<div dir="ltr">Hi all,<br><br>Currently, I use the latest release of unbound 1.5.2 compilled by myself on the Debian wheezy. I configured the unbound by some using some forward-zone sections in its unbound.conf file, and let it listen on the local 1052 port to listen on for queries.<br clear="all"><div><br></div><div>Now, I want to use the unbound-control tool to do some tests, say, cleaning some type of record in the cache, say, the A record, by using the following command:<br><br>$ sudo unbound-control -c /home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A<br><br></div><div>But I failed to clean the cache, please see following for detail:<br><br></div><div>-------------- begin test ------------------------------<br></div><div>werner@debian:~$ dig -p1052 <a href="http://youtube.com">youtube.com</a><br><br>; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 <a href="http://youtube.com">youtube.com</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0<br><br>;; QUESTION SECTION:<br>;<a href="http://youtube.com">youtube.com</a>. IN A<br><br>;; ANSWER SECTION:<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.40<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.38<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.41<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.35<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.39<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.46<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.37<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.32<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.34<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.36<br><a href="http://youtube.com">youtube.com</a>. 3600 IN A 173.194.127.33<br><br>;; Query time: 715 msec<br>;; SERVER: 127.0.0.1#1052(127.0.0.1)<br>;; WHEN: Mon Feb 23 10:33:41 2015<br>;; MSG SIZE rcvd: 205<br><br>werner@debian:~$ sudo unbound-control -c /home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A<br>ok<br>werner@debian:~$ dig -p1052 <a href="http://youtube.com">youtube.com</a><br>; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 <a href="http://youtube.com">youtube.com</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0<br><br>;; QUESTION SECTION:<br>;<a href="http://youtube.com">youtube.com</a>. IN A<br><br>;; ANSWER SECTION:<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.40<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.38<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.41<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.35<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.39<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.46<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.37<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.32<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.34<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.36<br><a href="http://youtube.com">youtube.com</a>. 3584 IN A 173.194.127.33<br><br>;; Query time: 0 msec<br>;; SERVER: 127.0.0.1#1052(127.0.0.1)<br>;; WHEN: Mon Feb 23 10:33:57 2015<br>;; MSG SIZE rcvd: 205<br><div></div><div>-------------- end test ------------------------------</div><br></div><div> As you can see, after I've done the flush operation on the A record, the 2nd dig command still can fetech the cached A records -- "the Query time: 0 msec" of the 2nd run of dig should tell this.<br><br></div><div>Why does this happen? Could someone please give me some hints?<br><br></div><div>Regards <br></div><div>-- <br><div class="gmail_signature">Hongyi Zhao <<a href="mailto:hongyi.zhao@gmail.com">hongyi.zhao@gmail.com</a>> <br>Xinjiang Technical Institute of Physics and Chemistry<br>Chinese Academy of Sciences <br>GnuPG DSA: 0xD108493</div>
</div></div>