Author Topic: Linux Host Lookup Performance Tuning  (Read 702 times)

Offline Thing

Linux Host Lookup Performance Tuning
« on: February 08, 2004, 09:34 AM »
Installing and configuring the nscd daemon can greatly improve the performance of any activity that requires host lookups.  Examples would be web browsing, ftping, wgeting, etc.

Tools you will need:

1.  nscd
2.  keyboard
3.  device or fingers to clickey click the keyboard
4.  file editing skills

Instructions:

1.  install nscd
2.  configure nscd.conf
3.  start nscd
4.  set nscd to start at boot

By default /etc/nscd.conf contains:
enable-cache.  .  hosts.  .  no
Change it to:
enable-cache.  .  hosts.  .  yes

The positive ttl and negative ttl are displayed in seconds.  Set them to a reasonable value.  Mine are positive = 86400 and negative = 20.

Important!  If you are running a service that relies on forward/reverse lookup checks, don't do this!  An example would be, if you are running an smtp server which only accepts email from a host with a valid ptr record.

Average home users should see a significant increase in performance because we are reducing the number of lookups your machine has to perform.
« Last Edit: February 08, 2004, 02:13 PM by Thing »
That sucking sound you hear is my bandwidth.

Offline Adron

Re:Linux Host Lookup Performance Tuning
« Reply #1 on: February 08, 2004, 09:37 AM »
Important!  If you are running a service that relies on forward/reverse lookup checks, don't do this!  An example would be, if you are running an smtp server which only accepts email from a host with a valid ptr record.

Why not?

Offline Thing

Re:Linux Host Lookup Performance Tuning
« Reply #2 on: February 08, 2004, 09:51 AM »
Quote from Security Focus:

Quote
  The Name Service Cache Daemon  (nscd)  has a default behavior  that
   does not allow applications to  validate DNS "PTR" records  against
   "A" records.

   In particular, nscd caches a request for a "PTR" record, and when a
   request  comes later for the "A"  record,  nscd simply divulges the
   information from  the cached "PTR"  record, instead of querying the
   authoritative DNS for the "A" record.

As far as I know, this is still the case.  It is terribly unimportant for an average home user.
That sucking sound you hear is my bandwidth.

Offline Adron

Re:Linux Host Lookup Performance Tuning
« Reply #3 on: February 08, 2004, 11:56 PM »
As far as I know, this is still the case.  It is terribly unimportant for an average home user.

I'd say that could be terribly important for a home user... What are the ways to force someone to do a ptr lookup? Access something that generates a log entry on his machine?

If you can fool the home user into doing a ptr lookup for your IP, and return www.citibank.com, then you can do a perfect hijack of that site?

Offline Thing

Re:Linux Host Lookup Performance Tuning
« Reply #4 on: February 09, 2004, 08:16 AM »
Netscape, Konqueror, Opera and Mozilla all have their own built in resolvers.  They utilize the DNS resolver libraries but don't query the nscd db.
That sucking sound you hear is my bandwidth.

Offline Adron

Re:Linux Host Lookup Performance Tuning
« Reply #5 on: February 09, 2004, 12:40 PM »
Netscape, Konqueror, Opera and Mozilla all have their own built in resolvers.  They utilize the DNS resolver libraries but don't query the nscd db.

Hmm, so that must reduce the usefulness of nscd.. What does query it? Telnet/b.net/irc etc?