Query Cache
Matt Nelson
unbound at silverark.co.uk
Mon Feb 6 22:43:34 UTC 2017
Hello all,
I have built a DNS filtering service using the pythonmod for unbound.
Everything is working as it should apart from the cache. I want to
disable the cache completely as I am filtering the results based on the
incoming IP address. As an example anyone from 192.168.30.20 can access
social media sites, but anyone from 192.168.30.30 is returned the IP
address of the server instead which shows a "blocked" message.
The code is working perfectly, but the cache is causing issues as if
someone requests from 192.168.30.20 then the query is put into the cache
which then gets delivered to 192.168.30.30. I have returned the cache
size to 0 which helped a bit, but it still keeps some items in the cache
for a short period (about a minute). Here is what I have put in my
config file:
module-config: "python iterator"
msg-cache-size: 0
rrset-cache-size: 0
key-cache-size: 0
Even with these settings, queries are still going into the cache as
shown below:
root at dns1:/etc/unbound# unbound-control dump_cache | grep amoory
amoory.com. 592 IN A 89.184.84.7
I also play with the cache-max-ttl option, but that seems to return the
lower ttl to the client too. If there a way of simply disabling the
cache?
The dream would be to have a cache per client of incoming IP address,
but I wouldn't want to have to code it from scratch in pythonmod.
In my 'operate' method in pythonmod I have even put the follow, but this
still doesn't prevent items going in to the cache:
if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS):
#Turn off the cache management
# Instruct other modules to not lookup for an
# answer in the cache.
qstate.no_cache_lookup = 1
# Instruct other modules to not store the answer in
# the cache.
qstate.no_cache_store = 1
I can show the full code if needed. Any help would be appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170206/d0b8e596/attachment.htm>
More information about the Unbound-users
mailing list