flooding speed

Gary Mills mills@cc.umanitoba.ca
Wed Jan 11 23:58:48 UTC 2006

On Wed, Jan 11, 2006 at 04:34:55PM -0700, Vernon Schryver wrote:
> I've seen something interesting on a site that uses sendmail+dccm+MAPS+SBL
> and runs a DCC server on Solaris.  The DCC hit rate had dropped
> significantly.  Flooding from its peers was always a day or two behind.
> Nscd had grown to more than 3 GBytes and a resident set of more than 1 GByte.
> After nscd was bounced, ncsd was about 1000 times smaller, and dccd
> started keeping up with the incoming floods.

This sounds as if one of the hash tables overflowed.  Increasing the
suggested-size for the passwd map from 211 to 8443 in /etc/nscd.conf
might help a lot. 8443 seems to be the upper limit for this setting.
This behavior is likely a result of spam sent to thousands of guessed
addresses.  Each of them has to be looked up in the passwd map to
determine if they really exist.  This stresses name service facilities
in ways that nobody expected.

-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.