So I never realized this before but certain IP addresses will get truncated in Redhat/CentOS distro’s. Not sure if others distro’s will share this feature but something to pay attention to. They say that the netstat output field is limited to 80 chars. Seems like it would be wiser for them to remove some of the whitespace between the columns than to truncate the IP and I’m sure others have made the mistake as I did by grabbing
tcp 0 91 ::ffff:10.100.0.100 ::ffff:18.104.22.168:51067 ESTABLISHED
22.214.171.124 really should be 126.96.36.199. Never noticed this until I was looking at tcpdump.
A better command to run than netstat is ss, that will also display the correct IP. man ss for more detailed help.
Name Server Cache Daemon (NSCD) is sometimes a little hard to tell is it working or not? The only syntax available to the tool is the ability to view statistics which kind of helps but it doesn’t show what is actually in the cache which I think would be a nice feature to add.. Here’s a sample ‘hosts cache’ on one of our servers…
yes cache is enabled
yes cache is persistent
yes cache is shared
211 suggested size
216064 total data pool size
11952 used data pool size
3600 seconds time to live for positive entries
20 seconds time to live for negative entries
288645 cache hits on positive entries
0 cache hits on negative entries
75914 cache misses on positive entries
229 cache misses on negative entries
79% cache hit rate
86 current number of cached values
224 maximum number of cached values
10 maximum chain length searched
0 number of delays on rdlock
0 number of delays on wrlock
0 memory allocations failed
yes check /etc/hosts for changes
The good thing about nscd is that most of the time, just installing the RPM should work for most people, there really isn’t any need to modify anything in the configuration in order to get it to work…the only issue is trying to figure out really what it’s doing as far as the DNS caching and looking at just the nscd -g stats doesn’t always show the full picture.
Trying to use DNS tools like host, dig, or nslookup will not benefit from using nscd as they will completely bypass this and attempt to hit DNS and will only look at your /etc/nsswitch config. And I do not believe there is any way to tell your using NSCD by just using those tools.. Here’s how you can see what’s in the caches /var/db/nscd you will find 5 files for each of the 5 default caches that are normally setup.
To find the values of any of these just use strings command on them..
strings hosts or strings passwd
Now this doesn’t 100% add up to the full picture as it almost for me adds more questions , as if you try to clear the cache using nscd -i passwd, I would think that would clear this db file.. but it doesn’t , all the contents are still there but at least does help show what it is doing in the background a little more than just viewing the stats