[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Long query times: OpenLDAP 1.2.7 + BDB 2.7.7 + Solaris 7

On Thu, 23 Sep 1999, Paul Makepeace wrote:

> I managed to get a usable solution by turning reverse (IP->name) DNS lookups
> off by adding the --enable-rlookups=no option to the ./configure line. There
> is definitely something very evil with Solaris's resolver libraries and the
> nscd daemon and this is reported in the Squid (Internet HTTP proxy) pages
> (search for Solaris nscd):

An alternative should be to tell nscd not to cache host lookups (this is how
our Squid proxies run - no caching named on the proxy machine).

I wonder if the same problem persists with the devel CVS code?  I can't really
use my "play" LDAP box as a performance example (running 2.0-devel and BDB
2.7.7 on Solaris 7) as it's only an IPX...

> I also tried installing a local caching named but that only alleviated the
> problem, certainly didn't solve it. It may be possible to link with libbind.a
> and avoid use of nscd and its DNS lookup serializing but I haven't had a
> chance to try this...

As I understand it, nscd forms part Sun's NSS backend infrastructure (for
caching lookups);  there are times when this can be really useful, but when
it's serialised there's a painful performance hit.  The Squid notes were
written mainly in reference to Solaris 2.5.1 (and possibly 2.6);  I haven't
tested Squid on Solaris 7 yet (on the to-do list) so I don't know if Solaris
7's nscd is any better.  I recall someone saying the serialisation was due to
a "limitation" in the DNS APIs or somesuch (not being thread-safe?).

> (I understand Solaris's resolver is BIND 8.1.2 anyway altho' modified to
> use nscd?).

I'm running:

                      Solaris 7 s998s_SunServer_21al2b SPARC
           Copyright 1998 Sun Microsystems, Inc.  All Rights Reserved.
                            Assembled 06 October 1998

and it definitely comes with BIND 8.1.2 (not sure if any subsequent patches
have moved to BIND 8.2.1 with the security patch or not - 8.2 was ghastly).

I doubt BIND has been "modified to use nscd" - the resolver library is a
backend provider for NSS ("dns") so by the time the request reaches the
resolver it has probably already passed through nscd (that's how it would be
able to cache results from multiple backends).  BIND itself is just a server
answering DNS protocol queries.