<html><head></head><body><div class="ydp50c70c4eyahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div>Thanks to all three of you for quick answers and help.</div><div><br></div><div>All valid points, except first answer with auth-zone I don't fully understand on how to leverage. :)</div><div>Spam/adblock is already implemented through web-filter.<br></div><div>Earlier I have been pre-caching (pinning) entries with Alexa top 1000 sites list, refreshed by querying every 3 hours, list filtered where TTL < 3 hours<br></div><div><br></div><div>But couple issues there:</div><div> a) if TTL is greater than refresh period (3 hours), request would be answered locally by DNS server without refreshing of DNS cached entry, <br>until actually entry expired from DNS cache</div><div> b) it doesn't refresh sites that guests are actually accessing, but only top 1000 sites. Unbound pre-caching should help here.<br></div><div> c) b doesn't allow me to create our own actual top 1000 list based on actual resolving of user entries</div><div><br></div><div>Now current plan is: </div></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="ydp50c70c4eyahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div><span>- set cache-min-ttl to 1 hour (tradeoff)</span></div></div><div class="ydp50c70c4eyahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div>- use pre-caching</div><div>- execute top 1000 sites list load on on unbound service startup and every 3 hours</div><div>- restart unbound service after each cruise</div></div></blockquote><div class="ydp50c70c4eyahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div><br></div><div>I believe all should help, but again not sure if anything else can be done.</div><div><br></div><div>It would be nice if entries not asked for predefined amount of time (eg. 2 weeks cruise) could be automatically phased out of cache <br>in accordance to configuration parameter, so cache doesn't get filled with stale unused entries and refreshes of such entries don't use up bandwidth.</div><div>This would also eliminate need to restart unbound service and loose both cache & usage statistics.<br></div><div><br></div><div>Not sure if unbound has any MRU/MFU counters for DNS entries, so I could purge entries that are not used often/recently by some script?</div><div>For example after 2 weeks I execute command to purge any entry that was not used at least n times or for x minutes and keep all others in the cache.</div><div>This would trim the cache and keep it maintainable.</div><div><br></div><div>When would entries for which cache-min-ttl applies be refreshed if also pre-caching is also used?</div><div>Eg. entry that is set for TTL of 60 seconds gets increased to 3600 seconds TTL by setting cache-min-ttl parameter to 3600.</div><div>When would entry be refreshed due to pre-caching refresh when 90% TTL expires? </div><div>In other words, would refresh of such entry happen after 54 seconds or after 3240 seconds?</div><div><br></div><div>Also not being able to control this 90% parameter and need to get entry queried during last 10% of TTL in order to refresh it </div><div>will force flush some of the entries from cache without me being able to pin them.</div><div>This will not be an issue for top 1000 sites as they are known, but will be for any guest-accessed site not known to me in advance.</div><div><br></div><div>Again thanks for all the help!</div><div><br></div><div>Tiho<br></div><div><br></div><div><br><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div>
</div><div id="yahoo_quoted_6526585414" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, April 23, 2019, 3:02:55 PM GMT+2, Daisuke HIGASHI <daisuke.higashi@gmail.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv9431697775"><div><div><br clear="none"></div><div class="yiv9431697775yqt6150331815" id="yiv9431697775yqtfd27051"><div>Tihomir Loncaric via Unbound-users <<a rel="nofollow" shape="rect" ymailto="mailto:unbound-users@nlnetlabs.nl" target="_blank" href="mailto:unbound-users@nlnetlabs.nl">unbound-users@nlnetlabs.nl</a>>:</div><div><div class="yiv9431697775gmail_quote"><blockquote class="yiv9431697775gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="yiv9431697775m_5771395345052027471ydp861edcb0yahoo-style-wrap"><div><br clear="none"></div><div>Is there anything else that I could use out of the box? What other existing parameters would help towards this caching goal?</div></div></blockquote><div><br clear="none"></div><div>If you have complete list of domainames to be cached, keep making queries (forever) to your DNS server e.g.</div><div><br clear="none"></div><div> while :; do dnsperf -Q 100 -s 127.0.0.1 -d querylist; done</div><div><br clear="none"></div><div><br clear="none"></div><blockquote class="yiv9431697775gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="yiv9431697775m_5771395345052027471ydp861edcb0yahoo-style-wrap"><div></div></div></blockquote></div></div></div></div></div></div>
</div>
</div></body></html>