Unbound Serve expired; cache hit rate reducing with time

Wed Sep 25 16:04:20 UTC 2024

Hi Yorgos

Good to know

Regards,
Isaac

On Wed, Sep 25, 2024 at 2:22 PM Yorgos Thessalonikefs <yorgos at nlnetlabs.nl>
wrote:

> Hi Andy, Isaac,
>
> FYI, the relevant fixes [1] were merged and this will be included in the
> upcoming 1.22.0 release.
> An announcement in this mailing list will happen when that is ready.
>
> Best regards,
> -- Yorgos
>
> [1] https://github.com/NLnetLabs/unbound/pull/1143
>
> On 01/08/2024 20:07, Andy Lemin wrote:
> > Hi Yorgos,
> >
> > Nice, yes that DNSSEC issue does seem related!
> > I notice the last comments were 6 months ago, but it has been marked for
> > 1.22.
> >
> > Issac, in the meantime we should each try to document our specific cases
> > with reproducible examples if possible (and reference the above issue).
> >
> > Our issues may prove to be easier to start with.
> > Thanks again for your help.
> > Andy.
> >
> >
> >> On 1 Aug 2024, at 16:35, Yorgos Thessalonikefs via Unbound-users
> >> <unbound-users at lists.nlnetlabs.nl> wrote:
> >>
> >> Hi Andy, Issac,
> >>
> >> Maybe you are both hitting a variation of
> >> https://github.com/NLnetLabs/unbound/issues/994.
> >> Namely, Unbound when resolving will try to update the cache with new
> >> data even if the stale data would have been more useful.
> >> There is ongoing work to make Unbound more careful with replacing
> >> cached content when serve-expired is used.
> >>
> >> Best regards,
> >> -- Yorgos
> >>
> >> On 01/08/2024 04:46, Andy Lemin via Unbound-users wrote:
> >>> Hi,
> >>> I have a similar experience, where prefetch seems to poison the cache
> >>> with negative responses.
> >>> This is a good read; https://unbound.docs.nlnetlabs.nl/en/latest/
> >>> topics/core/serve-stale.html <https://unbound.docs.nlnetlabs.nl/en/
> >>> latest/topics/core/serve-stale.html>
> >>> Can any one clarify a parameter combination which allows immediate
> >>> cache responses, and which tells prefetch to always ignore negative
> >>> responses?
> >>> I wonder if taking the advice of the above article (and being mindful
> >>> of this https://github.com/NLnetLabs/unbound/issues/533 <https://
> >>> github.com/NLnetLabs/unbound/issues/533> it is possible to get this
> >>> working). Just can’t figure out how to force prefetch to ignore
> >>> negative responses.
> >>> Please share your results :)
> >>> Andy.
> >>>> On 31 Jul 2024, at 20:33, sir izake via Unbound-users <unbound-
> >>>> users at lists.nlnetlabs.nl> wrote:
> >>>>
> >>>> 
> >>>> Hi
> >>>> I have installed unbound version: 1.20.0 on a FreeBSD 14 server.
> >>>> This was working fine until the server lost internet connectivity to
> >>>> the upstream internet provider. Prior to this the average cache hit
> >>>> rate on the server was 99.0% with only 1% recursive replies.
> >>>> Part of my unbound.conf file is shown below
> >>>>
> >>>> server: prefetch: yes serve-expired: yes
> >>>> # serve-expired-ttl: 0
> >>>>  # serve-expired-ttl-reset: no
> >>>> After loss of internet average cache hit rate has reduced to 14%
> >>>> whiles recursive queries is showing 86% (still internet is not
> restored)
> >>>> My expectation is
> >>>> Caching server should continue to serve expired and keep the cache
> >>>> hit rate high because the serve-expired-ttl is default
> >>>> (meaning it should continue serving cached content until upstream is
> >>>> restored).
> >>>> My observation is the opposite. Is there anything I am missing? How
> >>>> can i ensure that the caching server will continue serving cache
> >>>> data several days after upstream
> >>>> internet is lost
> >>>> Regards
> >>>> Isaac
> >>>>
> >>>>
> >>>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20240925/15b7480e/attachment.htm>