[Unbound-users] The flush command of unbound-control doesn't take effect.

Discussion:

Hongyi Zhao

2015-02-23 02:49:48 UTC

Hi all,

Currently, I use the latest release of unbound 1.5.2 compilled by myself on
the Debian wheezy. I configured the unbound by some using some
forward-zone sections in its unbound.conf file, and let it listen on the
local 1052 port to listen on for queries.

Now, I want to use the unbound-control tool to do some tests, say, cleaning
some type of record in the cache, say, the A record, by using the following
command:

$ sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A

But I failed to clean the cache, please see following for detail:

-------------- begin test ------------------------------
***@debian:~$ dig -p1052 youtube.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;youtube.com. IN A

;; ANSWER SECTION:
youtube.com. 3600 IN A 173.194.127.40
youtube.com. 3600 IN A 173.194.127.38
youtube.com. 3600 IN A 173.194.127.41
youtube.com. 3600 IN A 173.194.127.35
youtube.com. 3600 IN A 173.194.127.39
youtube.com. 3600 IN A 173.194.127.46
youtube.com. 3600 IN A 173.194.127.37
youtube.com. 3600 IN A 173.194.127.32
youtube.com. 3600 IN A 173.194.127.34
youtube.com. 3600 IN A 173.194.127.36
youtube.com. 3600 IN A 173.194.127.33

;; Query time: 715 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:41 2015
;; MSG SIZE rcvd: 205

***@debian:~$ sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A
ok
***@debian:~$ dig -p1052 youtube.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;youtube.com. IN A

;; ANSWER SECTION:
youtube.com. 3584 IN A 173.194.127.40
youtube.com. 3584 IN A 173.194.127.38
youtube.com. 3584 IN A 173.194.127.41
youtube.com. 3584 IN A 173.194.127.35
youtube.com. 3584 IN A 173.194.127.39
youtube.com. 3584 IN A 173.194.127.46
youtube.com. 3584 IN A 173.194.127.37
youtube.com. 3584 IN A 173.194.127.32
youtube.com. 3584 IN A 173.194.127.34
youtube.com. 3584 IN A 173.194.127.36
youtube.com. 3584 IN A 173.194.127.33

;; Query time: 0 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:57 2015
;; MSG SIZE rcvd: 205
-------------- end test ------------------------------

As you can see, after I've done the flush operation on the A record, the
2nd dig command still can fetech the cached A records -- "the Query time: 0
msec" of the 2nd run of dig should tell this.

Why does this happen? Could someone please give me some hints?

Regards

--
Hongyi Zhao <***@gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493

W.C.A. Wijngaards

2015-02-23 08:50:23 UTC

Permalink

Hi Hongyi,

Post by Hongyi Zhao
Hi all,
Currently, I use the latest release of unbound 1.5.2 compilled by
myself on the Debian wheezy. I configured the unbound by some
using some forward-zone sections in its unbound.conf file, and let
it listen on the local 1052 port to listen on for queries.
Now, I want to use the unbound-control tool to do some tests, say,
cleaning some type of record in the cache, say, the A record, by
$ sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf

flush A

You flush here the domain-name "A". The command expects a domain
name, so like: flush example.com removes the example.com A record.

Best regards,
Wouter

Post by Hongyi Zhao
-------------- begin test ------------------------------
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
<http://youtube.com> ;; global options: +cmd ;; Got answer: ;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966 ;; flags: qr
rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;youtube.com <http://youtube.com>.
IN A
;; ANSWER SECTION: youtube.com <http://youtube.com>. 3600
IN A 173.194.127.40 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.38 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.41 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.35 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.39 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.46 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.37 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.32 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.34 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.36 youtube.com <http://youtube.com>.
3600 IN A 173.194.127.33
;; Query time: 715 msec ;; SERVER: 127.0.0.1#1052(127.0.0.1) ;;
WHEN: Mon Feb 23 10:33:41 2015 ;; MSG SIZE rcvd: 205
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf

flush A

Post by Hongyi Zhao
<<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
<http://youtube.com> ;; global options: +cmd ;; Got answer: ;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618 ;; flags: qr
rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;youtube.com <http://youtube.com>.
IN A
;; ANSWER SECTION: youtube.com <http://youtube.com>. 3584
IN A 173.194.127.40 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.38 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.41 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.35 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.39 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.46 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.37 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.32 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.34 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.36 youtube.com <http://youtube.com>.
3584 IN A 173.194.127.33
Mon Feb 23 10:33:57 2015 ;; MSG SIZE rcvd: 205 -------------- end
test ------------------------------
As you can see, after I've done the flush operation on the A
record, the 2nd dig command still can fetech the cached A records
-- "the Query time: 0 msec" of the 2nd run of dig should tell
this.
Why does this happen? Could someone please give me some hints?
0xD108493
_______________________________________________ Unbound-users
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

Hongyi Zhao

2015-02-23 09:11:55 UTC

Permalink

Thanks a lot, got it.

H. Zhao

Regards

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi Hongyi,

/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A
You flush here the domain-name "A". The command expects a domain
name, so like: flush example.com removes the example.com A record.
Best regards,
Wouter

/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A

--
Hongyi Zhao <***@gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493

p***@nohats.ca

2015-02-23 18:18:23 UTC

Permalink

Post by Hongyi Zhao
Hi all,
Currently, I use the latest release of unbound 1.5.2 compilled by myself on the Debian wheezy.Â I configured the unbound by someÂ using
some forward-zone sections in its unbound.confÂ file, and let itÂ listen on the local 1052 port to listen on for queries.
Now, I want to use the unbound-control tool to do some tests, say, cleaning some type of record in the cache, say, the A record, by
$ sudo unbound-control -c /home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A

You are flushing the domain name "A".

I think you mean

sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush youtube.com

If you want to flush only specific types like A records, use flush_type

Paul

Post by Hongyi Zhao
-------------- begin test ------------------------------
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;youtube.com.Â Â Â Â Â Â Â Â Â INÂ Â Â A
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.40
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.38
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.41
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.35
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.39
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.46
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.37
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.32
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.34
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.36
youtube.com.Â Â Â Â Â Â 3600Â Â Â INÂ Â Â AÂ Â Â 173.194.127.33
;; Query time: 715 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:41 2015
;; MSG SIZEÂ rcvd: 205
ok
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;youtube.com.Â Â Â Â Â Â Â Â Â INÂ Â Â A
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.40
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.38
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.41
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.35
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.39
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.46
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.37
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.32
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.34
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.36
youtube.com.Â Â Â Â Â Â 3584Â Â Â INÂ Â Â AÂ Â Â 173.194.127.33
;; Query time: 0 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:57 2015
;; MSG SIZEÂ rcvd: 205
-------------- end test ------------------------------
Â As you can see, after I've done the flush operationÂ on the A record, the 2nd dig command still can fetech the cached A records -- "the
Query time: 0 msec" of the 2nd run of dig should tell this.
Why does this happen?Â Could someone please give me some hints?
RegardsÂ
--
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493

Hongyi Zhao

2015-02-23 23:38:12 UTC

Permalink

Dear Paul,

Thanks a lot for your hints. I've got it.

Regards

Post by Hongyi Zhao
Hi all,

Post by Hongyi Zhao
Currently, I use the latest release of unbound 1.5.2 compilled by myself
on the Debian wheezy. I configured the unbound by some using
some forward-zone sections in its unbound.conf file, and let it listen
on the local 1052 port to listen on for queries.
Now, I want to use the unbound-control tool to do some tests, say,
cleaning some type of record in the cache, say, the A record, by
$ sudo unbound-control -c /home/werner/software/anti-
gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush A

You are flushing the domain name "A".
I think you mean
sudo unbound-control -c /home/werner/software/anti-
gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf flush youtube.com
If you want to flush only specific types like A records, use flush_type
Paul

--
Hongyi Zhao <***@gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493

Continue reading on narkive:

Search results for '[Unbound-users] The flush command of unbound-control doesn't take effect.' (Questions and Answers)

163

replies

Haven't spoke to my Sister for one year since she cheated with my Husband? Is it time to forgive?

started 2015-04-19 05:58:14 UTC

family