From patchwork Tue Jul 27 22:09:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg Banks X-Patchwork-Id: 44493 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 974A0398405F for ; Tue, 27 Jul 2021 22:09:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 974A0398405F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1627423777; bh=xIBOj/FTzuClzGwUJD6TUM2804RZQH0myMnK0IYkUwg=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=ld1GxQF3J63KWSE3VSL15r+BD9ZL76ByfivZV5n/I4Lm8T9FjEGvL6Mb4fJ4AnmYG Rngqa4+9BM0C23W1SAa+YKJQO8m27KfQDPIXsXx1FG9Z8o6vcsvO3HPCdsno7TOn1t S1DC/vN/fu/n0wmB2cqPvilO+RS+zknUG4Ed5tBk= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail323.linkedin.com (mail323.linkedin.com [108.174.3.123]) by sourceware.org (Postfix) with ESMTPS id C580B3984062 for ; Tue, 27 Jul 2021 22:09:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C580B3984062 Received: from [104.47.70.101] ([104.47.70.101:17338] helo=NAM10-BN7-obe.outbound.protection.outlook.com) by mail323.prod.linkedin.com (envelope-from ) (ecelerity 3.6.21.53563 r(Core:3.6.21.0)) with ESMTPS (cipher=ECDHE-RSA-AES256-GCM-SHA384 subject="/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=mail.protection.outlook.com") id 05/12-28282-60480016; Tue, 27 Jul 2021 22:09:10 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hbYHPA4K4e0/j+Dt3jKPO6SVA8mS3nHp1JXkTSJVYHkTVfeDczciigRDWfPxGrLvHFuQ9B1l6TQAy64J0w33FfHSS29xE0w3VukZBtB92scwIgFioqfhEUQU4Lsk6ZjkE7N+OulevbuotPrpcOafsU+FpMBJO+Lam6rOh2pjNdRlpK7xRxpJy4tQfWD6KKMjPQRlWoLNAQVHJ3XHC5nssGbrf344K95nuvYQzujP5gs2baomZaRJzesehSPNhNTNqpGk0iphrsSrcdNNcH7WTrgj0YwqZvKdNWLDAm2c/2Ev8c8aupLJAYSEwkZlutDH4bAsWQt2YGZHG3LK/u/9PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xIBOj/FTzuClzGwUJD6TUM2804RZQH0myMnK0IYkUwg=; b=UUO4eMLqIZadxMeJz7EeeY0DiYTnH/v6VdDBwBdhUzcJy8Y9NtC2fVUq+2uF/XKWTJ+PjFz17mryk+hXEOLVgewCcSuorxc2JhezvSVpiykANwtYEwTRQSSOhV39P1CYnKOR87IXqnTK4kxAx9rK9NGD5gi4E2kGB70HbzzeQPJBfIr1iBvbaaF968x1u92tKoGwBN6V3rPoAEuluglttH0fnbIkrkr2oTmV5Nmcf9THV+xNnW2swFQFdNjW0S7Op8wcM80BbwJ39AnvtD+6IECXVJA2IjphTOkt4ujx2/Ebe+axj9VNOQzixA5N8sITZlRlzc/Su/DcwuJlngFw3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=linkedin.com; dmarc=pass action=none header.from=linkedin.com; dkim=pass header.d=linkedin.com; arc=none Received: from BL0PR2101MB1316.namprd21.prod.outlook.com (2603:10b6:208:92::10) by BL0PR2101MB0931.namprd21.prod.outlook.com (2603:10b6:207:30::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.3; Tue, 27 Jul 2021 22:09:08 +0000 Received: from BL0PR2101MB1316.namprd21.prod.outlook.com ([fe80::875:1645:a1cd:b7c9]) by BL0PR2101MB1316.namprd21.prod.outlook.com ([fe80::875:1645:a1cd:b7c9%6]) with mapi id 15.20.4394.003; Tue, 27 Jul 2021 22:09:08 +0000 To: "linux-man@vger.kernel.org" Subject: [patch] nscd.conf.5: describe reloading, clarifications Thread-Topic: [patch] nscd.conf.5: describe reloading, clarifications Thread-Index: AQHXgzNMNDxxY2L3rkuaiwi771D2MA== Date: Tue, 27 Jul 2021 22:09:08 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-07-27T22:09:07.662Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8574335b-51ee-4dfa-d77a-08d9514b27f5 x-ms-traffictypediagnostic: BL0PR2101MB0931: x-microsoft-antispam-prvs: x-o365ent-eop-header: Message Processed By - CBR_LInkedIn_Mail_To_External x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: e0UIxZGiReE2t3ftCyxwzCzXx9LsfH4qIVmzCaqpZxvekPRPGnwPBFBfa0k4sqiQmeKWf3+aAbVyUoFUm17e8zTU/N3PZLqgGSaCrJTTinYKsuHaOzEkIM6KjcxVcPfZhagkBKYcIz12A65qHXPITFN0l127wY1euRrRsdOdtDws4S76sfJsYOC0XZ/OyCNxUycZPRuN3Ud+TkV9Gf59FbnSbNATLVcgzVtbfOwureXGTR44aNcbXPZPzTKHsSxLo7RqAGlVQ33onQu7LUoZo82Jbw8NFw/FNuK1NCnEdfKbx3EJKrDF55/0quJhjd6CvjemP0tq+9HDt3ClZkt/6dXykh+5dAI+MDtC20guF5vMVqu5K6V4G86amoNvmOQsFcU/DUdQg8ohvGoL9jXPLYWUi/YFHn9Ngze2jX0XOt5DQRgigudxJpo8H462PQbSwQiqJOo/5BUTacAhiS/cECNwf7u9SFlrj5IvMkvVZLLnD9zp5OCYJsP8A8UovEct1hB2KUMWfrM/fASVaIxXFpTneuKSQ5PF8UV6vkwufTCsSpPy/5aOj9tEnLFqfOrMsxcv/LFvGrFAjqa7iZO5gpxBma8DJzgtbav45BXqKHqYeQgQykMrMG01gjxlJOfJtTmqaiG6Ki6AQdBy1p8i9yR3y5Lhqq04smBYdJfbR0ipHgykKUWfxwMQJ47kkVcrXCtMlw0t79JL2StiFyC9V4/0GJUcWCa+U1G+fpjbiUlkR8F912L+bJ9zt/gZOnAE x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR2101MB1316.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6506007)(5660300002)(8990500004)(52536014)(186003)(26005)(7696005)(33656002)(6916009)(508600001)(82950400001)(8676002)(38100700002)(316002)(8936002)(122000001)(2906002)(71200400001)(4326008)(83380400001)(82960400001)(64756008)(66446008)(66556008)(66476007)(55016002)(66946007)(86362001)(76116006)(9686003)(54906003)(38070700005)(2004002)(134885004); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?RZpgRPS2VLG4qq1ynqaP4Iu?= =?iso-8859-1?q?5VrxZ4/+EGIPxDIv4rOBIFjfPV0KAI+CJgHZjMJZgDkUOAUx9nURJ27X+cXf?= =?iso-8859-1?q?JkOsy/uZK3ahNCAuSTaKBU5ZX0nU8IQqpDsbx9pqyuf4uzXHQ1ZQqmG9RjnM?= =?iso-8859-1?q?TX2sCKVkxKnS+hHgGfC0iVWg8V774TfjTwfRpAAhJmyYSfDLaDL12sxckxKz?= =?iso-8859-1?q?WQT+aUqzgd0+plI7UcXm+DzB0xLkSvLNh23KXLN6TeB4VqkUrQn+tK8xcK0t?= =?iso-8859-1?q?h5rB4T6AD7iGgXCJu3KVl3QYqv2FEzt6yiS1EJTsL5ii6QUXvdZUrQdRJWp0?= =?iso-8859-1?q?7SlgofUudlp+IwbmKGZ9QhxEJy8eA28HSR/fEYLaRs83Wam9Es0Ow/1uZSAc?= =?iso-8859-1?q?k1iLk8qX3PeOnglM9mYpTnI1tmns6zz3xg2MbVPvQnhGTb5bHAV47e3RM8Ta?= =?iso-8859-1?q?PHmHx4gDky1UjE2Bd2ukSi2nCvsBxSX1Yo0wnZz+H9ZIyhtiPRYMCxFahGaD?= =?iso-8859-1?q?A3wO+XD8wg9ocPIEmY8WjWPcgRPpZsGxsEGpgLveDvXbensp3Uq3QkTFFmI8?= =?iso-8859-1?q?ayrVRMdHSRxFcuyLlm943gASGOb0+5nA10c53Lx+8texc22aWbi/dHqfc8JP?= =?iso-8859-1?q?W+srxw6HmuCqj+I0Gfh0Zpmw5/iZZbvMaxtxIg/TC0ZBZHDH9NgPXlO+3TD+?= =?iso-8859-1?q?P/xlaH0xoCyYJGPEZbnOCr+/hLfIx+erhWPYPKSpAkdZz4mU/+koBjouGcme?= =?iso-8859-1?q?rtavaWKoCBQJMuQLK0ounezujUt+KL9Q6mdBlRQiGNqQ1gl8KPfuhbH6INoS?= =?iso-8859-1?q?boo+3GOdb7KNQ741NNOmiX3DJR7NmWiPK6ugpFhCju+vBDelSiYhG/X44HXs?= =?iso-8859-1?q?OW78IY+qSwgzgD6OJkBy0aqxGkZHwuV21uElnNgqxslciFteOHAubjGSCeVQ?= =?iso-8859-1?q?SvnAtOw/dAmGZKeXgmfpgO4OKzIGfrE8zQqD+Waxu9Tn0A30W7AH9BWsNbWu?= =?iso-8859-1?q?RqPaeP1wnjHABq3xs4h3VETyo6r1U0yiBYJfQhrdWJUZ0YAnk0QW0VhqyAJc?= =?iso-8859-1?q?I6cYIm16+fGnLalqeOSDxTdf0G4H7OW1JJdxVH8oivQykMoZoir0S4egH+TM?= =?iso-8859-1?q?bLpOkBLaqC5hWMNocLxRYby+1URmt/JksyCF2BHs4uLzUH6AUK5JRux/jxHi?= =?iso-8859-1?q?x02GqigvHvR/DETEK/uLnGjeA0A3UhfjklNv7kU35ry5/skfsUDsazGcjjXx?= =?iso-8859-1?q?0phF14nSOhiF96cNgjEW168VQQR3N+O6V8Qku6D4Gm/O2OsYsYMK2FShJ6vQ?= =?iso-8859-1?q?YIOZryfYWJSrNJocAQ8Ag1muCUC1wCrdgt8t0MAE=3D?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: linkedin.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL0PR2101MB1316.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8574335b-51ee-4dfa-d77a-08d9514b27f5 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2021 22:09:08.2803 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: jBOsajfPrDe6jPYX2Y2Jpv3E7NVQ3wwZ2pI03eXNNEzyd6jJsz8o6BpvVQEV1tk0zdyekCLoOLN9vK8uUe0wwQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB0931 X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, LINKEDIN_RECEIVED, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Greg Banks via Libc-alpha From: Greg Banks Reply-To: Greg Banks Cc: Alejandro Colomar , Petr Baudis , "libc-alpha@sourceware.org" , Michael Kerrisk Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" - Added a subsection of NOTES describing nscd's reloading behavior   and providing advice on how to configure it. - Clarifications for the threads, reload-count, positive-time-to-live,   check-files, and shared attributes. Derived by reading the nscd, libresolv and glibc source and some painful experience. diff --git a/man5/nscd.conf.5 b/man5/nscd.conf.5 index 7356bf7c2..52f7051d5 100644 --- a/man5/nscd.conf.5 +++ b/man5/nscd.conf.5 @@ -1,5 +1,6 @@ .\" Copyright (c) 1999, 2000 SuSE GmbH Nuernberg, Germany .\" Author: Thorsten Kukuk +.\" Updates by Greg Banks Copyright (c) 2021 Microsoft Corp. .\" .\" %%%LICENSE_START(GPLv2+_SW_3_PARA) .\" This program is free software; you can redistribute it and/or @@ -53,9 +54,12 @@ The default is 0. .B threads .I number .RS -This is the number of threads that are started to wait for +This is the initial number of threads that are started to wait for requests. -At least five threads will always be created. +At least five threads will always be created. The number of threads +may increase dynamically up to +.B max\-threads +in response to demand from clients, but never decreases. .RE .PP .B max\-threads @@ -83,9 +87,15 @@ Specifies the user who is allowed to request statistics. unlimited | .I number .RS -Limit on the number of times a cached entry gets reloaded without being used -before it gets removed. -The default is 5. +Sets a limit on the number of times a cached entry gets reloaded without being used +before it gets removed. The limit can take values ranging from 0 +to 254; values 255 or higher behave the same as +.BR unlimited . +Limit values can be specified in either decimal or hexadecimal with a +"0x" prefix. The special value +.B unlimited +is case-insensitive. The default limit is 5. A limit of 0 turns off the reloading +feature. See NOTES below for further discussion of reloading. .RE .PP .B paranoia @@ -128,6 +138,9 @@ in the specified cache for is in seconds. Larger values increase cache hit rates and reduce mean response times, but increase problems with cache coherence. +Note that for some name services (including specifically DNS) +the TTL returned from the name service is used and this attribute +is ignored. .RE .PP .B negative\-time\-to\-live @@ -166,6 +179,7 @@ The files are .IR /etc/passwd , .IR /etc/group , .IR /etc/hosts , +.IR /etc/resolv.conf , .IR /etc/services , and .IR /etc/netgroup . @@ -194,6 +208,8 @@ is shared with the clients so that they can directly search in them instead of having to ask the daemon over the socket each time a lookup is performed. The default is no. +Note that a cache miss will still result in asking the daemon over +the socket. .RE .PP .B max\-db\-size @@ -230,12 +246,82 @@ and .IR group . .RE .SH NOTES +.PP The default values stated in this manual page originate from the source code of .BR nscd (8) and are used if not overridden in the configuration file. The default values used in the configuration file of your distribution might differ. +.SS Reloading +.PP +.BR nscd (8) +has a feature called reloading whose behavior can be surprising. +.PP +Reloading is enabled when the +.B reload-count +attribute has a non-zero value. The default value in the source +code enables reloading, although your distribution may differ. +.PP +When +reloading is enabled, positive cached entries (the results of +successful queries) do not simply expire when their TTL is up. Instead, +at the expiry time +.B nscd +will "reload", i.e. re-issue the same name service query that created the cached +entry, to get a new value to cache. Depending on +.B /etc/nsswitch.conf +this may mean that a DNS, LDAP or NIS request is made. If the new query +is successful reloading will repeat +when the new value would expire, until +.B reload-count +reloads have happened for the entry, and only then will it actually be removed +from the cache. A request from a client which hits the entry will reset +the reload counter on the entry. Purging the cache using the +.B \-i +command line option overrides the reload logic and removes the entry. +.PP +Reloading has the effect of extending cache entry TTLs without compromising +on cache coherency, at the cost of additional load on the backing name service. +Whether this is a good idea on your system depends on details of +your applications' behavior, your name service, and the effective TTL values of +your cache entries. (Note that for some name services (for example, DNS), the +effective TTL is the value returned from the name service and +.I not +the value of the +.B positive\-time\-to\-live +attribute.) Please consider the following advice carefully: +.IP \(bu +If your application will make a second request for the same name, after +more then 1 TTL but before +.B reload\-count +TTLs, and is sensitive to the latency of a cache miss, then reloading may be +a good idea for you. +.IP \(bu +If your name service is configured to return very short TTLs, and your +applications only make requests rarely under normal circumstances, then +reloading may result in additional load on your backing name service +without any benefit to applications, which is probably a bad idea for you. +.IP \(bu +If your name service capacity is limited, reloading may have the +surprising effect of increasing load on your name service instead of +reducing it, and may be a bad idea for you. +.IP \(bu +Setting +.B reload\-count +to +.B unlimited +is almost never a good idea, as it will result in a cache that never expires +entries and puts never-ending additional load on the backing name service. +.PP +Note also that some distributions have an init script for nscd with a "reload" +command which has the effect of purging +.BR nscd 's +caches using the +.B \-i +commandline option. That use of the word "reload" is +.I entirely different +from the "reloading" described here. .SH SEE ALSO .BR nscd (8) .\" .SH AUTHOR