Bug 4428

Summary:	hosts caching does not respect TTL, and caches old IP's
Product:	glibc	Reporter:	Pierre Habouzit <madcoder>
Component:	nscd	Assignee:	Ulrich Drepper <drepper.fsp>
Status:	REOPENED ---
Severity:	normal	CC:	fche, fweimer, glibc-bugs, ibaldo
Priority:	P2	Flags:	fweimer: security-
Version:	unspecified
Target Milestone:	---
Host:		Target:
Build:		Last reconfirmed:
Bug Depends on:	19565
Bug Blocks:

Description Pierre Habouzit 2007-04-25 20:10:54 UTC

I've tested that using a very short lived (TTL of 3 seconds) of a DNS A 
record. nscd only respects positive-time-to-live from /etc/nscd.conf and not 
DNS TTLS as it should.

It has very nasty side effects if the record in question is (e.g.) the IP of 
the ldap server :)

To reproduce the problem, have a short lived A domain (e.g. 3 seconds) change 
its IP. hosts $domain will answer the correct new IP after at most 3 seconds, 
whereas getent hosts $domain will always return the old IP (until the 
nscd.conf positive-time-to-live expires).

Comment 1 Ulrich Drepper 2007-04-28 04:26:19 UTC

nscd does respect TTL.  Only for getaddrinfo but this is OK since no program
should have use gethostbyaddr*.

Comment 2 Pierre Habouzit 2007-04-28 10:08:32 UTC

Given the number of pre-2001 software still around (time at which gethostby* 
calls were marked obsoletes) that indeed use gethostby* (and the number of 
more recent software using it too, even being obsolete) you are just knowingly 
breaking them.

Quite interesting indeed. Btw I tested this _BUG_ doing:
$ getent hosts ttl3.madism.org
which after 3 seconds does not make a new request as it should (running nscd 
in debug mode shows it quite unambiguously).

Interestingly enough, getent (from the libc you know) does that:

$ ltrace getent hosts ttl3.madism.org > /dev/null
__libc_start_main(0x402e40, 3, 0x7fffeead3c08, 0x403c40, 0x403c30 
<unfinished ...>
mtrace()                                         = <void>
setlocale(6, "")                                 
= "LC_CTYPE=fr_FR.utf8;LC_NUMERIC=f"...
textdomain("libc")                               = "libc"
argp_parse(0x5053e0, 3, 0x7fffeead3c08, 0, 0x7fffeead3af4) = 0
strcmp("hosts", "hosts")                         = 0
inet_pton(10, 0x7fffeead547b, 0x7fffeead3aa0, 0x5070c0, 0x5070d0) = 0
inet_pton(2, 0x7fffeead547b, 0x7fffeead3aa0, 0, 0x7fffeead3a40) = 0
gethostbyname2(0x7fffeead547b, 10, 0x7fffeead3aa0, 116, 0) = 0
gethostbyname2(0x7fffeead547b, 2, 1, 0, 0x2ae1c05b8790) = 0x2ae1bc33cfe0
inet_ntop(2, 0x5070f8, 0x7fffeead3a40, 46, 0)    = 0x7fffeead3a40
printf("%-15s %s", "127.0.0.1", "ttl3.madism.org") = 31
+++ exited (status 0) +++


So now I'm not surprised anymore I guess. You are breaking your own software.
IMHO, given how broken gethostby* are with the use of nscd, either hosts 
caching should be removed, or gethostby* generate a warning at link time so 
that people get to know that those are not supported at *all*.

Comment 3 Jackie Rosen 2014-02-16 19:44:08 UTC Comment hidden (spam)

*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.

Comment 4 Florian Weimer 2016-02-04 06:48:16 UTC

The gethostbyname functions are not deprecated, so there is no compelling reason not to fix this.