Re: Ranting on ipcache bogosity

From: Chris Fedde <>
Date: Thu, 22 Aug 1996 11:47:07 -0600

In message <>Jonathan Larmour:
>At 10:01 22/08/96 +0200, Stephane Bortzmeyer wrote:
>>On Wednesday 21 August 96, at 7 h 54, the keyboard of Duane Wessels
>><> wrote:
>>> If somebody wants to write a new dnsserver which uses res_query()
>>> instead of gethostbyname() please do. Then we could pass back the real
>>> TTL info from the DNS.
>>Yes, but this would introduce another problem: on many machines the
>>administrator wants to control what directory systemes are used. This is
>>typically done through a file (host.conf on Linux, svc.conf on OSF/1,
>>nsswitch.conf on Solaris) which lists what directories (hosts file, DNS,
>>NIS, X500, etc) should be used by resolving routines like gethostbyname
>>and in which order. If you call directly the DNS, you lose that.
>Perhaps add it as another option to squid.conf? One option directly uses
>res_query, the other uses gethostbyname(). 99% of people want res_query I'd
>imagine, and since the code for the gethostbyname() version is already there
>and working, it wouldn't be too much hassle to make it optional (he says

In light of the point made by Stephane Bortzmeyer it would be a
bad thing to break configurations that depend on gethostbyname()
to perform the lookup functionality. It would seem that making
squid use something other than gethostbyname() for name-to-address
mapping would be a mistake.

The main concern with gethostbyname() is that it is a lowest common
denominator interface. It simply returns a list of addresses for
any name query, regardless of the back-end directory service. On
the surface it seems that squid wants deeper interaction with the
directory service than simply fetching a list of addresses. I
assert that this is not the case. Squid should simply trust the
directory service to return something reasonable. Any scenario
where squid caches the results of the lookup for longer than a
single HTTP session will cause problems in a number of boundary
case situations.

It is my belief that squid should always go through the dnsserver
for address resolution. It should not cache this information
internally for re-use in subsequent sessions since it has no
knowledge of the mechanisms used by that back-end. In this way
squid takes advantage of all the thinking and design of the directory
service regardless of what service is in place.

Squid may however make good use of a history of failed connect
attempts. This history could be implemented as a simple hash table
mapping failed addresses to a time stamp. Using address as the
hash table key rather than name is important since name-to-address
is often a one-to-many relationship. It is the connection to the
address that failed not necessarily the connection to the name.


During normal operations it is difficult to distinguish between
mediocre and optimal implementations -- it is only when the network
comes under stress that quality becomes important.
                                                 -- Marshal T. Rose
Received on Thu Aug 22 1996 - 10:50:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:50 MST