From owner-freebsd-hackers@FreeBSD.ORG Sun Jul 1 10:18:06 2012 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0020A1065676 for ; Sun, 1 Jul 2012 10:18:05 +0000 (UTC) (envelope-from se@freebsd.org) Received: from nm8.bullet.mail.ird.yahoo.com (nm8.bullet.mail.ird.yahoo.com [77.238.189.23]) by mx1.freebsd.org (Postfix) with SMTP id 639618FC20 for ; Sun, 1 Jul 2012 10:18:05 +0000 (UTC) Received: from [77.238.189.234] by nm8.bullet.mail.ird.yahoo.com with NNFMP; 01 Jul 2012 10:18:03 -0000 Received: from [217.146.189.246] by tm15.bullet.mail.ird.yahoo.com with NNFMP; 01 Jul 2012 10:18:03 -0000 Received: from [127.0.0.1] by smtp111.mail.ird.yahoo.com with NNFMP; 01 Jul 2012 10:18:03 -0000 X-Yahoo-Newman-Id: 600877.35538.bm@smtp111.mail.ird.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: cvcCQvwVM1nfdEv6tz51PK1O3y6oBHSe4cOoORYUHZUxs4v s0eaxaABAzpiO593u2LoULxJwOH87OBwW__ZphfCp2k2r95ZrNdPiHjjIP4U a_c9ouGFJo4bKWPQaLM188i7ai0CZIPigSCKM_p47lINsgIBYUdo1GLYAmcn jUhbcKJxuw2.trourhIGup4I2d5rcH3xHk.qms.kBPAEIyR43aB40erxLHAx IpWEylkywqN.te5FO2yW9qY.b5FGlgvmKPeLFsO4sZGaxdG6cNWVh8J0kwu2 9IkPRBKEftVjztOB.Ub0j4JcUWJtEk6Oo2wKmC79WMxEudzCKSy3tLKdU8qh 6CI3gIXmAhfHoeQYRYQ9YRnVgNV6i0M91Z83KLGwhEen_oSnnIg3.ki0vXto CuvPRBVOny9ALcMBc.QM1B0qaoHXKUYFsYYNsAbTOzaD11rL714pw3hp2HlN L8GCQk45Z8Aa6pISRNha_WXRb625vezYVero.EJ8N5odkTWjVWBKgxZjiSl7 4h7TviT9hdWfvIyMjlgzODsd3Ou5wzwO7tvPt1NVUCAF45L8bb15UIPJLmPk alsNUe8pll.Pp2kJRkuYAlGTDJlJ3UPKH8EK8CW3bzXe1HcXhtkDA.hk- X-Yahoo-SMTP: iDf2N9.swBDAhYEh7VHfpgq0lnq. Received: from [192.168.119.11] (se@81.173.144.247 with plain) by smtp111.mail.ird.yahoo.com with SMTP; 01 Jul 2012 03:18:03 -0700 PDT Message-ID: <4FF023DF.8000003@freebsd.org> Date: Sun, 01 Jul 2012 12:18:07 +0200 From: Stefan Esser User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: FreeBSD developers References: <4FEAA3C1.2040807@freebsd.org> <4FECBBC1.3000800@freebsd.org> In-Reply-To: <4FECBBC1.3000800@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: [RFT/RFC]: Please test NSCD patch (was: Re: [PATCH] Fix for negative cacheing problem in NSCD) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2012 10:18:06 -0000 [Since I did not receive any feedback on my previous message to the -hackers list, I try again and CC: to -current in the hope to attract more interest ...] The NSCD patch attached to the previous mail, which can be found at: http://www.mail-archive.com/freebsd-hackers@freebsd.org/msg164538.html It fixes an often reported problem with negative cacheing in NSCD: E.g. when a new user account is created, there is a query for this username to give a meaningful reply to the user, if that username has been choosen before. The query result is cached, and if the username was not found and a new account is created, NSCD does not notice and returns the "user does not exist" result for the cache's time-to-live duration that is configured for negative queries (default is 60 seconds, could be increased when the patch is applied). The patch fixes the scenario given by marking the first negative reply as preliminary result and requires further queries to the original data source to deliver the same result before the cached value is used and the data source is not queried again. I'd want to commit this patch to -CURRENT within the next week, if there are no objections. The patch does not violate POLA, since it does not change the behavior without an additional configuration line in /etc/nscd.conf. Before I commit the patch I'd appreciate the following feedback: 1) Does it work for you with your data sources (e.g. LDAP) (The patch has worked on my box in the cases I tested.) 2) Should the defaults be changed, e.g. the negative confidence threshold could be set to 3 with a timeout of 10 minutes instead of the current values of 1 and 1 minute. (I plan to commit the change without change to the defaults to prevent a violation of POLA, unless there are strong arguments in favor of changed defaults.) 3) Is there a better name for the new option? I used "negative-confidence-threshold" since I could not think of a simpler/shorter name to express its purpose. 4) Is the patch to the man page comprehensible? Any suggestions to improve the wording? 5) I also added support for retries on positive cache results, which might for example help with DNS based load balancing. For example "positive-confidence-threshold hosts 4" will require 4 identical DNS replies before the cache trusts its contents and stops sending DNS queries. This may or may not be useful; the feature came at negligible cost, and so I kept it in the attached patch, but might as well commit a stripped down version that only supports negative cacheing. The patch was attached to my previous mail and is also available from: http://people.freebsd.org/~se/nscd-Negative-Threshold.patch Regards, STefan