Bug#1014456: unbound: Please enable cachedb and redis support
Hi, > What does cachedb/redis bring us, how these can be used? Unbound documentation is always a good read :) It states [1]: "If this module is enabled and configured, the specified backend database works as a second level cache; when Unbound cannot find an answer to a query in its built-in in-memory cache, it consults the specified backend. If it finds a valid answer in the backend, Unbound uses it to respond to the query without performing iterative DNS resolution. If Unbound cannot even find an answer in the backend, it resolves the query as usual, and stores the answer in the backend." It's also used when Unbound is also configured to serve stale answers (RFC 8767) > Should apparmor profile be updated for it to work? Unbound can use 2 backends: the default is a in-memory backend (named 'testframe' so not really useful) and redis. Unbound connects to redis using TCP. No needs to be able to access redis' pidfile. Therefore my guess is that the currect apparmor profile should work. Of course, it needs to be tested. Regards, Shaft [1]: https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#cache-db-module-options
Bug#1014456: unbound: Please enable cachedb and redis support
On Fri, 12 Aug 2022 12:53:39 +0300 Michael Tokarev wrote: What does cachedb/redis bring us, how these can be used? It will allow us to keep cache during reboot. For example: I set up a new Debian bookworm box where I am using unbound as resolver (default configuration; apt-get install unbound && systemctl start unbound): $ cat /etc/resolv.conf nameserver 127.0.0.1 With primed cache, $ time ping -q -c 1 google.com PING google.com(fra24s06-in-x0e.1e100.net (2a00:1450:4001:829::200e)) 56 data bytes --- google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.730/3.730/3.730/0.000 ms real0m0.007s user0m0.000s sys 0m0.003s If I do the same after reboot when unbound service has started: $ time ping -q -c 1 google.com PING google.com(fra24s07-in-x0e.1e100.net (2a00:1450:4001:82a::200e)) 56 data bytes --- google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.621/3.621/3.621/0.000 ms real0m3.254s user0m0.003s sys 0m0.000s Keep in mind that you will experience this delay for _every_ TLD due to DNSSEC records. Or imagine a remote box where you try to SSH into which will be delayed for ~3s because this box has to do PTR lookup for your IP address. Configuring cache db feature in unbound would allow me to store unbound cache in Redis for example so unbound can provide fast answers directly after boot. -- Regards, Thomas
Bug#1014456: unbound: Please enable cachedb and redis support
On Wed, 06 Jul 2022 15:16:31 +0200 Michiel Hazelhof wrote: Package: unbound Version: 1.16.0-2 Severity: wishlist Dear Maintainer, When using unbound on a server it would be helpfull if redis was available as a caching server. From what I can tell using the following parameters should do the trick: --enable-cachedb --with-libhiredis Hi! What does cachedb/redis bring us, how these can be used? Should apparmor profile be updated for it to work? Thanks, /mjt
