Maintained by: NLnet Labs

[Unbound-users] cache size

lst_hoe02 at kwsoft.de
Fri Sep 21 14:20:25 CEST 2012


Zitat von daniela daniela <daniela.daniela.daniela.daniela at gmail.com>:

> Thank you a lot Andreas,
>
>>
>> The optimal cache size is easy: As much as you can provide without impacting
>> other services on the machine. On the other hand even a too small cache
>> whith Unbound have to purge results not expired yet, doesn't harm too much
>> beside in corner cases.
>
> I am very puzzled because even on my old netbook which has only 2GB
> ram, unbound (with standard parameters) is only 132 KB. So of course I
> have the strong desire to drastically increase, but being pretty
> clueless, I am also wary :)
>

You should keep the following in mind:
- The Unbound memory values are borders Unbound should not cross but  
in the ideal case are never reached
- DNS records are small and even some "tiny" MB can hold a lot of  
them, so the maximum cache size is often bigger as it needs to be
- Even if the cache boundery is hit the performance impact is  
typically low because the entries Unbound is forced to expire early  
are rarely used anyway

>>
>> Not sure what you mean with "physically located". The cache is obviously in
>> the machine RAM, but if you ask for the network location of the machine you
>> should always get a close to your border router as possible.
>
> Thank you a lot, sorry for my bad english. So it would be better to
> have the LAN query a machine / gateway which runs the service, as
> opposed to activating the service on each machine to take care of
> itself?

Yes of course. The LAN latency is low and the more clients you have,  
the higher the cance that a DNS record is cached because of a previous  
question from an other client. That's the whole point of a cache to  
prevent asking the same question again across the slow internet link.

> One more question, is there a way to feed data to unbound cache? Such
> as blacklists or already resolved whitelists? I can only imagine the
> brute force and crude method of inserting a huge load of stuff into
> HOSTS file, run a script that calls all those IPs while I supposedly
> sleep (do we ever sleep?), then feed it another chunk until it's all
> done. More elegant solutions?

IMHO pre-warm the cache is not as useful as one might think. Many DNS  
records have a low TTL and are therefore expired before you will  
actually use them. You might try to set "prefetch: yes" to see if it  
helps in your case.

Regards

Andreas