Maintained by: NLnet Labs

[Unbound-users] The flush command of unbound-control doesn't take effect.

Hongyi Zhao
Tue Feb 24 00:38:12 CET 2015


Dear Paul,

Thanks a lot for your hints.  I've got it.

Regards

2015-02-24 2:18 GMT+08:00 <paul at nohats.ca>:

> On Mon, 23 Feb 2015, Hongyi Zhao wrote:
>
>  Hi all,
>>
>> Currently, I use the latest release of unbound 1.5.2 compilled by myself
>> on the Debian wheezy.  I configured the unbound by some  using
>> some forward-zone sections in its unbound.conf  file, and let it  listen
>> on the local 1052 port to listen on for queries.
>>
>> Now, I want to use the unbound-control tool to do some tests, say,
>> cleaning some type of record in the cache, say, the A record, by
>> using the following command:
>>
>> $ sudo unbound-control -c /home/werner/software/anti-
>> gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A
>>
>
> You are flushing the domain name "A".
>
> I think you mean
>
> sudo unbound-control -c /home/werner/software/anti-
> gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush youtube.com
>
> If you want to flush only specific types like A records, use flush_type
>
> Paul
>
>
>
>
>
>> But I failed to clean the cache, please see following for detail:
>>
>> -------------- begin test ------------------------------
>> werner at debian:~$ dig -p1052 youtube.com
>>
>> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;youtube.com.            IN    A
>>
>> ;; ANSWER SECTION:
>> youtube.com.        3600    IN    A    173.194.127.40
>> youtube.com.        3600    IN    A    173.194.127.38
>> youtube.com.        3600    IN    A    173.194.127.41
>> youtube.com.        3600    IN    A    173.194.127.35
>> youtube.com.        3600    IN    A    173.194.127.39
>> youtube.com.        3600    IN    A    173.194.127.46
>> youtube.com.        3600    IN    A    173.194.127.37
>> youtube.com.        3600    IN    A    173.194.127.32
>> youtube.com.        3600    IN    A    173.194.127.34
>> youtube.com.        3600    IN    A    173.194.127.36
>> youtube.com.        3600    IN    A    173.194.127.33
>>
>> ;; Query time: 715 msec
>> ;; SERVER: 127.0.0.1#1052(127.0.0.1)
>> ;; WHEN: Mon Feb 23 10:33:41 2015
>> ;; MSG SIZE  rcvd: 205
>>
>> werner at debian:~$ sudo unbound-control -c /home/werner/software/anti-
>> gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A
>> ok
>> werner at debian:~$ dig -p1052 youtube.com
>> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;youtube.com.            IN    A
>>
>> ;; ANSWER SECTION:
>> youtube.com.        3584    IN    A    173.194.127.40
>> youtube.com.        3584    IN    A    173.194.127.38
>> youtube.com.        3584    IN    A    173.194.127.41
>> youtube.com.        3584    IN    A    173.194.127.35
>> youtube.com.        3584    IN    A    173.194.127.39
>> youtube.com.        3584    IN    A    173.194.127.46
>> youtube.com.        3584    IN    A    173.194.127.37
>> youtube.com.        3584    IN    A    173.194.127.32
>> youtube.com.        3584    IN    A    173.194.127.34
>> youtube.com.        3584    IN    A    173.194.127.36
>> youtube.com.        3584    IN    A    173.194.127.33
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 127.0.0.1#1052(127.0.0.1)
>> ;; WHEN: Mon Feb 23 10:33:57 2015
>> ;; MSG SIZE  rcvd: 205
>> -------------- end test ------------------------------
>>
>>  As you can see, after I've done the flush operation  on the A record,
>> the 2nd dig command still can fetech the cached A records -- "the
>> Query time: 0 msec" of the 2nd run of dig should tell this.
>>
>> Why does this happen?  Could someone please give me some hints?
>>
>> Regards
>> --
>> Hongyi Zhao <hongyi.zhao at gmail.com>
>> Xinjiang Technical Institute of Physics and Chemistry
>> Chinese Academy of Sciences
>> GnuPG DSA: 0xD108493
>>
>>


-- 
Hongyi Zhao <hongyi.zhao at gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20150224/8c2b5c54/attachment.html>