4

I recently set up Unbound for DNS caching, along with DNScrypt on Linux Mint 18.1. It works, but I noticed the pages are cached only for short time:

  1. First query to google.com - 48ms (domain not cached)
  2. Second query to google.com (immediately after that) - 0ms (domain cached)
  3. Third query to google.com (after ~ minute) - 46ms (domain not cached)

Is this intended behavior, or do I need to set something different to cache pages for longer time? Here is my Unbound config (/etc/unbound/unbound.conf): #

 Unbound configuration file for Debian.
    #
    # See the unbound.conf(5) man page.
    #
    # See /usr/share/doc/unbound/examples/unbound.conf for a commented
    # reference config file.age
    #
    # The following line includes additional configuration files from the
    # /etc/unbound/unbound.conf.d directory.
    include: "/etc/unbound/unbound.conf.d/*.conf"
    server:
        verbosity: 1
        num-threads: 4
        outgoing-range: 8192
        so-rcvbuf: 4m
        so-sndbuf: 4m
        so-reuseport: yes
        msg-cache-size: 50m
        msg-cache-slabs: 16
        num-queries-per-thread: 4096
        rrset-cache-size: 100m
        rrset-cache-slabs: 16
        infra-cache-slabs: 16
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        hide-identity: yes
        hide-version: yes 
        harden-short-bufsize: yes
        harden-large-queries: yes
        harden-glue: yes
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        logfile: "/etc/unbound/unbound.log"
        use-caps-for-id: yes
        do-not-query-localhost: no
        prefetch: no 
    forward-zone:
        name: "."
        forward-addr: 127.0.0.1@40
Liberul
  • 143
  • 1
  • 3
  • unbound is following the intended TTL, if you want something to cache it longer, get a windows dns server, they really love to hold on to those records as long as possible. /sarcasm – Jacob Evans Feb 12 '17 at 20:45
  • Also read: http://stackoverflow.com/questions/21799834/how-to-determine-a-proper-value-for-cache-min-ttl – Jacob Evans Feb 12 '17 at 20:46
  • Use the `cache-min-ttl` option to override the minimum TTL (edit: i guess thats what the above link refers too already) – pete Feb 16 '17 at 01:58

2 Answers2

3

Unbound will (or at least should) be caching the result for the time specified in the TTL for the record you are requesting.

This is exactly what I observe on a system I have to hand that is running unbound. The initial request takes 14ms, subsequent requests take 0ms and when the TTL expires the next request takes 14ms.

Initial request which shows a 300 second TTL and takes 18ms

;; ANSWER SECTION:
google.com.             300     IN      A       172.217.20.46

;; Query time: 18 msec
;; SERVER: 10.34.20.1#53(10.34.20.1)
;; WHEN: Sun Feb 12 20:39:30 2017
;; MSG SIZE  rcvd: 44

Subsequent requests - TTL is counting down and takes 0ms

;; ANSWER SECTION:
google.com.             196     IN      A       172.217.20.46

;; Query time: 0 msec
;; SERVER: 10.34.20.1#53(10.34.20.1)
;; WHEN: Sun Feb 12 20:41:14 2017
;; MSG SIZE  rcvd: 44

TTL expired so another upstream request is made 23ms

;; ANSWER SECTION:
google.com.             300     IN      A       172.217.20.46

;; Query time: 23 msec
;; SERVER: 10.34.20.1#53(10.34.20.1)
;; WHEN: Sun Feb 12 20:44:37 2017
;; MSG SIZE  rcvd: 44
user9517
  • 114,104
  • 20
  • 206
  • 289
1

I'm super late to the party, but to my understanding, if you want to have "almost alway caching" you should enable the prefetch option.

   prefetch: <yes or no>
          If yes, message cache elements are prefetched before they expire
          to keep the cache up to date.  Default is  no.   Turning  it  on
          gives about 10 percent more traffic and load on the machine, but
          popular items do not expire from the cache.
magnetik
  • 237
  • 2
  • 12