Hello!
My OS is the Solaris 8
When I ping some host that is not alive, first time I get error
message after quite long timeout ~15...20 sec...
Second time I do it I get error message almost immediately that means
the error response is stored somewhere on my computer...
If I wait quite long period of time I see that error message again
appears after long timeout, that indicates that cache was cleand up...
Question: how do I change cache time and where? How can I clean up
cache myself?
I looked in zillion places and commands and could not find the option
to do that...
Thanks,
Alexandre
|
|
0
|
|
|
|
Reply
|
 patshin
|
10/6/2003 2:00:21 PM |
|
Alexandre Patchine <patshin@hotmail.com> wrote:
> Hello!
> My OS is the Solaris 8
> When I ping some host that is not alive, first time I get error
> message after quite long timeout ~15...20 sec...
What error?
> Second time I do it I get error message almost immediately that means
> the error response is stored somewhere on my computer...
What error?
--
Darren Dunham ddunham@taos.com
Unix System Administrator Taos - The SysAdmin Company
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
|
|
|
0
|
|
|
|
Reply
|
Darren
|
10/6/2003 4:44:22 PM
|
|
Ok, I have not explained good enough...
when I ping some host that does not exist (I know it):
bash2#ping blade_110.xxx.ericsson.se
ping: unknown host blade_110.ericsson.se
I get the error message above after 15..20 sec because ping tries to
reach the host blade_110.xxx.ericsson.se...
When I run the same command second time (after one minute):
bash2#ping blade_110.xxx.ericsson.se
I get error response immediately:
ping: unknown host blade_110.ericsson.se
But if I wait one hour (did not measure shortest time) then happens
like I run it first time, ping command does not return immediately...
My question was that I think the error message stored in some kind of
cache on OS (looks like error response cached for second time).
How I clean that cache and where is setting for the timeout of cache?
I need to know the behavior exactly because I am going to use it for
supervising of some nodes...
thanks,
alexandre
patshin@hotmail.com (Alexandre Patchine) wrote in message news:<7c3669b4.0310060600.447a769d@posting.google.com>...
> Hello!
>
> My OS is the Solaris 8
>
> When I ping some host that is not alive, first time I get error
> message after quite long timeout ~15...20 sec...
>
> Second time I do it I get error message almost immediately that means
> the error response is stored somewhere on my computer...
>
> If I wait quite long period of time I see that error message again
> appears after long timeout, that indicates that cache was cleand up...
>
> Question: how do I change cache time and where? How can I clean up
> cache myself?
>
> I looked in zillion places and commands and could not find the option
> to do that...
>
> Thanks,
> Alexandre
|
|
|
0
|
|
|
|
Reply
|
patshin
|
10/7/2003 6:11:15 AM
|
|
Alexandre Patchine wrote:
> Ok, I have not explained good enough...
>
> when I ping some host that does not exist (I know it):
> bash2#ping blade_110.xxx.ericsson.se
> ping: unknown host blade_110.ericsson.se
>
> I get the error message above after 15..20 sec because ping tries to
> reach the host blade_110.xxx.ericsson.se...
> When I run the same command second time (after one minute):
>
> bash2#ping blade_110.xxx.ericsson.se
>
> I get error response immediately:
> ping: unknown host blade_110.ericsson.se
This delay is not due to the ping program. The ping program needs
hostnames translated into addresses. It uses the DNS service
for this. (Well, it does if you have "dns" on the "hosts:" line
in /etc/nsswitch.conf, which is the normal setting...)
> But if I wait one hour (did not measure shortest time) then happens
> like I run it first time, ping command does not return immediately...
>
> My question was that I think the error message stored in some kind of
> cache on OS (looks like error response cached for second time).
> How I clean that cache and where is setting for the timeout of cache?
The cache is most likely on your DNS server. The DNS server itself
does not control the timeout. The timeout is controlled by the owner
of a record. The timeout is called a TTL (time-to-live) and is part
of the information stored in the DNS. This means that the timeout
for, say, www.sun.com could be different than the timeout for
www.ibm.com.
> I need to know the behavior exactly because I am going to use it for
> supervising of some nodes...
You cannot know the behavior exactly. It is subject to change as
the DNS administrator chooses. In fact, it is a common enough
practice for the DNS administrator to change the TTL for a given
record. For performance reasons, you want the TTL to be a long
time -- several hours. But if you are about to make a change,
you want the change to be reflected quickly. So, a DNS
administrator may choose to set the TTL to a lower value (like
15 minutse instead of 6 hours) for a day or two before a change
is made. This gives the best combination of performance and
accuracy.
If you really must have the most up-to-date information and you
need to bypass the cache, this is possible. But to do so, you
must make your own DNS queries. This is not a simple task.
To make matters a little more complicated, Solaris adds an extra
layer of cache on top of DNS. It uses "nscd" to cache information
that comes from DNS (as well as information from many other databases).
You can see some statistics by typing "nscd -g". Only the
"hosts cache:" portion of the output is relevant to DNS. It is
possible to turn of nscd's caching of DNS information, but this
will not change the fact that your local DNS server may cache
information from remote servers.
Perhaps you can get some more useful information if you supply
information about what you are trying to accomplish. Why do
you feel the cache is a problem? Is the delay? Or is it the
possibility of getting out-of-date information? Or something else?
- Logan
|
|
|
0
|
|
|
|
Reply
|
Logan
|
10/7/2003 6:33:55 AM
|
|
Approximately 10/6/03 23:11, Alexandre Patchine uttered for posterity:
> Ok, I have not explained good enough...
This is not a routing issue, it is a name caching issue.
>
> when I ping some host that does not exist (I know it):
> bash2#ping blade_110.xxx.ericsson.se
> ping: unknown host blade_110.ericsson.se
>
> I get the error message above after 15..20 sec because ping tries to
> reach the host blade_110.xxx.ericsson.se...
No, actually what happens is that your machine tries to
reach a nameserver to find the IP address for that hostname.
And this takes a while on a negative answer.
> When I run the same command second time (after one minute):
>
> bash2#ping blade_110.xxx.ericsson.se
>
> I get error response immediately:
> ping: unknown host blade_110.ericsson.se
Your host has cached the negative answer and therefore
doesn't waste time trying to find the IP address for
that hostname.
And even if your host did not cache the negative answer,
the dns server at ericsson.se [or your isp, etc. etc.]
will have cached the negative answer and will return that
immediately.
You can see this behavior with the nslookup command
run interactively with debug set.
# nslookup [do not enter the hostname here, just the command]
blah blah blah blah, you get a nameserver...
> set d2 [note that you now have a nslookup prompt]
set debug level 2.
> bogus.ip.hostname.co.se enter bad name.
>
> But if I wait one hour (did not measure shortest time) then happens
> like I run it first time, ping command does not return immediately...
>
> My question was that I think the error message stored in some kind of
> cache on OS (looks like error response cached for second time).
> How I clean that cache and where is setting for the timeout of cache?
Why would you want to?
On your host, if solaris, the caching is done by the naming
services caching demon, aka nscd. Man pages on timeouts.
However, your host isn't the only name server timeout involved.
And negative answers in DNS are required to timeout...otherwise
you'd never be able to access newly added hosts.
>
> I need to know the behavior exactly because I am going to use it for
> supervising of some nodes...
What you are really doing is managing the name servers, not those
nodes.
If you really want to know whether they exist, try their IP
address rather than hostname....unless you are really trying
to manage the naming services.
>
> thanks,
> alexandre
>
> patshin@hotmail.com (Alexandre Patchine) wrote in message news:<7c3669b4.0310060600.447a769d@posting.google.com>...
>> Hello!
>>
>> My OS is the Solaris 8
>>
>> When I ping some host that is not alive, first time I get error
>> message after quite long timeout ~15...20 sec...
>>
>> Second time I do it I get error message almost immediately that means
>> the error response is stored somewhere on my computer...
>>
>> If I wait quite long period of time I see that error message again
>> appears after long timeout, that indicates that cache was cleand up...
>>
>> Question: how do I change cache time and where? How can I clean up
>> cache myself?
>>
>> I looked in zillion places and commands and could not find the option
>> to do that...
>>
>> Thanks,
>> Alexandre
|
|
|
0
|
|
|
|
Reply
|
Lon
|
10/7/2003 5:54:24 PM
|
|
I need to develop KM (knowledge module) module for the Patrol. Patrol
(bmc.com) is prorpietary network HW and SW supervising system that
differs from SNMP...
I actually need criteria that shows that DNS response is slow. I was
going to do two pings:
ping IPAdress and
ping hostname
Second command uses DNS and probably will be significantly slower than
direct pinging...
If difference is big (how big? 1-2 sec is it slow response?) i could
arise an alarm for an operator...
The local cashing of response disturbs the picture since the timeout
value for the cache seems longer than i am going to do probing...
So, if I do probing every 10 minutes and cache time to live is 30
minutes I will restart the timeout value for erasing of cache and will
all the time use cached reponse, not real...
i looked at /etc/nscd.conf and enabled the line:
enable-cache hosts no
but it does not influenced to the response... It is still cached and I
need to wait quite long (need to measure exact time)
If you know better way to detect slow DNS response, please share the
ideas...
Just for info, I am not going to write any C++ code and will use
system commands only, fetch response and process/extract the strings
with Patrol..
thanks,
Alexandre
Lon Stowell <LonDot.Stowell@ComcastPeriod.Net> wrote in message news:<k5Dgb.237749$mp.149207@rwcrnsc51.ops.asp.att.net>...
> Approximately 10/6/03 23:11, Alexandre Patchine uttered for posterity:
>
> > Ok, I have not explained good enough...
>
> This is not a routing issue, it is a name caching issue.
> >
> > when I ping some host that does not exist (I know it):
> > bash2#ping blade_110.xxx.ericsson.se
> > ping: unknown host blade_110.ericsson.se
> >
> > I get the error message above after 15..20 sec because ping tries to
> > reach the host blade_110.xxx.ericsson.se...
>
> No, actually what happens is that your machine tries to
> reach a nameserver to find the IP address for that hostname.
> And this takes a while on a negative answer.
>
> > When I run the same command second time (after one minute):
> >
> > bash2#ping blade_110.xxx.ericsson.se
> >
> > I get error response immediately:
> > ping: unknown host blade_110.ericsson.se
>
> Your host has cached the negative answer and therefore
> doesn't waste time trying to find the IP address for
> that hostname.
>
> And even if your host did not cache the negative answer,
> the dns server at ericsson.se [or your isp, etc. etc.]
> will have cached the negative answer and will return that
> immediately.
>
> You can see this behavior with the nslookup command
> run interactively with debug set.
>
> # nslookup [do not enter the hostname here, just the command]
>
> blah blah blah blah, you get a nameserver...
>
> > set d2 [note that you now have a nslookup prompt]
> set debug level 2.
>
> > bogus.ip.hostname.co.se enter bad name.
>
> >
> > But if I wait one hour (did not measure shortest time) then happens
> > like I run it first time, ping command does not return immediately...
> >
> > My question was that I think the error message stored in some kind of
> > cache on OS (looks like error response cached for second time).
> > How I clean that cache and where is setting for the timeout of cache?
>
> Why would you want to?
>
> On your host, if solaris, the caching is done by the naming
> services caching demon, aka nscd. Man pages on timeouts.
> However, your host isn't the only name server timeout involved.
>
> And negative answers in DNS are required to timeout...otherwise
> you'd never be able to access newly added hosts.
> >
> > I need to know the behavior exactly because I am going to use it for
> > supervising of some nodes...
>
> What you are really doing is managing the name servers, not those
> nodes.
>
> If you really want to know whether they exist, try their IP
> address rather than hostname....unless you are really trying
> to manage the naming services.
> >
> > thanks,
> > alexandre
> >
> > patshin@hotmail.com (Alexandre Patchine) wrote in message news:<7c3669b4.0310060600.447a769d@posting.google.com>...
> >> Hello!
> >>
> >> My OS is the Solaris 8
> >>
> >> When I ping some host that is not alive, first time I get error
> >> message after quite long timeout ~15...20 sec...
> >>
> >> Second time I do it I get error message almost immediately that means
> >> the error response is stored somewhere on my computer...
> >>
> >> If I wait quite long period of time I see that error message again
> >> appears after long timeout, that indicates that cache was cleand up...
> >>
> >> Question: how do I change cache time and where? How can I clean up
> >> cache myself?
> >>
> >> I looked in zillion places and commands and could not find the option
> >> to do that...
> >>
> >> Thanks,
> >> Alexandre
|
|
|
0
|
|
|
|
Reply
|
patshin
|
10/8/2003 7:17:13 AM
|
|
Alexandre Patchine wrote:
> I need to develop KM (knowledge module) module for the Patrol. Patrol
> (bmc.com) is prorpietary network HW and SW supervising system that
> differs from SNMP...
>
> I actually need criteria that shows that DNS response is slow. I was
> going to do two pings:
> ping IPAdress and
> ping hostname
> Second command uses DNS and probably will be significantly slower than
> direct pinging...
>
> If difference is big (how big? 1-2 sec is it slow response?) i could
> arise an alarm for an operator...
>
> The local cashing of response disturbs the picture since the timeout
> value for the cache seems longer than i am going to do probing...
> So, if I do probing every 10 minutes and cache time to live is 30
> minutes I will restart the timeout value for erasing of cache and will
> all the time use cached reponse, not real...
>
> i looked at /etc/nscd.conf and enabled the line:
>
> enable-cache hosts no
>
> but it does not influenced to the response... It is still cached and I
> need to wait quite long (need to measure exact time)
There is any such thing as an exact time. It will vary depending on
what TTL values the DNS records are given when they are created. This
can be different for each record. Here is some text from the
BIND Administrator Reference Manual:
The TTL is assigned by the administrator for the zone where
the data originates. While short TTLs can be used to minimize
caching, and a zero TTL prohibits caching, the realities of
Internet performance suggest that these times should be on
the order of days for the typical host. If a change can be
anticipated, the TTL can be reduced prior to the change to
minimize inconsistency during the change, and then increased
back to its former value following the change.
In other words, the TTL is up to the DNS administrator's discretion.
Also keep in mind that the TTL is only a maximum. A DNS server
that caches data from other DNS servers may choose to cache things
for a shorter amount of time.
> If you know better way to detect slow DNS response, please share the
> ideas...
Well, the first suggestion is that you can use some program like
"nslookup" or "dig". They both form DNS queries directly and
bypass the process that the system uses to resolve names. They
will therefore give a more direct test.
You could look up a non-existent hostname based on the system's
time an its own hostname, for example:
now () { nawk 'END {print srand}' /dev/null ; }
before=`now`
nslookup `hostname`-`now`.mydomain.com
after=`now`
echo "DNS resolution took `expr $after - $before` seconds"
The second suggestion I have is that you need to define what
you mean "slow DNS response". If you are trying to look up a
hostname across the ocean, and the path between your DNS server
and the remote DNS server is very slow and clogged up with traffic,
then it might take 20 seconds for a query to be finished, and this
might be the best possible performance.
On the other hand, if you have a DNS server on the same host
as the one you're testing from and it has the data cached,
the response might take much less than 0.1 seconds.
So, what is "slow"? This is something you may have to define
for yourself since there isn't any obvious objective definition.
Hope that helps.
- Logan
|
|
|
0
|
|
|
|
Reply
|
Logan
|
10/8/2003 7:42:16 AM
|
|
thanks for the help!...
Now I have start point for my development...
already tested script together with Patrol...
About slow or how much slow:
our system is load balanced WAP server (5-10 Solaris servers) and DNS is
supposed to be within the same network segment and situated in the same
building/area... I thinks that delay around 200-300 ms should be considered
as very big for it and acceptable range must be no more than 20-30 ms...
alexandre
"Logan Shaw" <lshaw-usenet@austin.rr.com> wrote in message
news:sdPgb.436$X66.308@twister.austin.rr.com...
> Alexandre Patchine wrote:
>
> > I need to develop KM (knowledge module) module for the Patrol. Patrol
> > (bmc.com) is prorpietary network HW and SW supervising system that
> > differs from SNMP...
> >
> > I actually need criteria that shows that DNS response is slow. I was
> > going to do two pings:
> > ping IPAdress and
> > ping hostname
> > Second command uses DNS and probably will be significantly slower than
> > direct pinging...
> >
> > If difference is big (how big? 1-2 sec is it slow response?) i could
> > arise an alarm for an operator...
> >
> > The local cashing of response disturbs the picture since the timeout
> > value for the cache seems longer than i am going to do probing...
> > So, if I do probing every 10 minutes and cache time to live is 30
> > minutes I will restart the timeout value for erasing of cache and will
> > all the time use cached reponse, not real...
> >
> > i looked at /etc/nscd.conf and enabled the line:
> >
> > enable-cache hosts no
> >
> > but it does not influenced to the response... It is still cached and I
> > need to wait quite long (need to measure exact time)
>
> There is any such thing as an exact time. It will vary depending on
> what TTL values the DNS records are given when they are created. This
> can be different for each record. Here is some text from the
> BIND Administrator Reference Manual:
>
> The TTL is assigned by the administrator for the zone where
> the data originates. While short TTLs can be used to minimize
> caching, and a zero TTL prohibits caching, the realities of
> Internet performance suggest that these times should be on
> the order of days for the typical host. If a change can be
> anticipated, the TTL can be reduced prior to the change to
> minimize inconsistency during the change, and then increased
> back to its former value following the change.
>
> In other words, the TTL is up to the DNS administrator's discretion.
>
> Also keep in mind that the TTL is only a maximum. A DNS server
> that caches data from other DNS servers may choose to cache things
> for a shorter amount of time.
>
> > If you know better way to detect slow DNS response, please share the
> > ideas...
>
> Well, the first suggestion is that you can use some program like
> "nslookup" or "dig". They both form DNS queries directly and
> bypass the process that the system uses to resolve names. They
> will therefore give a more direct test.
>
> You could look up a non-existent hostname based on the system's
> time an its own hostname, for example:
>
> now () { nawk 'END {print srand}' /dev/null ; }
> before=`now`
> nslookup `hostname`-`now`.mydomain.com
> after=`now`
> echo "DNS resolution took `expr $after - $before` seconds"
>
> The second suggestion I have is that you need to define what
> you mean "slow DNS response". If you are trying to look up a
> hostname across the ocean, and the path between your DNS server
> and the remote DNS server is very slow and clogged up with traffic,
> then it might take 20 seconds for a query to be finished, and this
> might be the best possible performance.
>
> On the other hand, if you have a DNS server on the same host
> as the one you're testing from and it has the data cached,
> the response might take much less than 0.1 seconds.
>
> So, what is "slow"? This is something you may have to define
> for yourself since there isn't any obvious objective definition.
>
> Hope that helps.
>
> - Logan
>
|
|
|
0
|
|
|
|
Reply
|
john
|
10/8/2003 2:23:32 PM
|
|
posted from another machine and signature came as john :-)
changed it
thanks for the help!...
Now I have start point for my development...
already tested script together with Patrol...
About slow or how much slow:
our system is load balanced WAP server (5-10 Solaris servers) and DNS is
supposed to be within the same network segment and situated in the same
building/area... I thinks that delay around 200-300 ms should be considered
as very big for it and acceptable range must be within 20-30 ms...
alexandre
"Logan Shaw" <lshaw-usenet@austin.rr.com> wrote in message
news:sdPgb.436$X66.308@twister.austin.rr.com...
> Alexandre Patchine wrote:
>
> > I need to develop KM (knowledge module) module for the Patrol. Patrol
> > (bmc.com) is prorpietary network HW and SW supervising system that
> > differs from SNMP...
> >
> > I actually need criteria that shows that DNS response is slow. I was
> > going to do two pings:
> > ping IPAdress and
> > ping hostname
> > Second command uses DNS and probably will be significantly slower than
> > direct pinging...
> >
> > If difference is big (how big? 1-2 sec is it slow response?) i could
> > arise an alarm for an operator...
> >
> > The local cashing of response disturbs the picture since the timeout
> > value for the cache seems longer than i am going to do probing...
> > So, if I do probing every 10 minutes and cache time to live is 30
> > minutes I will restart the timeout value for erasing of cache and will
> > all the time use cached reponse, not real...
> >
> > i looked at /etc/nscd.conf and enabled the line:
> >
> > enable-cache hosts no
> >
> > but it does not influenced to the response... It is still cached and I
> > need to wait quite long (need to measure exact time)
>
> There is any such thing as an exact time. It will vary depending on
> what TTL values the DNS records are given when they are created. This
> can be different for each record. Here is some text from the
> BIND Administrator Reference Manual:
>
> The TTL is assigned by the administrator for the zone where
> the data originates. While short TTLs can be used to minimize
> caching, and a zero TTL prohibits caching, the realities of
> Internet performance suggest that these times should be on
> the order of days for the typical host. If a change can be
> anticipated, the TTL can be reduced prior to the change to
> minimize inconsistency during the change, and then increased
> back to its former value following the change.
>
> In other words, the TTL is up to the DNS administrator's discretion.
>
> Also keep in mind that the TTL is only a maximum. A DNS server
> that caches data from other DNS servers may choose to cache things
> for a shorter amount of time.
>
> > If you know better way to detect slow DNS response, please share the
> > ideas...
>
> Well, the first suggestion is that you can use some program like
> "nslookup" or "dig". They both form DNS queries directly and
> bypass the process that the system uses to resolve names. They
> will therefore give a more direct test.
>
> You could look up a non-existent hostname based on the system's
> time an its own hostname, for example:
>
> now () { nawk 'END {print srand}' /dev/null ; }
> before=`now`
> nslookup `hostname`-`now`.mydomain.com
> after=`now`
> echo "DNS resolution took `expr $after - $before` seconds"
>
> The second suggestion I have is that you need to define what
> you mean "slow DNS response". If you are trying to look up a
> hostname across the ocean, and the path between your DNS server
> and the remote DNS server is very slow and clogged up with traffic,
> then it might take 20 seconds for a query to be finished, and this
> might be the best possible performance.
>
> On the other hand, if you have a DNS server on the same host
> as the one you're testing from and it has the data cached,
> the response might take much less than 0.1 seconds.
>
> So, what is "slow"? This is something you may have to define
> for yourself since there isn't any obvious objective definition.
>
> Hope that helps.
>
> - Logan
>
|
|
|
0
|
|
|
|
Reply
|
alexandre
|
10/8/2003 2:26:22 PM
|
|
|
8 Replies
190 Views
(page loaded in 0.249 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25712 articles. 
78 followers. 