconds apart. This was confirmed by running
> "tcpdump -n dst port 53" in another console and watching the output.
Everything looks ok. Could you try:
strace -f -o /tmp/strace.out ping -c 4 www.google.com
Then take a look at /tmp/strace.out. You find some output that looks
something like this:
socket(PF_FILE, SOCK_STREAM, 0) = 4
fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
poll([{fd=4, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
writev(4, [{"\2\0\0\0\r\0\0\0\6\0\0\0", 12}, {"hosts\0", 6}], 2) = 18
poll([{fd=4, events=POLLIN|POLLERR|POLLHUP,
revents=POLLIN|POLLHUP}], 1, 5000) = 1
recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"\324_\1A(?", 6}],
msg_controllen=0, msg_flags=0}, 0) = 0
close(4) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 4
fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
poll([{fd=4, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
writev(4, [{"\2\0\0\0\4\0\0\0\17\0\0\0", 12}, {"www.google.com\0",
15}], 2) = 27
poll([{fd=4, events=POLLIN|POLLERR|POLLHUP,
revents=POLLIN|POLLHUP}], 1, 5000) = 1
read(4, "\2\0\0\0\1\0\0\0\17\0\0\0\0\0\0\0\2\0\0\0\4\0\0\0\1\0\0"...,
32) = 32
readv(4, [{"www.google.com\0", 15}, {"Bf\7c", 4}], 2) = 19
read(4, NULL, 0) = 0
close(4) = 0
-Richard
--
gentoo-user@gentoo.org mailing list
[gentoo-user] nscd; what am I doing wrong?
On Fri, Dec 09, 2005 at 05:08:55PM -0700, Richard Fish wrote > nscd does this, and is much simpler. It is already installed as part > of glibc. Just do rc-update -a nscd default. My system is connecting to the net, but nscd doesn't seem to be caching DNS requests. Yes, I did "rc-update add nscd default" and "/etc/init.d/nscd start". But "ping -c 4 google.com" sends traffic to 192.168.123.254 port 53 each time, even if only 30 seconds apart. This was confirmed by running "tcpdump -n dst port 53" in another console and watching the output. /etc/resolv.conf has only one line, which points at my combo ADSL router/modem that gets its DNS IP addresses from the PPPOE negotiation. nameserver 192.168.123.254 The un-commented portion of /etc/nscd.conf is like so enable-cachehosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes ...and /etc/nsswitch.conf says... # /etc/nsswitch.conf: # $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nsswitch.conf,v 1.1 2005/05/17 00:52:41 vapier Exp $ passwd: compat shadow: compat group: compat # passwd:db files nis # shadow:db files nis # group: db files nis hosts: files dns networks:files dns services:db files protocols: db files rpc: db files ethers: db files netmasks:files netgroup:files bootparams: files automount: files aliases: files -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
