Maintained by: NLnet Labs

[Unbound-users] The flush command of unbound-control doesn't take effect.

Hongyi Zhao
Mon Feb 23 10:11:55 CET 2015


Thanks a lot, got it.

H. Zhao

Regards

2015-02-23 16:50 GMT+08:00 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi Hongyi,
>
> On 23/02/15 03:49, Hongyi Zhao wrote:
> > Hi all,
> >
> > Currently, I use the latest release of unbound 1.5.2 compilled by
> > myself on the Debian wheezy.  I configured the unbound by some
> > using some forward-zone sections in its unbound.conf  file, and let
> > it  listen on the local 1052 port to listen on for queries.
> >
> > Now, I want to use the unbound-control tool to do some tests, say,
> > cleaning some type of record in the cache, say, the A record, by
> > using the following command:
> >
> > $ sudo unbound-control -c
> >
> /home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
> >
> >
> flush A
>
> You flush here the domain-name "A".  The command expects a domain
> name, so like: flush example.com removes the example.com A record.
>
> Best regards,
>    Wouter
>
> > But I failed to clean the cache, please see following for detail:
> >
> > -------------- begin test ------------------------------
> > werner at debian:~$ dig -p1052 youtube.com <http://youtube.com>
> >
> > ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
> > <http://youtube.com> ;; global options: +cmd ;; Got answer: ;;
> > ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966 ;; flags: qr
> > rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION: ;youtube.com <http://youtube.com>.
> > IN    A
> >
> > ;; ANSWER SECTION: youtube.com <http://youtube.com>.        3600
> > IN    A    173.194.127.40 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.38 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.41 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.35 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.39 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.46 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.37 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.32 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.34 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.36 youtube.com <http://youtube.com>.
> > 3600    IN    A    173.194.127.33
> >
> > ;; Query time: 715 msec ;; SERVER: 127.0.0.1#1052(127.0.0.1) ;;
> > WHEN: Mon Feb 23 10:33:41 2015 ;; MSG SIZE  rcvd: 205
> >
> > werner at debian:~$ sudo unbound-control -c
> >
> /home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
> >
> >
> flush A
> > ok werner at debian:~$ dig -p1052 youtube.com <http://youtube.com> ;
> > <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
> > <http://youtube.com> ;; global options: +cmd ;; Got answer: ;;
> > ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618 ;; flags: qr
> > rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION: ;youtube.com <http://youtube.com>.
> > IN    A
> >
> > ;; ANSWER SECTION: youtube.com <http://youtube.com>.        3584
> > IN    A    173.194.127.40 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.38 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.41 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.35 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.39 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.46 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.37 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.32 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.34 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.36 youtube.com <http://youtube.com>.
> > 3584    IN    A    173.194.127.33
> >
> > ;; Query time: 0 msec ;; SERVER: 127.0.0.1#1052(127.0.0.1) ;; WHEN:
> > Mon Feb 23 10:33:57 2015 ;; MSG SIZE  rcvd: 205 -------------- end
> > test ------------------------------
> >
> > As you can see, after I've done the flush operation  on the A
> > record, the 2nd dig command still can fetech the cached A records
> > -- "the Query time: 0 msec" of the 2nd run of dig should tell
> > this.
> >
> > Why does this happen?  Could someone please give me some hints?
> >
> > Regards -- Hongyi Zhao <hongyi.zhao at gmail.com
> > <mailto:hongyi.zhao at gmail.com>> Xinjiang Technical Institute of
> > Physics and Chemistry Chinese Academy of Sciences GnuPG DSA:
> > 0xD108493
> >
> >
> > _______________________________________________ Unbound-users
> > mailing list Unbound-users at unbound.net
> > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJU6unLAAoJEJ9vHC1+BF+NjBwP/i250ZVWggolI/h+T0HvbZ9z
> wSrBVqwaUndkRCvR+orRJft93gP/4UxERAH4OLuSri1hysVZrb8z4U8whttJrmzA
> hoZM+z2OEtpHdWYWKJPdDDrztiQ9pLRdjvaYFplzoyNrKAVCsFju2WX+atglrMKH
> du6+AP0T0PtaKW27fjna8kwnz2Rm/i04GB3Qj0vTdIz/g4r68s4l9Eeh5K1cf47M
> vZGq7TCuc50kpFy9VdqKKXv65bYPCz2OG+Kv6b0LF3JgfbozE8+h5yANDIgTTUXL
> 1yNeKPkHDV+pOrpM/ZPoX4IM4YusQ1U8lqUQ1jbIMkeSnwvCGCmlnGb5D6h12C09
> xXx/nIY0SiaHQZFqsaYhoa9ixThs2HpIcu+2LOpyW/aoJykDNP1GzNPoBRQTbPy+
> ap2KQnivvWUaYTe9tK0aaYNXRfOyOXQHAjXuQIjU/rgKlcX+4fjYyIORzfFVdGfz
> uoqdbcflnEeeWQ8xF2SS7fq4PWDy8jMMGhOMpXoLIlFnDVc8IGGYaQfu9zvLuBhj
> tgvLBEtIxJ/xq7I5lgduQXVwKVICT3/1n5ev4N4eBBhNRCgBYQsjPrFepQFJocms
> xs7yj3O9w/trOxOgYso0LVOVeonu6x5zV4qZpE8RUPCekohcXfFfvZ83oFAfRXbx
> 68HQCK0vFtvB+bO6u4B9
> =fRai
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>



-- 
Hongyi Zhao <hongyi.zhao at gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20150223/0df47ce7/attachment-0001.html>