Maintained by: NLnet Labs

[Unbound-users] The flush command of unbound-control doesn't take effect.

paul at nohats.ca
Mon Feb 23 19:18:23 CET 2015


On Mon, 23 Feb 2015, Hongyi Zhao wrote:

> Hi all,
> 
> Currently, I use the latest release of unbound 1.5.2 compilled by myself on the Debian wheezy.  I configured the unbound by some  using
> some forward-zone sections in its unbound.conf  file, and let it  listen on the local 1052 port to listen on for queries.
> 
> Now, I want to use the unbound-control tool to do some tests, say, cleaning some type of record in the cache, say, the A record, by
> using the following command:
> 
> $ sudo unbound-control -c /home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A

You are flushing the domain name "A".

I think you mean

sudo unbound-control -c 
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf 
flush youtube.com

If you want to flush only specific types like A records, use flush_type

Paul



> 
> But I failed to clean the cache, please see following for detail:
> 
> -------------- begin test ------------------------------
> werner at debian:~$ dig -p1052 youtube.com
> 
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;youtube.com.            IN    A
> 
> ;; ANSWER SECTION:
> youtube.com.        3600    IN    A    173.194.127.40
> youtube.com.        3600    IN    A    173.194.127.38
> youtube.com.        3600    IN    A    173.194.127.41
> youtube.com.        3600    IN    A    173.194.127.35
> youtube.com.        3600    IN    A    173.194.127.39
> youtube.com.        3600    IN    A    173.194.127.46
> youtube.com.        3600    IN    A    173.194.127.37
> youtube.com.        3600    IN    A    173.194.127.32
> youtube.com.        3600    IN    A    173.194.127.34
> youtube.com.        3600    IN    A    173.194.127.36
> youtube.com.        3600    IN    A    173.194.127.33
> 
> ;; Query time: 715 msec
> ;; SERVER: 127.0.0.1#1052(127.0.0.1)
> ;; WHEN: Mon Feb 23 10:33:41 2015
> ;; MSG SIZE  rcvd: 205
> 
> werner at debian:~$ sudo unbound-control -c /home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A
> ok
> werner at debian:~$ dig -p1052 youtube.com
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;youtube.com.            IN    A
> 
> ;; ANSWER SECTION:
> youtube.com.        3584    IN    A    173.194.127.40
> youtube.com.        3584    IN    A    173.194.127.38
> youtube.com.        3584    IN    A    173.194.127.41
> youtube.com.        3584    IN    A    173.194.127.35
> youtube.com.        3584    IN    A    173.194.127.39
> youtube.com.        3584    IN    A    173.194.127.46
> youtube.com.        3584    IN    A    173.194.127.37
> youtube.com.        3584    IN    A    173.194.127.32
> youtube.com.        3584    IN    A    173.194.127.34
> youtube.com.        3584    IN    A    173.194.127.36
> youtube.com.        3584    IN    A    173.194.127.33
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#1052(127.0.0.1)
> ;; WHEN: Mon Feb 23 10:33:57 2015
> ;; MSG SIZE  rcvd: 205
> -------------- end test ------------------------------
> 
>  As you can see, after I've done the flush operation  on the A record, the 2nd dig command still can fetech the cached A records -- "the
> Query time: 0 msec" of the 2nd run of dig should tell this.
> 
> Why does this happen?  Could someone please give me some hints?
> 
> Regards 
> --
> Hongyi Zhao <hongyi.zhao at gmail.com>
> Xinjiang Technical Institute of Physics and Chemistry
> Chinese Academy of Sciences
> GnuPG DSA: 0xD108493
> 
>