Re: Long query times: OpenLDAP 1.2.7 + BDB 2.7.7 + Solaris 7

["Paul Makepeace" <Paul.Makepeace@realprogrammers.com>]

[I'm kind of aware this is veering off-topic and possibly more appropriate
on -general(?). Still, I hope it's forgiven; I imagine there are quite a few
people using Solaris as a heavyweight deployment platform.]

From: David J N Begley <david@avarice.nepean.uws.edu.au>
> An alternative should be to tell nscd not to cache host lookups (this is
how
> our Squid proxies run - no caching named on the proxy machine).

The two mods to the system I performed were (as per squid advice):

/etc/nsswitch.conf:
hosts:      dns [NOTFOUND=return] files

/etc/nscd.conf:
        enable-cache            hosts           no

(which in Solaris 7 is already there, just commented out ready for you to
uncomment ;-)

..and an nscd restart.

I installed the most recent BIND and set

/etc/resolver.conf:
domain slb.com
nameserver 127.0.0.1

> written mainly in reference to Solaris 2.5.1 (and possibly 2.6);  I haven't
> tested Squid on Solaris 7 yet (on the to-do list) so I don't know if
Solaris
> 7's nscd is any better.

Despite the above configuration we were still suffering TCP listen queue
dropouts and long query times. The recompile minus rev. lookups solved it
immediately and there haven't been any (related) issues since. Can you see
something here I've done obviously wrong that should still have it answering
queries slowly? It's serving a global WAN over a fairly fast intranet.

I have access to this machine for another week and am happy to test
configurations if that'd help.

> I doubt BIND has been "modified to use nscd" - the resolver library is a
> backend provider for NSS ("dns")

Thanks David, I was guessing there.

Cheers,
Paul