<div dir="ltr"><div><div>Dear Paul,<br><br></div>Thanks a lot for your hints. I've got it.<br><br></div>Regards<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-02-24 2:18 GMT+08:00 <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Mon, 23 Feb 2015, Hongyi Zhao wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
Currently, I use the latest release of unbound 1.5.2 compilled by myself on the Debian wheezy. I configured the unbound by some using<br>
some forward-zone sections in its unbound.conf file, and let it listen on the local 1052 port to listen on for queries.<br>
<br>
Now, I want to use the unbound-control tool to do some tests, say, cleaning some type of record in the cache, say, the A record, by<br>
using the following command:<br>
<br>
$ sudo unbound-control -c /home/werner/software/anti-<u></u>gfw/anti-DNS-cache-poisoning/<u></u>final-methods/unbound.conf flush A<br>
</blockquote>
<br></span>
You are flushing the domain name "A".<br>
<br>
I think you mean<br>
<br>
sudo unbound-control -c /home/werner/software/anti-<u></u>gfw/anti-DNS-cache-poisoning/<u></u>final-methods/unbound.conf flush <a href="http://youtube.com" target="_blank">youtube.com</a><br>
<br>
If you want to flush only specific types like A records, use flush_type<br>
<br>
Paul<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
But I failed to clean the cache, please see following for detail:<br>
<br>
-------------- begin test ------------------------------<br>
werner@debian:~$ dig -p1052 <a href="http://youtube.com" target="_blank">youtube.com</a><br>
<br>
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 <a href="http://youtube.com" target="_blank">youtube.com</a><br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0<br>
<br>
;; QUESTION SECTION:<br>
;<a href="http://youtube.com" target="_blank">youtube.com</a>. IN A<br>
<br>
;; ANSWER SECTION:<br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.40" value="+17319412740" target="_blank">173.194.127.40</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.38" value="+17319412738" target="_blank">173.194.127.38</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.41" value="+17319412741" target="_blank">173.194.127.41</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.35" value="+17319412735" target="_blank">173.194.127.35</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.39" value="+17319412739" target="_blank">173.194.127.39</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.46" value="+17319412746" target="_blank">173.194.127.46</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.37" value="+17319412737" target="_blank">173.194.127.37</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.32" value="+17319412732" target="_blank">173.194.127.32</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.34" value="+17319412734" target="_blank">173.194.127.34</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.36" value="+17319412736" target="_blank">173.194.127.36</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3600 IN A <a href="tel:173.194.127.33" value="+17319412733" target="_blank">173.194.127.33</a><br>
<br>
;; Query time: 715 msec<br>
;; SERVER: 127.0.0.1#1052(127.0.0.1)<br>
;; WHEN: Mon Feb 23 10:33:41 2015<br>
;; MSG SIZE rcvd: 205<br>
<br>
werner@debian:~$ sudo unbound-control -c /home/werner/software/anti-<u></u>gfw/anti-DNS-cache-poisoning/<u></u>final-methods/unbound.conf flush A<br>
ok<br>
werner@debian:~$ dig -p1052 <a href="http://youtube.com" target="_blank">youtube.com</a><br>
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 <a href="http://youtube.com" target="_blank">youtube.com</a><br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0<br>
<br>
;; QUESTION SECTION:<br>
;<a href="http://youtube.com" target="_blank">youtube.com</a>. IN A<br>
<br>
;; ANSWER SECTION:<br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.40" value="+17319412740" target="_blank">173.194.127.40</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.38" value="+17319412738" target="_blank">173.194.127.38</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.41" value="+17319412741" target="_blank">173.194.127.41</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.35" value="+17319412735" target="_blank">173.194.127.35</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.39" value="+17319412739" target="_blank">173.194.127.39</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.46" value="+17319412746" target="_blank">173.194.127.46</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.37" value="+17319412737" target="_blank">173.194.127.37</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.32" value="+17319412732" target="_blank">173.194.127.32</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.34" value="+17319412734" target="_blank">173.194.127.34</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.36" value="+17319412736" target="_blank">173.194.127.36</a><br>
<a href="http://youtube.com" target="_blank">youtube.com</a>. 3584 IN A <a href="tel:173.194.127.33" value="+17319412733" target="_blank">173.194.127.33</a><br>
<br>
;; Query time: 0 msec<br>
;; SERVER: 127.0.0.1#1052(127.0.0.1)<br>
;; WHEN: Mon Feb 23 10:33:57 2015<br>
;; MSG SIZE rcvd: 205<br>
-------------- end test ------------------------------<br>
<br>
As you can see, after I've done the flush operation on the A record, the 2nd dig command still can fetech the cached A records -- "the<br>
Query time: 0 msec" of the 2nd run of dig should tell this.<br>
<br>
Why does this happen? Could someone please give me some hints?<br>
<br>
Regards <br>
--<br>
Hongyi Zhao <<a href="mailto:hongyi.zhao@gmail.com" target="_blank">hongyi.zhao@gmail.com</a>><br>
Xinjiang Technical Institute of Physics and Chemistry<br>
Chinese Academy of Sciences<br>
GnuPG DSA: 0xD108493<br>
<br>
</blockquote>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Hongyi Zhao <<a href="mailto:hongyi.zhao@gmail.com">hongyi.zhao@gmail.com</a>> <br>Xinjiang Technical Institute of Physics and Chemistry<br>Chinese Academy of Sciences <br>GnuPG DSA: 0xD108493</div>
</div>