nscd: Either fix automatic hosts cache invalidation or add resolvconf update script to invalidate the hosts cache
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc (Debian) |
New
|
Unknown
|
|||
eglibc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
When nscd is running and the hosts cache is enabled and resolv.conf changes, the hosts cache needs to be invalidated, but this does not currently happen.
I discovered this while running nscd with the hosts cache enabled. I connected to a VPN whose internal nameservers resolve certain domain names differently from external nameservers: for a given name, external nameservers resolve the name to the IP address of the company's reverse proxy whereas the internal nameservers resolve the name to an internal IP address. After I connected to the VPN my resolv.conf file was correctly updated by resolvconf such that the VPN nameserver was listed first, but nscd continued to supply the old external IP address out of its cache. Analogous problem on disconnecting from the VPN. (When resolvconf is installed it updates the resolver configuration file resolv.conf. It actually writes to /run/resolvconf
I would have expected that nscd would invalidate its hosts cache automatically when resolv.conf changed. I initially thought that this was the point of the patch discussed here:
http://
which I believe has since been integrated into Ubuntu nscd. But experimentation proves that nscd does *not* invalid its hosts cache when resolv.conf changes... at least, not under the circumstances described above.
Now I understand that when resolv.conf changes, nscd does re-read the resolv.conf file and so does use the correct nameservers for new queries, but does not clear its cache.
If nscd is supposed to invalidate its hosts cache when resolv.conf changes then please fix the bug which causes this to fail to happen.
If it was not the intent to include that functionality in nscd, then please add a resolvconf update script that invalidates the hosts cache when resolv.conf is changed by resolvconf.
This can be implemented in two parts. First, add a new "invalidate-hosts" method to the initscript which invalidates the hosts cache, making use of nscd's "--invalidate" option. Then include a file named /etc/resolvconf
#!/bin/sh
[ -x /etc/init.d/nscd ] && /etc/init.d/nscd invalidate-hosts
The code in the initscript could look something like the following.
--- nscd_ORIG 2012-10-04 04:13:52.000000000 +0200
+++ nscd 2013-02-12 21:00:33.191132785 +0100
@@ -70,6 +70,11 @@
return 0
}
+invalidate_hosts()
+{
+ "$DAEMON" --invalidate hosts
+}
+
case "$1" in
start)
log_daemon_msg "Starting $DESC" "$NAME"
@@ -118,8 +123,16 @@
1) log_success_msg "running." ; exit 0 ;;
esac
;;
+invalidate-hosts)
+ log_daemon_msg "Invalidating hosts cache of $DESC"
+ status || invalidate_hosts
+ case "$?" in
+ 0) log_end_msg 0 ; exit 0 ;;
+ *) log_failure_msg " (failed)" ; exit 1 ;;
+ esac
+ ;;
*)
- echo "Usage: /etc/init.d/$NAME {start|
+ echo "Usage: /etc/init.d/$NAME {start|
exit 1
;;
esac
Should you implement this, please Suggest resolvconf (>= 1.70) and Conflict with resolvconf (<< 1.70), since those older versions of resolvconf restarted nscd if resolv.conf changed and nscd had its hosts cache enabled.
--
Thomas Hood
Changed in eglibc (Debian): | |
status: | Unknown → New |
The attachment "nscd initscript patch to add "invalidate-hosts" method" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]