sun and nscd, was: Building an MS-SA box

Jeff A. Earickson jaearick at COLBY.EDU
Mon Feb 23 02:28:44 GMT 2004


Y'all,
   We got badly burned by Sun's nscd in Solaris 8 when we moved
Apache.  Turned it off then and left it off.  We are running
Solaris 9 now, and I still leave it off.  We don't use NIS (yuck);
I have bind where I need it, so why use nscd?  In fact I have a whole
list of Sun daemons (21 total) that I disable, plus nearly
everything in /etc/inetd.conf.  If I can't think of a good reason
to run a daemon then I disable it.  And I run ipfilter on all of
my boxes.  I'm not paranoid, everybody *is* out to get me.

Jeff Earickson
Colby College

On Sun, 22 Feb 2004, Peter Bonivart wrote:

> Date: Sun, 22 Feb 2004 14:55:35 +0100
> From: Peter Bonivart <peter at UCGBOOK.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Building an MS-SA box
>
> Jeff A. Earickson wrote:
> > IMHO, you are better off running a cache/slave DNS like bind or
> > tinydns.  On Solaris we have found that nscd can be a bottleneck,
> > not a help.  When we moved our web service (apache) from HP to
> > Solaris, we were getting really poor response until we turned off
> > nscd.  I have it turned off on all of my Sun boxes, including
> > my MailScanner box.  Others may have different insight on nscd.
>
> I think the main target for Sun with nscd was to improve NIS
> performance, therefore it caches more than just hosts. I haven't heard
> of any problems with it for years, the last patch released for it was in
> 2001 for Solaris 8. Are your problems with nscd recent?
>
> I'm using it with no problems. I have a host hit rate of 99.6% and after
> being up for 129 days it's using 3 MB. That's OK with me. ;-)
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
> SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
>



More information about the MailScanner mailing list