構建域名解析緩存的必要性
在部署服務器時,很多應用程序都需要調用域名解析服務,一般是通過配置/etc/resolv.conf來指定DNS服務器的IP。但如果程序發起的請求量較大,那麼服務器就容易被這些DNS服務器禁止訪問;同時每次都去訪問外部DNS服務器,會導致延時增大,遇到網絡問題時,還會發生解析不成功的現象。這種情況下,需要配置一個透明的DNS解析緩存服務,以達到如下效果:
優化DNS響應速度。通過緩存DNS的服務請求結果,後續相同的DNS請求不再通過訪問任何外部網絡服務器來獲得結果,減少了網絡訪問的延時。
減少DNS對外部網絡的依賴。在緩存週期內,相同DNS請求不再發生網絡通信行為,可以減少短暫的外部網絡不可用時導致的影響。
NSCD安裝配置方法
NSCD(名稱服務緩存進程)不需要對應程序或解析器做任何修改,/etc/resolv.conf也不需要做任何變化,對於系統部署的影響最小。
因此NSCD成為Linux環境中最廣泛的域名緩存軟件。
安裝可以使用yum進行安裝操作:
[root@ansible ~]# yum -y install nscd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* epel: mirrors.ustc.edu.cn
Package nscd-2.17-196.el7.x86_64 already installed and latest version
Nothing to do
nscd的核心配置文件是:/etc/nscd.conf
其中核心配置為:
[root@ansible ~]# sed -n '/hosts/p' /etc/nscd.conf
# Currently supported cache names (services): passwd, group, hosts, services
enable-cachehostsyes
positive-time-to-livehosts 3600
negative-time-to-livehosts 20
suggested-sizehosts211
check-fileshostsyes
persistenthostsyes
sharedhostsyes
max-db-sizehosts33554432
[root@ansible ~]#
其中:
enable-cache:指定對DNS解析進行緩存
positive-time-to-live:是指對解析成功的DNS結果進行緩存的時間,以秒為單位
negative-time-to-live:是指對解析失敗的DNS結果進行緩存的時間。例如網絡故障導致的DNS解析失敗或者請求的DNS條目沒有配置等。
suggested-size:NSCD內部的哈希表的大小,如果緩存條目數量遠大於默認的211(如果10倍以上,則修改此值)
check-files:是否檢查/etc/hosts文件的變化
persistent:是否在重啟NSCD進程時保留已緩存的條目
shared:是否允許客戶端直接查詢NSCD的內存鏡像已獲得結果。
max-db-size:DNS的緩存大小,已字節為單位。
域名解析緩存驗證
在部署了NSCD後,可以使用如下命令檢查結果:
[root@ansible ~]# sed '/^#/d;/^$/d' /etc/nscd.conf
server-usernscd
debug-level0
paranoiano
enable-cachehostsyes
positive-time-to-livehosts 3600
negative-time-to-livehosts 20
suggested-sizehosts211
check-fileshostsyes
persistenthostsyes
sharedhostsyes
max-db-sizehosts33554432
[root@ansible ~]# systemctl restart nscd
[root@ansible ~]# nscd -g
nscd configuration:
2 server debug level
16m 46s server runtime
10 current number of threads
32 maximum number of threads
6 number of times clients had to wait
no paranoia mode enabled
3600 restart internal
5 reload count
passwd cache:
no cache is enabled
yes cache is persistent
yes cache is shared
0 suggested size
0 total data pool size
0 used data pool size
600 seconds time to live for positive entries
20 seconds time to live for negative entries
0 cache hits on positive entries
0 cache hits on negative entries
0 cache misses on positive entries
0 cache misses on negative entries
0% cache hit rate
0 current number of cached values
0 maximum number of cached values
0 maximum chain length searched
0 number of delays on rdlock
0 number of delays on wrlock
0 memory allocations failed
yes check /etc/passwd for changes
group cache:
no cache is enabled
yes cache is persistent
yes cache is shared
0 suggested size
0 total data pool size
0 used data pool size
3600 seconds time to live for positive entries
60 seconds time to live for negative entries
0 cache hits on positive entries
0 cache hits on negative entries
0 cache misses on positive entries
0 cache misses on negative entries
0% cache hit rate
0 current number of cached values
0 maximum number of cached values
0 maximum chain length searched
0 number of delays on rdlock
0 number of delays on wrlock
0 memory allocations failed
yes check /etc/group for changes
hosts cache:
yes cache is enabled
yes cache is persistent
yes cache is shared
211 suggested size
216064 total data pool size
1512 used data pool size
36000 seconds time to live for positive entries
20 seconds time to live for negative entries
0 cache hits on positive entries
0 cache hits on negative entries
61 cache misses on positive entries
2 cache misses on negative entries
0% cache hit rate
11 current number of cached values
19 maximum number of cached values
1 maximum chain length searched
0 number of delays on rdlock
0 number of delays on wrlock
0 memory allocations failed
yes check /etc/hosts for changes
services cache:
no cache is enabled
yes cache is persistent
yes cache is shared
0 suggested size
0 total data pool size
0 used data pool size
28800 seconds time to live for positive entries
20 seconds time to live for negative entries
0 cache hits on positive entries
0 cache hits on negative entries
0 cache misses on positive entries
0 cache misses on negative entries
0% cache hit rate
0 current number of cached values
0 maximum number of cached values
0 maximum chain length searched
0 number of delays on rdlock
0 number of delays on wrlock
0 memory allocations failed
yes check /etc/services for changes
netgroup cache:
no cache is enabled
yes cache is persistent
yes cache is shared
0 suggested size
0 total data pool size
0 used data pool size
28800 seconds time to live for positive entries
20 seconds time to live for negative entries
0 cache hits on positive entries
0 cache hits on negative entries
0 cache misses on positive entries
0 cache misses on negative entries
0% cache hit rate
0 current number of cached values
0 maximum number of cached values
0 maximum chain length searched
0 number of delays on rdlock
0 number of delays on wrlock
0 memory allocations failed
yes check /etc/netgroup for changes
[root@ansible ~]#
閱讀更多 海淵haiyuan 的文章
