• Welcome to Valhalla Legends Archive.
 

Linux Host Lookup Performance Tuning

Started by Thing, February 08, 2004, 09:34 AM

Previous topic - Next topic

Thing

Installing and configuring the nscd daemon can greatly improve the performance of any activity that requires host lookups.  Examples would be web browsing, ftping, wgeting, etc.

Tools you will need:

1.  nscd
2.  keyboard
3.  device or fingers to clickey click the keyboard
4.  file editing skills

Instructions:

1.  install nscd
2.  configure nscd.conf
3.  start nscd
4.  set nscd to start at boot

By default /etc/nscd.conf contains:
enable-cache.  .  hosts.  .  no
Change it to:
enable-cache.  .  hosts.  .  yes

The positive ttl and negative ttl are displayed in seconds.  Set them to a reasonable value.  Mine are positive = 86400 and negative = 20.

Important!  If you are running a service that relies on forward/reverse lookup checks, don't do this!  An example would be, if you are running an smtp server which only accepts email from a host with a valid ptr record.

Average home users should see a significant increase in performance because we are reducing the number of lookups your machine has to perform.
That sucking sound you hear is my bandwidth.

Adron

Quote from: Thing on February 08, 2004, 09:34 AM
Important!  If you are running a service that relies on forward/reverse lookup checks, don't do this!  An example would be, if you are running an smtp server which only accepts email from a host with a valid ptr record.

Why not?

Thing

Quote from Security Focus:

QuoteThe Name Service Cache Daemon  (nscd)  has a default behavior  that
  does not allow applications to  validate DNS "PTR" records  against
  "A" records.

  In particular, nscd caches a request for a "PTR" record, and when a
  request  comes later for the "A"  record,  nscd simply divulges the
  information from  the cached "PTR"  record, instead of querying the
  authoritative DNS for the "A" record.

As far as I know, this is still the case.  It is terribly unimportant for an average home user.
That sucking sound you hear is my bandwidth.

Adron

Quote from: Thing on February 08, 2004, 09:51 AM
As far as I know, this is still the case.  It is terribly unimportant for an average home user.

I'd say that could be terribly important for a home user... What are the ways to force someone to do a ptr lookup? Access something that generates a log entry on his machine?

If you can fool the home user into doing a ptr lookup for your IP, and return www.citibank.com, then you can do a perfect hijack of that site?

Thing

Netscape, Konqueror, Opera and Mozilla all have their own built in resolvers.  They utilize the DNS resolver libraries but don't query the nscd db.
That sucking sound you hear is my bandwidth.

Adron

Quote from: Thing on February 09, 2004, 08:16 AM
Netscape, Konqueror, Opera and Mozilla all have their own built in resolvers.  They utilize the DNS resolver libraries but don't query the nscd db.

Hmm, so that must reduce the usefulness of nscd.. What does query it? Telnet/b.net/irc etc?