Processed: Bug#335476: nscd: Caches old IP-address

2007-04-25 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tag 335476 + upstream confirmed
Bug#335476: nscd: Caches old IP-address
There were no tags set.
Tags added: upstream, confirmed

> forwarded 335476 http://sourceware.org/bugzilla/show_bug.cgi?id=4428
Bug#335476: nscd: Caches old IP-address
Noted your statement that Bug has been forwarded to 
http://sourceware.org/bugzilla/show_bug.cgi?id=4428.

> retitle 335476 [nscd] does not respect DNS TTL.
Bug#335476: nscd: Caches old IP-address
Changed Bug title to [nscd] does not respect DNS TTL. from nscd: Caches old 
IP-address.

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#335476: nscd: Caches old IP-address

2007-04-25 Thread Pierre HABOUZIT 
tag 335476 + upstream confirmed
forwarded 335476 http://sourceware.org/bugzilla/show_bug.cgi?id=4428
retitle 335476 [nscd] does not respect DNS TTL.
thanks

On Mon, Oct 24, 2005 at 10:18:28AM +0200, Anders Boström wrote:
> Package: nscd
> Version: 2.3.5-6
> Severity: important
> 
> When ssh make a lookup of a node with changed IP-address, nscd returns
> the old address. If I stop nscd, ssh get the right address. But as
> soon as I start nscd again, the old address is delivered to ssh. All
> other applications I've tested get the right address, even when nscd
> is running. Applications I've tested includes 'getent hosts', host
> and ping.

  I can confirm that nscd does not invalidate cache as it should wrt DNS
TTL's. Though it (as of 2.5) respects positive-time-to-live properly.

-- 
·O·  Pierre Habouzit
··O[EMAIL PROTECTED]
OOOhttp://www.madism.org


pgpLBbTkLfSQB.pgp
Description: PGP signature

Bug#335476: nscd: Caches old IP-address

2005-11-18 Thread Dave Love 
Florian Weimer <[EMAIL PROTECTED]> writes:

> Which GNU libc version is in Fedora?  2.3.5?

Yes.  (Or it was then -- there seems to be an update to 2.3.6 now.)

> There is quite a bit of code to handle TTLs for records fetched from
> DNS in version 2.3.5.  Don't they expire for you, either?

They were definitely not expiring on Fedora (after ~18 hours with
`positive-time-to-live hosts 3600' in nscd.conf).  The cache files had
ancient modification times; I don't know whether that's an artefact of
the mmapping I see is used.

Sorry I can't check this on Debian, but it looks to me a risky option
to have on anyway.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#335476: nscd: Caches old IP-address

2005-11-14 Thread Florian Weimer 
* Dave Love:

> Florian Weimer <[EMAIL PROTECTED]> writes:
>
>> The current code tries to honor TTLs.  It might be sufficient to set a
>> zero (or very low) TTL for entries coming from /etc/hosts.
>
> Does `current' mean in the latest Debian package?

Yes.

> I can't see anything relevant in the changelog, and the Fedora
> version definitely didn't time out.

Which GNU libc version is in Fedora?  2.3.5?

There is quite a bit of code to handle TTLs for records fetched from
DNS in version 2.3.5.  Don't they expire for you, either?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#335476: nscd: Caches old IP-address

2005-11-14 Thread Dave Love 
Florian Weimer <[EMAIL PROTECTED]> writes:

> The current code tries to honor TTLs.  It might be sufficient to set a
> zero (or very low) TTL for entries coming from /etc/hosts.

Does `current' mean in the latest Debian package?  I can't see
anything relevant in the changelog, and the Fedora version definitely
didn't time out.  I can't easily test the Debian version.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#335476: nscd: Caches old IP-address

2005-11-11 Thread Florian Weimer 
* Dave Love:

> Yes, please turn off the default persistent caching of hosts (at
> least).  I think this should also be done upstream.  It can lead to
> lockout of logins in an obscure fashion -- at least it did on Fedora
> systems running what appears to be the same version of nscd with the
> same defaults, so presumably Debian would be subject to the same
> lossage.

The current code tries to honor TTLs.  It might be sufficient to set a
zero (or very low) TTL for entries coming from /etc/hosts.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#335476: nscd: Caches old IP-address

2005-11-11 Thread Dave Love 
Yes, please turn off the default persistent caching of hosts (at
least).  I think this should also be done upstream.  It can lead to
lockout of logins in an obscure fashion -- at least it did on Fedora
systems running what appears to be the same version of nscd with the
same defaults, so presumably Debian would be subject to the same
lossage.

The situation we saw was the following:  the passwd and group
databases are from ldap (with files preferred in nsswitch.conf), and
hosts are from files and dns (in that order), with authentication by
Kerberos.  The LDAP servers were moved, so that `ldap' and `ldap-2'
got different IP addresses.  Over half a day later, it was impossible
to log in to the systems multi-user, except via SSH public keys.
Login gave authentication errors, either permission denied or invalid
password -- I'm not clear why, since Kerberos was functioning OK.  In
this state, logged in via ssh the results of `getent passwd' and `host
ldap' were OK, and there was nothing useful in syslog.  Eventually we
found that killing nscd solved the problem (and restarting it
re-instituted the problem).  Later we found (the undocumented)
/var/db/nscd and zapped it, whereupon login worked again with nscd
running.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#335476: nscd: Caches old IP-address

2005-10-24 Thread Anders Boström 
Package: nscd
Version: 2.3.5-6
Severity: important

When ssh make a lookup of a node with changed IP-address, nscd returns
the old address. If I stop nscd, ssh get the right address. But as
soon as I start nscd again, the old address is delivered to ssh. All
other applications I've tested get the right address, even when nscd
is running. Applications I've tested includes 'getent hosts', host
and ping.

sid:~> ssh -v bostrom.dyndns.org
OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /home/anders/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to bostrom.dyndns.org [83.250.193.68] port 22.

sid:~> getent hosts bostrom.dyndns.org
83.250.197.26   bostrom.dyndns.org
sid:~> host bostrom.dyndns.org
bostrom.dyndns.org has address 83.250.197.26
sid:~> 

strace from ssh:

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
poll([{fd=3, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
writev(3, [{"\2\0\0\0\r\0\0\0\6\0\0\0", 12}, {"hosts\0", 6}], 2) = 18
poll([{fd=3, events=POLLIN|POLLERR|POLLHUP, revents=POLLIN|POLLHUP}], 1, 5000) 
= 1
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"hosts\0", 6}], msg_controllen=24, 
{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {4}}, msg_flags=0}, 
0) = 6
fstat(4, {st_mode=S_IFREG|0600, st_size=217016, ...}) = 0
pread(4, "\1\0\0\0h\0\0\0\0\0\0\0\1\0\0\0\255\215\\C\0\0\0\0\323"..., 104, 0) = 
104
mmap(NULL, 217016, PROT_READ, MAP_SHARED, 4, 0) = 0x2aaf8000
close(4)= 0
close(3)= 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(22), 
sin_addr=inet_addr("83.250.193.68")}, 16) = ? ERESTARTSYS (To be restarted)

strace from getent hosts:

connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = 0
poll([{fd=3, events=POLLOUT|POLLERR|POLLHUP, revents=POLLOUT}], 1, 5000) = 1
writev(3, [{"\2\0\0\0\r\0\0\0\6\0\0\0", 12}, {"hosts\0", 6}], 2) = 18
poll([{fd=3, events=POLLIN|POLLERR|POLLHUP, revents=POLLIN|POLLHUP}], 1, 5000) 
= 1
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"hosts\0", 6}], msg_controllen=24, 
{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, {4}}, msg_flags=0}, 
0) = 6
fstat(4, {st_mode=S_IFREG|0600, st_size=217016, ...}) = 0
pread(4, "\1\0\0\0h\0\0\0\0\0\0\0\1\0\0\0\34\221\\C\0\0\0\0\323\0"..., 104, 0) 
= 104
mmap(NULL, 217016, PROT_READ, MAP_SHARED, 4, 0) = 0x2af87000
close(4)= 0
close(3)= 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x2afbc000
write(1, "83.250.197.26   bostrom.dyndns.o"..., 3583.250.197.26   
bostrom.dyndns.org

If I remove /var/db/nscd/hosts and restart nscd, ssh works again. But
if I replace /var/db/nscd/hosts with the old db-file again, and
restart nscd, the problem reappear.

The corrupt(?) hosts-file is attached.

/ Anders

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 
'sarge-unsupported')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13.4
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to sv_SE)

Versions of packages nscd depends on:
ii  libc6 2.3.5-6GNU C Library: Shared libraries an

nscd recommends no packages.

-- no debconf information


hosts.bz2
Description: Binary data