From gautamrabinraj at gmail.com Sat Aug 16 17:48:49 2025 From: gautamrabinraj at gmail.com (Rabin Raj Gautam) Date: Sat, 16 Aug 2025 23:33:49 +0545 Subject: Issue with rpz-nsdname-wait-recurse option in Unbound 1.13.1 Message-ID: Dear Team, I am running *Unbound 1.13.1* on Ubuntu (arm64). *1. Cache issue:* - I want to flush the entire DNS cache or view all cached entries. - I tried: unbound-control flush_zone . unbound-control flush_requestlist unbound-control flush_bogus but it doesn?t seem to clear everything (some cached A records still answer after flush). - Restarting Unbound clears it, but is there a way to completely flush the cache *without restarting*? - Also: is there any way to *list/dump all cached entries*? *2. RPZ NSDNAME issue:* - I am trying to block domains by NSDNAME via RPZ. I followed examples like: ns1.accessworld.net.rpz-nsdname IN CNAME . ns2.accessworld.net.rpz-nsdname IN CNAME . - I also tried adding in /etc/unbound/unbound.conf: rpz-nsdname-wait-recurse: yes but Unbound fails to start with errors: /etc/unbound/unbound.conf:88: error: unknown keyword 'rpz-nsdname-wait-recurse' /etc/unbound/unbound.conf:88: error: stray ':' /etc/unbound/unbound.conf:88: error: unknown keyword 'yes' - It looks like my version (1.13.1) doesn?t recognize this directive. *Questions:* 1. What is the correct way to flush or dump the Unbound DNS cache in 1.13.1? 2. How can I block based on NSDNAME in Unbound 1.13.1 if rpz-nsdname-wait-recurse isn?t available? 3. Do I need to upgrade to a newer Unbound (?1.16.0) to fully use RPZ NSDNAME rules? 4. Best way to upgrade without disturbing the current version? *Kind regards,* *Rabin* -------------- next part -------------- An HTML attachment was scrubbed... URL: