Thanks to all three of you for quick answers and help.
All valid points, except first answer with auth-zone I don't fully understand
on how to leverage. :)Spam/adblock is already implemented through web-filter.
Earlier I have been pre-caching (pinning) entries with Alexa top 1000 sites
list, refreshed by querying every 3 hours, list filtered where TTL < 3 hours
But couple issues there: a) if TTL is greater than refresh period (3 hours),
request would be answered locally by DNS server without refreshing of DNS
cached entry,
until actually entry expired from DNS cache b) it doesn't refresh sites that
guests are actually accessing, but only top 1000 sites. Unbound pre-caching
should help here.
c) b doesn't allow me to create our own actual top 1000 list based on actual
resolving of user entries
Now current plan is:
- set cache-min-ttl to 1 hour (tradeoff)- use pre-caching- execute top 1000
sites list load on on unbound service startup and every 3 hours- restart
unbound service after each cruise
I believe all should help, but again not sure if anything else can be done.
It would be nice if entries not asked for predefined amount of time (eg. 2
weeks cruise) could be automatically phased out of cache
in accordance to configuration parameter, so cache doesn't get filled with
stale unused entries and refreshes of such entries don't use up bandwidth.This
would also eliminate need to restart unbound service and loose both cache &
usage statistics.
Not sure if unbound has any MRU/MFU counters for DNS entries, so I could purge
entries that are not used often/recently by some script?For example after 2
weeks I execute command to purge any entry that was not used at least n times
or for x minutes and keep all others in the cache.This would trim the cache and
keep it maintainable.
When would entries for which cache-min-ttl applies be refreshed if also
pre-caching is also used?Eg. entry that is set for TTL of 60 seconds gets
increased to 3600 seconds TTL by setting cache-min-ttl parameter to 3600.When
would entry be refreshed due to pre-caching refresh when 90% TTL expires? In
other words, would refresh of such entry happen after 54 seconds or after 3240
seconds?
Also not being able to control this 90% parameter and need to get entry queried
during last 10% of TTL in order to refresh it will force flush some of the
entries from cache without me being able to pin them.This will not be an issue
for top 1000 sites as they are known, but will be for any guest-accessed site
not known to me in advance.
Again thanks for all the help!
Tiho
On Tuesday, April 23, 2019, 3:02:55 PM GMT+2, Daisuke HIGASHI
<[email protected]> wrote:
Tihomir Loncaric via Unbound-users <[email protected]>:
Is there anything else that I could use out of the box? What other existing
parameters would help towards this caching goal?
If you have complete list of domainames to be cached, keep making queries
(forever) to your DNS server e.g.
while :; do dnsperf -Q 100 -s 127.0.0.1 -d querylist; done
