Bug 4428 - hosts caching does not respect TTL, and caches old IP's
Summary: hosts caching does not respect TTL, and caches old IP's
Alias: None
Product: glibc
Classification: Unclassified
Component: nscd (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
Depends on: 19565
  Show dependency treegraph
Reported: 2007-04-25 20:10 UTC by Pierre Habouzit
Modified: 2016-02-04 08:00 UTC (History)
4 users (show)

See Also:
Last reconfirmed:
fweimer: security-


Note You need to log in before you can comment on or make changes to this bug.
Description Pierre Habouzit 2007-04-25 20:10:54 UTC
I've tested that using a very short lived (TTL of 3 seconds) of a DNS A 
record. nscd only respects positive-time-to-live from /etc/nscd.conf and not 
DNS TTLS as it should.

It has very nasty side effects if the record in question is (e.g.) the IP of 
the ldap server :)

To reproduce the problem, have a short lived A domain (e.g. 3 seconds) change 
its IP. hosts $domain will answer the correct new IP after at most 3 seconds, 
whereas getent hosts $domain will always return the old IP (until the 
nscd.conf positive-time-to-live expires).
Comment 1 Ulrich Drepper 2007-04-28 04:26:19 UTC
nscd does respect TTL.  Only for getaddrinfo but this is OK since no program
should have use gethostbyaddr*.
Comment 2 Pierre Habouzit 2007-04-28 10:08:32 UTC
Given the number of pre-2001 software still around (time at which gethostby* 
calls were marked obsoletes) that indeed use gethostby* (and the number of 
more recent software using it too, even being obsolete) you are just knowingly 
breaking them.

Quite interesting indeed. Btw I tested this _BUG_ doing:
$ getent hosts ttl3.madism.org
which after 3 seconds does not make a new request as it should (running nscd 
in debug mode shows it quite unambiguously).

Interestingly enough, getent (from the libc you know) does that:

$ ltrace getent hosts ttl3.madism.org > /dev/null
__libc_start_main(0x402e40, 3, 0x7fffeead3c08, 0x403c40, 0x403c30 
<unfinished ...>
mtrace()                                         = <void>
setlocale(6, "")                                 
= "LC_CTYPE=fr_FR.utf8;LC_NUMERIC=f"...
textdomain("libc")                               = "libc"
argp_parse(0x5053e0, 3, 0x7fffeead3c08, 0, 0x7fffeead3af4) = 0
strcmp("hosts", "hosts")                         = 0
inet_pton(10, 0x7fffeead547b, 0x7fffeead3aa0, 0x5070c0, 0x5070d0) = 0
inet_pton(2, 0x7fffeead547b, 0x7fffeead3aa0, 0, 0x7fffeead3a40) = 0
gethostbyname2(0x7fffeead547b, 10, 0x7fffeead3aa0, 116, 0) = 0
gethostbyname2(0x7fffeead547b, 2, 1, 0, 0x2ae1c05b8790) = 0x2ae1bc33cfe0
inet_ntop(2, 0x5070f8, 0x7fffeead3a40, 46, 0)    = 0x7fffeead3a40
printf("%-15s %s", "", "ttl3.madism.org") = 31
+++ exited (status 0) +++

So now I'm not surprised anymore I guess. You are breaking your own software.
IMHO, given how broken gethostby* are with the use of nscd, either hosts 
caching should be removed, or gethostby* generate a warning at link time so 
that people get to know that those are not supported at *all*.
Comment 3 Jackie Rosen 2014-02-16 19:44:08 UTC Comment hidden (spam)
Comment 4 Florian Weimer 2016-02-04 06:48:16 UTC
The gethostbyname functions are not deprecated, so there is no compelling reason not to fix this.