0

I have a question regarding how nscd works.

I ran this on Terminal #1

docker --version && docker pull ubuntu:20.04 && docker run --rm -it --name dns-cache ubuntu:20.04
apt-get update -qq && apt-get install -qq vim tcpdump wget nscd > /dev/null
sed --in-place '/positive-time-to-live.hosts/ s/3600/120/' /etc/nscd.conf
/etc/init.d/nscd status
/etc/init.d/nscd start
/etc/init.d/nscd status
nscd -g | grep "hosts cache:" -A 22

docker --version && docker exec -t dns-cache tcpdump -n udp port 53



for COUNT in 1 2 3 4 5 6
do
  echo "(date): Attempt #{COUNT}"
  rm -f favicon.ico && wget -q https://stackoverflow.com/favicon.ico && ls -l favicon.ico
  sleep 50
done

and this on terminal #2

docker --version && docker exec -t dns-cache tcpdump -n udp port 53

And this is the output on terminal #1

docker --version && docker pull ubuntu:20.04 && docker run --rm -it --name dns-cache ubuntu:20.04
Docker version 20.10.8, build 3967b7d
20.04: Pulling from library/ubuntu
Digest: sha256:a0d9e826ab87bd665cfc640598a871b748b4b70a01a4f3d174d4fb02adad07a9
Status: Image is up to date for ubuntu:20.04
docker.io/library/ubuntu:20.04
[email protected]:/# apt-get update -qq && apt-get install -qq vim tcpdump wget nscd > /dev/null
debconf: delaying package configuration, since apt-utils is not installed
[email protected]:/# sed --in-place '/positive-time-to-live.hosts/ s/3600/120/' /etc/nscd.conf
[email protected]:/# /etc/init.d/nscd status
 * Status of Name Service Cache Daemon service:                                  * not running.
[email protected]:/# /etc/init.d/nscd start
 * Starting Name Service Cache Daemon nscd                                      nscd: 3039 monitoring file `/etc/passwd` (1)
nscd: 3039 monitoring directory `/etc` (2)
nscd: 3039 monitoring file `/etc/group` (3)
nscd: 3039 monitoring directory `/etc` (2)
nscd: 3039 monitoring file `/etc/hosts` (4)
nscd: 3039 monitoring directory `/etc` (2)
nscd: 3039 monitoring file `/etc/resolv.conf` (5)
nscd: 3039 monitoring directory `/etc` (2)
nscd: 3039 disabled inotify-based monitoring for file `/etc/services': No such file or directory
nscd: 3039 stat failed for file `/etc/services'; will try again later: No such file or directory
nscd: 3039 monitoring file `/etc/passwd` (1)
nscd: 3039 monitoring directory `/etc` (2)
nscd: 3039 monitoring file `/etc/group` (3)
nscd: 3039 monitoring directory `/etc` (2)
nscd: 3039 monitoring file `/etc/resolv.conf` (5)
nscd: 3039 monitoring directory `/etc` (2)
nscd: 3039 disabled inotify-based monitoring for file `/etc/services': No such file or directory
                                                                         [ OK ]
[email protected]:/# /etc/init.d/nscd status
 * Status of Name Service Cache Daemon service:                                  * running.
[email protected]:/# nscd -g | grep "hosts cache:" -A 22
hosts cache:

            yes  cache is enabled
            yes  cache is persistent
            yes  cache is shared
            211  suggested size
         216064  total data pool size
              0  used data pool size
            120  seconds time to live for positive entries
             20  seconds time to live for negative entries
              0  cache hits on positive entries
              0  cache hits on negative entries
              0  cache misses on positive entries
              0  cache misses on negative entries
              0% cache hit rate
              0  current number of cached values
              0  maximum number of cached values
              0  maximum chain length searched
              0  number of delays on rdlock
              0  number of delays on wrlock
              0  memory allocations failed
            yes  check /etc/hosts for changes

[email protected]:/# for COUNT in 1 2 3 4 5 6
> do
>   echo "(date): Attempt #{COUNT}"
>   rm -f favicon.ico && wget -q https://stackoverflow.com/favicon.ico && ls -l favicon.ico
>   sleep 50
> done
Thu Oct 14 06:24:15 UTC 2021: Attempt #1
nscd: 3039 checking for monitored file `/etc/services': No such file or directory
-rw-r--r-- 1 root root 5430 Oct 13 15:16 favicon.ico
Thu Oct 14 06:25:05 UTC 2021: Attempt #2
-rw-r--r-- 1 root root 5430 Oct 13 15:16 favicon.ico
Thu Oct 14 06:25:56 UTC 2021: Attempt #3
-rw-r--r-- 1 root root 5430 Oct 13 15:16 favicon.ico
Thu Oct 14 06:26:46 UTC 2021: Attempt #4
-rw-r--r-- 1 root root 5430 Oct 13 15:16 favicon.ico
Thu Oct 14 06:27:37 UTC 2021: Attempt #5
-rw-r--r-- 1 root root 5430 Oct 13 15:16 favicon.ico
Thu Oct 14 06:28:27 UTC 2021: Attempt #6
-rw-r--r-- 1 root root 5430 Oct 13 15:16 favicon.ico
[email protected]:/# exit

And this is the output for terminal #2

docker --version && docker exec -t dns-cache tcpdump -n udp port 53
Docker version 20.10.8, build 3967b7d
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:24:15.076708 IP 172.17.0.2.49553 > 192.168.65.5.53: 60659+ A? stackoverflow.com. (35)
06:24:15.076824 IP 172.17.0.2.49553 > 192.168.65.5.53: 5616+ AAAA? stackoverflow.com. (35)
06:24:15.080139 IP 192.168.65.5.53 > 172.17.0.2.49553: 60659 4/0/0 A 151.101.65.69, A 151.101.129.69, A 151.101.193.69, A 151.101.1.69 (99)
06:24:15.099818 IP 192.168.65.5.53 > 172.17.0.2.49553: 5616 0/1/0 (117)
06:24:15.351775 IP 172.17.0.2.48303 > 192.168.65.5.53: 20046+ A? cdn.sstatic.net. (33)
06:24:15.351878 IP 172.17.0.2.48303 > 192.168.65.5.53: 54080+ AAAA? cdn.sstatic.net. (33)
06:24:15.354017 IP 192.168.65.5.53 > 172.17.0.2.48303: 20046 4/0/0 A 151.101.65.69, A 151.101.193.69, A 151.101.129.69, A 151.101.1.69 (97)
06:24:15.357329 IP 192.168.65.5.53 > 172.17.0.2.48303: 54080 0/0/0 (33)
06:28:57.908497 IP 172.17.0.2.38557 > 192.168.65.5.53: 33655+ A? stackoverflow.com. (35)
06:28:57.908606 IP 172.17.0.2.38557 > 192.168.65.5.53: 36474+ AAAA? stackoverflow.com. (35)
06:28:57.933726 IP 192.168.65.5.53 > 172.17.0.2.38557: 33655 4/0/0 A 151.101.65.69, A 151.101.1.69, A 151.101.193.69, A 151.101.129.69 (99)
06:28:57.936807 IP 192.168.65.5.53 > 172.17.0.2.38557: 36474 0/1/0 (117)

Request #1: Behaves as expected. Not read from cache as cache is empty. Request #2: Behaves as expected. Read from cache. Cache 50 seconds old. Request #3: Behaves as expected. Read from cache. Cache 100 seconds old. Request #4: Does not behaves as expected. At

06:26:46
, as the cache is now 150 seconds old, the expectation is that a DNS request is made. In this case it is not.

Also, a request is made at

06:28:57
, but I have no idea who initiated this.

Why is nscd not honoring the TTL settings for hosts?