Le cache DNS AIX est géré par le démon 'netcd'.
Pour afficher l'état du démon, lancer la commande 'lssrc -s netcd'.
Pour activer le cache pour les résoluation DNS, il suffit de créer le fichier /etc/netcd.conf avec la ligne suivante :
cache dns hosts 128 60
Cela indique que les requête de type DNS doivent être mise en cache avec une durée de rétention de 60 minutes jusqu'à 128 entrées.
Pour lancer le service, utiliser la commande 'startsrc -s netcd'.
A noter que le service est lancé au boot depuis le fichier '/etc/rc.tcpip'.
Pour activer le lancement en permanence, utiliser la commande : '/usr/sbin/chrctcp -S -a netcd'.
Si vous souhaitez vérifier le contenu du cache DNS pour AIX, utiliser la commande :
# netcdctrl -t dns -e hosts -a /tmp/cacheDNS.log
Cette commande remplit le fichier /tmp/cacheDNS.log avec le contenu du cache.
Exemple :
# netcdctrl -t dns -e hosts -a /tmp/cacheDNS.log ; cat /tmp/cacheDNS.log
CACHE dns, hosts, name
>>>>>>>>>>>>>>>>>>>>>>>>>>>> ELEM #1
Expiration date : Mon Jun 2 20:05:41 2015
Ulm or resolver name : dns
Query type : 10100002
Query length : 9
Answer (0: positive; 1 : negative) : 0
Query key : 1211245064
String used in query : yahoo.com
Additional parameters in query:
query param1 : 2
query param2 : 0
Length of cached element : 35
################### hostent
Number of aliases = 0
Number of addresses = 2
Type = 2
Length = 4
Host name = yahoo.com
Alias =
Address = 68.180.206.184
Address = 206.190.60.37
#################### end of hostent
>>>>>>>>>>>>>>>>>>>>>>>>>>>> END ELEM #1
END CACHE dns, hosts, name
CACHE dns, hosts, address
END CACHE dns, hosts, address
Ci-dessous la documentation IBM sur le format du fichier netcd.conf:
Purpose
Defines parameters for the netcd daemon.
Description
The /etc/netcd.conf file is the default configuration file for the netcd daemon. This file is part of TCP/IP in Network Support Facilities.
To change the /etc/netcd.conf file, run the stopsrc -s netcd command and then the startsrc -s netcd command. The netcd.conf file specifies the map resolvers that are cached, and supplies parameters to the netcd daemon.
A template of the netcd.conf file is provided in the /usr/samples/tcpip directory.
If you do not use any configuration files, the netcd daemon proceeds with the default values indicated later in this section.
- cache description declarations (keyword - cache)
- security declarations (keywords - owner, group and home_dir)
- log file declarations (keywords - log_file, log_rotate, and log_size)
- additional declarations to control the netcd daemon (keywords - net_scan_frequency, local_scan_frequency, and socket_queue_size)
Syntax
cache <space><space><tab><tab> dns <space><space> local <tab><tab> foo
The syntax for each individual keyword is described in the following sections.
Cache description declarations
Syntax
cache <type_of_cache> <type_of_map> <hash_size> <cache_ttl>
0 to n cache declarations describe what is cached. If no such line is specified, the default line is cache all all 128 60.
- local - local resolver
- dns - DNS resolver
- nis - nis resolver
- nisplus - nisplus resolver
- yp - yellow pages services
- ulm - other resolvers that you are using on your machine (if any)
- all - local, dns, nis, nisplus, ulm, and yp for the type_of_cache parameter
- a ulm name - the name of a specific resolver other than local, dns, nis, and nisplus that you installed
- hosts - hosts map type of the resolver
- protocols - protocols map type of the resolver
- services - services map type of the resolver
- networks - networks map type of the resolver
- netgroup - netgroup map type of the resolver
- all - all map types applicable for the type_of_map parameter that you specified
- a yp map name - the name of a yellow page service from the list passwd.byname, passwd.byuid, group.byname, group.bygid, netid.byname, and passwd.adjunct.byname
The maps supported for yp are passwd.byname, passwd.byuid, group.byname, group.bygid, netid.byname, and passwd.adjunct.byname.
The hash_size parameter specifies the number of lines for the cache (a cache is a hash table). The default value is 128.
The cache_ttl parameter specifies the length of time during which an entry is kept in the cache. Its unit is minute. The value of 0 is infinite; the default value is 60. The cache_ttl parameter is not taken into account for local caches. For dns, it is not suggested to specify a non-null value, because if you specify a non-null value, it overwrites the DNS time-to-live (TTL) sent back when DNS finds the entry. Otherwise, each entry is kept in the cache for the duration of the TTL that the DNS specifies.
Security declarations
The three following declarations allow the netcd daemon to run in the secure mode (for example, security against code execution because of stack overflow):
| Item | Description |
|---|---|
| owner <value> | Specifies the owner of the netcd daemon during its execution. The default value is root. |
| group <value> | Specifies the group owner of the netcd daemon during its execution. The default value is system. |
| home_dir <value> | Specifies the working directory for the netcd daemon during its execution. The default value is /. |
Log file declarations
| Item | Description |
|---|---|
| log_file <file> | Specifies the name of the log file for the netcd daemon. The default value is /var/tmp/netcd.log. |
| log_rotate<number> | Specifies the number of rotations for the log file. The default is no rotation, which is specified by not including a log_rotatedeclaration. |
| log_size <number> | Specifies the size of the log file, in case of rotation, in KB. |
Additional declarations
| Item | Description |
|---|---|
| net_scan_frequency<value> | Specifies the scan frequency, in minutes, of the network cache for expired entries because of TTL. The default value is 1. |
| local_scan_frequency<value> | Specifies the scan frequency, in minutes, of the local files for modified dates. When a local file (for example, /etc/hosts) is detected as modified, the corresponding local cache is reloaded with the content of the file. The default value is 1. |
| socket_queue_size<value> | Specifies the size of the message queue for the socket that the netcd daemon uses to communicate with the requesting applications. This value indicates how many waiting requests the netcd daemon will accept. The default value is 256. |
Examples
- To cache only local host resolutions with a hash table of 1024 lines, use the following cache declaration:
cache local hosts 1024
- To cache all of the local resolutions with caches of 512 lines, use the following cache declaration:
cache local all 512 - For all protocol resolutions with a hash table of 600 lines and with an expiration of 1 day, use the following cache declaration:
cache all protocols 600 1440 - For a david ulm for all maps with a hash table of 128 lines and with an expiration of 1 hour by default, use the following cache declaration:
cache david all 128
Netcd dns configuration for negative response
Netcd dns configuration for negative response is supported for AIX 7.1 TL 5 and AIX 7.2 TL 2.
Netcd can be configured to use a local TTL value for negative queries. This TTL value may be an entry in the netcd configuration file. This will ensure that negative responses cached by netcd daemon will be erased after this time interval expires.
cache <type_of_cache> <type_of_map> <hash_size> <cache_ttl>:<negative cache_ttl>
- Cache dns hosts 128 obey the TTL from dns server for positive and negative responses
- Cache dns hosts 128 20 overwrite the TTL from dns server for positive and negative responses
- Cache dns hosts 128 20:30 overwrite the TTL from dns server for positive and negative responses with different TTL values
- Cache dns hosts 128 0:20 overwrite the TTL from dns server for negative response only
- Cache dns hosts 128 20:0 overwrite the TTL from dns server for positive response only
- Cache dns hosts 128: ERROR
- Cache dns hosts 128 20: ERROR
- Cache dns hosts 128: 20 ERROR
