nscd: Either fix automatic hosts cache invalidation or add resolvconf update script to invalidate the hosts cache

When nscd is running and the hosts cache is enabled and resolv.conf changes, the hosts cache needs to be invalidated, but this does not currently happen.

I discovered this while running nscd with the hosts cache enabled. I connected to a VPN whose internal nameservers resolve certain domain names differently from external nameservers: for a given name, external nameservers resolve the name to the IP address of the company's reverse proxy whereas the internal nameservers resolve the name to an internal IP address. After I connected to the VPN my resolv.conf file was correctly updated by resolvconf such that the VPN nameserver was listed first, but nscd continued to supply the old external IP address out of its cache. Analogous problem on disconnecting from the VPN. (When resolvconf is installed it updates the resolver configuration file resolv.conf. It actually writes to /run/resolvconf/resolv.conf to which /etc/resolv.conf is a symbolic link.)

I would have expected that nscd would invalidate its hosts cache automatically when resolv.conf changed. I initially thought that this was the point of the patch discussed here:

     http://www.eglibc.org/archives/patches/msg00977.html

which I believe has since been integrated into Ubuntu nscd. But experimentation proves that nscd does *not* invalid its hosts cache when resolv.conf changes... at least, not under the circumstances described above.

Now I understand that when resolv.conf changes, nscd does re-read the resolv.conf file and so does use the correct nameservers for new queries, but does not clear its cache.

If nscd is supposed to invalidate its hosts cache when resolv.conf changes then please fix the bug which causes this to fail to happen.

If it was not the intent to include that functionality in nscd, then please add a resolvconf update script that invalidates the hosts cache when resolv.conf is changed by resolvconf.

This can be implemented in two parts. First, add a new "invalidate-hosts" method to the initscript which invalidates the hosts cache, making use of nscd's "--invalidate" option. Then include a file named /etc/resolvconf/update-libc.d/000nscd in the nscd package with the following content.

    #!/bin/sh
    [ -x /etc/init.d/nscd ] && /etc/init.d/nscd invalidate-hosts

The code in the initscript could look something like the following.

--- nscd_ORIG 2012-10-04 04:13:52.000000000 +0200
+++ nscd 2013-02-12 21:00:33.191132785 +0100
@@ -70,6 +70,11 @@
  return 0
 }

+invalidate_hosts()
+{
+ "$DAEMON" --invalidate hosts
+}
+
 case "$1" in
 start)
  log_daemon_msg "Starting $DESC" "$NAME"
@@ -118,8 +123,16 @@
   1) log_success_msg "running." ; exit 0 ;;
  esac
  ;;
+invalidate-hosts)
+ log_daemon_msg "Invalidating hosts cache of $DESC"
+ status || invalidate_hosts
+ case "$?" in
+ 0) log_end_msg 0 ; exit 0 ;;
+ *) log_failure_msg " (failed)" ; exit 1 ;;
+ esac
+ ;;
 *)
- echo "Usage: /etc/init.d/$NAME {start|stop|force-reload|restart|status}" >&2
+ echo "Usage: /etc/init.d/$NAME {start|stop|force-reload|restart|status|invalidate-hosts}" >&2
  exit 1
  ;;
 esac

Should you implement this, please Suggest resolvconf (>= 1.70) and Conflict with resolvconf (<< 1.70), since those older versions of resolvconf restarted nscd if resolv.conf changed and nscd had its hosts cache enabled.
--
Thomas Hood