Hongyi Zhao
2015-02-23 02:49:48 UTC
Hi all,
Currently, I use the latest release of unbound 1.5.2 compilled by myself on
the Debian wheezy. I configured the unbound by some using some
forward-zone sections in its unbound.conf file, and let it listen on the
local 1052 port to listen on for queries.
Now, I want to use the unbound-control tool to do some tests, say, cleaning
some type of record in the cache, say, the A record, by using the following
command:
$ sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A
But I failed to clean the cache, please see following for detail:
-------------- begin test ------------------------------
***@debian:~$ dig -p1052 youtube.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;youtube.com. IN A
;; ANSWER SECTION:
youtube.com. 3600 IN A 173.194.127.40
youtube.com. 3600 IN A 173.194.127.38
youtube.com. 3600 IN A 173.194.127.41
youtube.com. 3600 IN A 173.194.127.35
youtube.com. 3600 IN A 173.194.127.39
youtube.com. 3600 IN A 173.194.127.46
youtube.com. 3600 IN A 173.194.127.37
youtube.com. 3600 IN A 173.194.127.32
youtube.com. 3600 IN A 173.194.127.34
youtube.com. 3600 IN A 173.194.127.36
youtube.com. 3600 IN A 173.194.127.33
;; Query time: 715 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:41 2015
;; MSG SIZE rcvd: 205
***@debian:~$ sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A
ok
***@debian:~$ dig -p1052 youtube.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;youtube.com. IN A
;; ANSWER SECTION:
youtube.com. 3584 IN A 173.194.127.40
youtube.com. 3584 IN A 173.194.127.38
youtube.com. 3584 IN A 173.194.127.41
youtube.com. 3584 IN A 173.194.127.35
youtube.com. 3584 IN A 173.194.127.39
youtube.com. 3584 IN A 173.194.127.46
youtube.com. 3584 IN A 173.194.127.37
youtube.com. 3584 IN A 173.194.127.32
youtube.com. 3584 IN A 173.194.127.34
youtube.com. 3584 IN A 173.194.127.36
youtube.com. 3584 IN A 173.194.127.33
;; Query time: 0 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:57 2015
;; MSG SIZE rcvd: 205
-------------- end test ------------------------------
As you can see, after I've done the flush operation on the A record, the
2nd dig command still can fetech the cached A records -- "the Query time: 0
msec" of the 2nd run of dig should tell this.
Why does this happen? Could someone please give me some hints?
Regards
Currently, I use the latest release of unbound 1.5.2 compilled by myself on
the Debian wheezy. I configured the unbound by some using some
forward-zone sections in its unbound.conf file, and let it listen on the
local 1052 port to listen on for queries.
Now, I want to use the unbound-control tool to do some tests, say, cleaning
some type of record in the cache, say, the A record, by using the following
command:
$ sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A
But I failed to clean the cache, please see following for detail:
-------------- begin test ------------------------------
***@debian:~$ dig -p1052 youtube.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20966
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;youtube.com. IN A
;; ANSWER SECTION:
youtube.com. 3600 IN A 173.194.127.40
youtube.com. 3600 IN A 173.194.127.38
youtube.com. 3600 IN A 173.194.127.41
youtube.com. 3600 IN A 173.194.127.35
youtube.com. 3600 IN A 173.194.127.39
youtube.com. 3600 IN A 173.194.127.46
youtube.com. 3600 IN A 173.194.127.37
youtube.com. 3600 IN A 173.194.127.32
youtube.com. 3600 IN A 173.194.127.34
youtube.com. 3600 IN A 173.194.127.36
youtube.com. 3600 IN A 173.194.127.33
;; Query time: 715 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:41 2015
;; MSG SIZE rcvd: 205
***@debian:~$ sudo unbound-control -c
/home/werner/software/anti-gfw/anti-DNS-cache-poisoning/final-methods/unbound.conf
flush A
ok
***@debian:~$ dig -p1052 youtube.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p1052 youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22618
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;youtube.com. IN A
;; ANSWER SECTION:
youtube.com. 3584 IN A 173.194.127.40
youtube.com. 3584 IN A 173.194.127.38
youtube.com. 3584 IN A 173.194.127.41
youtube.com. 3584 IN A 173.194.127.35
youtube.com. 3584 IN A 173.194.127.39
youtube.com. 3584 IN A 173.194.127.46
youtube.com. 3584 IN A 173.194.127.37
youtube.com. 3584 IN A 173.194.127.32
youtube.com. 3584 IN A 173.194.127.34
youtube.com. 3584 IN A 173.194.127.36
youtube.com. 3584 IN A 173.194.127.33
;; Query time: 0 msec
;; SERVER: 127.0.0.1#1052(127.0.0.1)
;; WHEN: Mon Feb 23 10:33:57 2015
;; MSG SIZE rcvd: 205
-------------- end test ------------------------------
As you can see, after I've done the flush operation on the A record, the
2nd dig command still can fetech the cached A records -- "the Query time: 0
msec" of the 2nd run of dig should tell this.
Why does this happen? Could someone please give me some hints?
Regards
--
Hongyi Zhao <***@gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493
Hongyi Zhao <***@gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493