On Tue, Oct 11, 2011 at 1:42 PM, <[email protected]> wrote: > Doug Barton <[email protected]> wrote: > >> On 10/10/2011 11:55, David Brodbeck wrote: >> > Is there any reason to cache negative hits? >> >> It's very important for DNS since there are a fairly large number >> of misbehaving applications that don't stop querying until they >> get some kind of answer. > > Would this need be sufficiently covered if negative cache timeout > were set to, say, 1/4 of a second? That should be short enough > to cover virtually any instance in which a missing entry is added > manually and the new entry then needs to be found.
You can actually change negative caching timeout as well as turn it off completely. There's negative-time-to-live option in nscd.conf (see http://www.freebsd.org/cgi/man.cgi?query=nscd.conf). Unfortunately it accepts only integer number of seconds, so 1/4 of a second is impossible. But you can turn negative caching off completely by setting negative-time-to-live to 0. > >> And speaking of DNS, while I think that improving nscd is a good >> goal I wonder how much use it will be in the world to come when >> DNSSEC becomes more important ... > > Is there something about DNSSEC that makes it fundamentally > incompatible with a local cache such as nscd, or is it simply > a matter of nscd needing a bit of work to support DNSSEC? > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[email protected]" > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
