Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 196241 - sys-libs/glibc - nscd won't cache DNS results if the hostname resolves to multiple IP addresses
Summary: sys-libs/glibc - nscd won't cache DNS results if the hostname resolves to mul...
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
: 366925 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-10-18 06:22 UTC by Dima Ryazanov
Modified: 2011-05-13 04:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dima Ryazanov 2007-10-18 06:22:45 UTC 
I noticed that when I browse certain websites (like facebook.com) using Konqueror, it sends a DNS request for every single URL, DoS'ing the router. I have nscd running - and it works fine if the hostname resolves to one IP, but does not do any caching when there are multiple IPs.

Reproducible: Always

Steps to Reproduce:
1. Start wireshark and watch for DNS queries.
2. Run "resolveip" (from dev-db/mysql) on gentoo.org and slashdot.org a few times.
3. Then run it on google.com, yahoo.com, facebook.com, also several times.

Actual Results:  
There is only one DNS query for gentoo.org and slashdot.org, no matter how many times you run resolveip. But a new query is sent each time you run resolveip on google.com, yahoo.com, facebook.com.

Expected Results:  
There should be only one query for each of google.com, yahoo.com, facebook.com.

I am using sys-libs/glibc-2.6.1, but I have been seeing this bug for a long time - probably before 2.4.


emerge --info:

Portage 2.1.3.14 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r4, 2.6.23-gentoo i686)
=================================================================
System uname: 2.6.23-gentoo i686 AMD Athlon(tm) XP 2000+
Timestamp of tree: Thu, 18 Oct 2007 02:30:01 +0000
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r5
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=athlon-xp -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS=" http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://cudlug.cudenver.edu/gentoo/ http://mirror.usu.edu/mirrors/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ "
LC_ALL="en_US.UTF-8"
LINGUAS="en uk ru"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac aalib acl acpi alsa ao avi bitmap-fonts cairo cdr cli cracklib crypt cups dbus dlloader dri dv dvd dvdr dvdread emboss encode fam firefox fortran gdbm gif glut gpm gstreamer hal iconv imlib ipv6 isdnlog jpeg kde kdeenablefinal kdehiddenvisibility kdrive lm_sensors mad midi mikmod mmx mmxext mng mp3 mpeg mudflap ncurses nls nptl nptlonly nsplugin ogg openexr opengl openmp pam pcre pdf perl png ppds pppd python qt3 qt3support qt4 quicktime rdesktop readline reflection samba scanner sdl session slang spell spl sse ssl svg tcpd tetex tiff truetype truetype-fonts type1-fonts udev unicode usb vorbis wifi win32codecs x86 xcb xcomposite xine xinerama xml xorg xscreensaver xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en uk ru" USERLAND="GNU" VIDEO_CARDS="radeon ati"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Dima Ryazanov 2008-01-11 06:21:34 UTC 
nscd won't cache anything if I run this code:
  struct addrinfo hint = {0};
  hint.ai_family = PF_INET;
  getaddrinfo(argv[1], NULL, &hint, &result);

But it works fine if I remove "hint.ai_family = PF_INET". KDE always sets ai_family, though.

I wanted to debug getaddrinfo and nscd, but can't figure out how to do it. I reinstalled glibc like this:
USE="debug -glibc-omitfp" FEATURES="noclean nostrip" emerge -av glibc
But that didn't give me any debugging info. How do I do this?
Comment 2 SpanKY gentoo-dev 2008-01-11 08:02:59 UTC 
unfortunately, i dont think any combination of CFLAGS/LDFLAGS/USE/FEATURES will get you a debuggable nscd.  glibc forces all of its network daemons to be built as PIEs which keeps you from being able to debug them.  glibc also will fail to straight up compile if you try to build with -O0.

you'd have to do something like:
tar xf glibc-2.7.tar.bz2
nano glibc-2.7/nscd/Makefile
<remove -fpie and -pie from cflags/linking>
mkdir build
cd build
CFLAGS='-O1 -g -ggdb -pipe' ../glibc-2.7/configure --prefix=/usr
make

now if you could force nscd to statically link, that'd make debugging much easier, otherwise you'd have to execute the local ldso + library paths + nscd to get it to run.  or relink nscd with local rpaths.  it's all quite messy.
Comment 3 SpanKY gentoo-dev 2008-06-07 23:35:39 UTC 
you should retest with glibc-2.8
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2009-04-20 21:40:29 UTC 
Have you retested with glibc-2.8?
Comment 5 Charles G Waldman 2011-05-10 19:02:31 UTC 
Hi, I'd like to reopen this bug.  I am running glibc-2.13-r2 
and confirm the results of the wireshark test described above.
For names which resolve to a single IP (www.gentoo.org) the
DNS result is cached by nscd and subsequent lookups do not trigger
a request to the DNS server.  But for names which resolve to multiple IPs (www.google.com) the nscd does not cache results, and every access results in another hit on the DNS server, which somewhat limits the usefulness of nscd.
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2011-05-13 00:21:38 UTC 
*** Bug 366925 has been marked as a duplicate of this bug. ***
Comment 7 SpanKY gentoo-dev 2011-05-13 04:28:24 UTC 
by design.  file a bug upstream, although they'll probably close it too.

nscd/hstcache.c:
      /* If the record contains more than one IP address (used for
         load balancing etc) don't cache the entry.  This is something
         the current cache handling cannot handle and it is more than
         questionable whether it is worthwhile complicating the cache
         handling just for handling such a special case. */