Unbound DNS entry pre(caching)
Tihomir Loncaric
tihovsky at yahoo.com
Tue Apr 23 15:47:26 UTC 2019
Thanks to all three of you for quick answers and help.
All valid points, except first answer with auth-zone I don't fully understand on how to leverage. :)Spam/adblock is already implemented through web-filter.
Earlier I have been pre-caching (pinning) entries with Alexa top 1000 sites list, refreshed by querying every 3 hours, list filtered where TTL < 3 hours
But couple issues there: a) if TTL is greater than refresh period (3 hours), request would be answered locally by DNS server without refreshing of DNS cached entry,
until actually entry expired from DNS cache b) it doesn't refresh sites that guests are actually accessing, but only top 1000 sites. Unbound pre-caching should help here.
c) b doesn't allow me to create our own actual top 1000 list based on actual resolving of user entries
Now current plan is:
- set cache-min-ttl to 1 hour (tradeoff)- use pre-caching- execute top 1000 sites list load on on unbound service startup and every 3 hours- restart unbound service after each cruise
I believe all should help, but again not sure if anything else can be done.
It would be nice if entries not asked for predefined amount of time (eg. 2 weeks cruise) could be automatically phased out of cache
in accordance to configuration parameter, so cache doesn't get filled with stale unused entries and refreshes of such entries don't use up bandwidth.This would also eliminate need to restart unbound service and loose both cache & usage statistics.
Not sure if unbound has any MRU/MFU counters for DNS entries, so I could purge entries that are not used often/recently by some script?For example after 2 weeks I execute command to purge any entry that was not used at least n times or for x minutes and keep all others in the cache.This would trim the cache and keep it maintainable.
When would entries for which cache-min-ttl applies be refreshed if also pre-caching is also used?Eg. entry that is set for TTL of 60 seconds gets increased to 3600 seconds TTL by setting cache-min-ttl parameter to 3600.When would entry be refreshed due to pre-caching refresh when 90% TTL expires? In other words, would refresh of such entry happen after 54 seconds or after 3240 seconds?
Also not being able to control this 90% parameter and need to get entry queried during last 10% of TTL in order to refresh it will force flush some of the entries from cache without me being able to pin them.This will not be an issue for top 1000 sites as they are known, but will be for any guest-accessed site not known to me in advance.
Again thanks for all the help!
Tiho
On Tuesday, April 23, 2019, 3:02:55 PM GMT+2, Daisuke HIGASHI <daisuke.higashi at gmail.com> wrote:
Tihomir Loncaric via Unbound-users <unbound-users at nlnetlabs.nl>:
Is there anything else that I could use out of the box? What other existing parameters would help towards this caching goal?
If you have complete list of domainames to be cached, keep making queries (forever) to your DNS server e.g.
while :; do dnsperf -Q 100 -s 127.0.0.1 -d querylist; done
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190423/2f2bb9da/attachment.htm>
More information about the Unbound-users
mailing list