Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1014456: unbound: Please enable cachedb and redis support
499 views
Skip to first unread message
Michiel Hazelhof
Jul 6, 2022, 9:30:03 AM7/6/22
to
Package: unbound
Version: 1.16.0-2
Severity: wishlist
Dear Maintainer,
When using unbound on a server it would be helpfull if redis was available as a caching server.
From what I can tell using the following parameters should do the trick: --enable-cachedb --with-libhiredis
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages unbound depends on:
ii adduser 3.121
ii init-system-helpers 1.63
ii libc6 2.33-7
ii libevent-2.1-7 2.1.12-stable-5+b1
ii libnghttp2-14 1.47.0-1+b1
ii libprotobuf-c1 1.3.3-1+b2
ii libpython3.10 3.10.5-1
ii libssl3 3.0.3-7
ii libsystemd0 250.4-1
ii lsb-base 11.2
Versions of packages unbound recommends:
ii dns-root-data 2021011101
Versions of packages unbound suggests:
ii apparmor 3.0.4-2
ii openssl 3.0.3-8
-- Configuration Files:
/etc/apparmor.d/usr.sbin.unbound changed [not included]
/etc/unbound/unbound.conf changed [not included]
-- no debconf information
Version: 1.16.0-2
Severity: wishlist
Dear Maintainer,
When using unbound on a server it would be helpfull if redis was available as a caching server.
From what I can tell using the following parameters should do the trick: --enable-cachedb --with-libhiredis
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages unbound depends on:
ii adduser 3.121
ii init-system-helpers 1.63
ii libc6 2.33-7
ii libevent-2.1-7 2.1.12-stable-5+b1
ii libnghttp2-14 1.47.0-1+b1
ii libprotobuf-c1 1.3.3-1+b2
ii libpython3.10 3.10.5-1
ii libssl3 3.0.3-7
ii libsystemd0 250.4-1
ii lsb-base 11.2
Versions of packages unbound recommends:
ii dns-root-data 2021011101
Versions of packages unbound suggests:
ii apparmor 3.0.4-2
ii openssl 3.0.3-8
-- Configuration Files:
/etc/apparmor.d/usr.sbin.unbound changed [not included]
/etc/unbound/unbound.conf changed [not included]
-- no debconf information
Michael Tokarev
Aug 12, 2022, 6:00:03 AM8/12/22
to
On Wed, 06 Jul 2022 15:16:31 +0200 Michiel Hazelhof <mic...@hazelhof.nl> wrote:
> Package: unbound
> Version: 1.16.0-2
> Severity: wishlist
>
> Dear Maintainer,
>
> When using unbound on a server it would be helpfull if redis was available as a caching server.
> From what I can tell using the following parameters should do the trick: --enable-cachedb --with-libhiredis
Hi!
> Package: unbound
> Version: 1.16.0-2
> Severity: wishlist
>
> Dear Maintainer,
>
> When using unbound on a server it would be helpfull if redis was available as a caching server.
> From what I can tell using the following parameters should do the trick: --enable-cachedb --with-libhiredis
What does cachedb/redis bring us, how these can be used?
Should apparmor profile be updated for it to work?
Thanks,
/mjt
Thomas Deutschmann
Oct 4, 2022, 11:40:04 AM10/4/22
to
On Fri, 12 Aug 2022 12:53:39 +0300 Michael Tokarev <m...@tls.msk.ru> wrote:
> What does cachedb/redis bring us, how these can be used?
It will allow us to keep cache during reboot.
> What does cachedb/redis bring us, how these can be used?
For example:
I set up a new Debian bookworm box where I am using unbound as resolver
(default configuration; apt-get install unbound && systemctl start unbound):
> $ cat /etc/resolv.conf
> nameserver 127.0.0.1
With primed cache,
> $ time ping -q -c 1 google.com
> PING google.com(fra24s06-in-x0e.1e100.net (2a00:1450:4001:829::200e)) 56 data bytes
>
> --- google.com ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 3.730/3.730/3.730/0.000 ms
>
> real 0m0.007s
> user 0m0.000s
> sys 0m0.003s
If I do the same after reboot when unbound service has started:
> $ time ping -q -c 1 google.com
> PING google.com(fra24s07-in-x0e.1e100.net (2a00:1450:4001:82a::200e)) 56 data bytes
>
> --- google.com ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 3.621/3.621/3.621/0.000 ms
>
> real 0m3.254s
> user 0m0.003s
> sys 0m0.000s
Keep in mind that you will experience this delay for _every_ TLD due to
DNSSEC records.
Or imagine a remote box where you try to SSH into which will be delayed
for ~3s because this box has to do PTR lookup for your IP address.
Configuring cache db feature in unbound would allow me to store unbound
cache in Redis for example so unbound can provide fast answers directly
after boot.
--
Regards,
Thomas
Shaft
Jan 23, 2023, 7:40:03 AM1/23/23
to
Hi,
> What does cachedb/redis bring us, how these can be used?
Unbound documentation is always a good read :)
It states [1]:
"If this module is enabled and configured, the specified backend database works as a second level cache; when Unbound cannot find an answer to a query in its built-in in-memory cache, it consults the specified backend. If it finds a valid answer in the backend, Unbound uses it to respond to the query without performing iterative DNS resolution. If Unbound cannot even find an answer in the backend, it resolves the query as usual, and stores the answer in the backend."
It's also used when Unbound is also configured to serve stale answers (RFC 8767)
> Should apparmor profile be updated for it to work?
Unbound can use 2 backends: the default is a in-memory backend (named 'testframe' so not really useful) and redis. Unbound connects to redis using TCP. No needs to be able to access redis' pidfile. Therefore my guess is that the currect apparmor profile should work. Of course, it needs to be tested.
Regards,
Shaft
[1]: https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#cache-db-module-options
> What does cachedb/redis bring us, how these can be used?
It states [1]:
"If this module is enabled and configured, the specified backend database works as a second level cache; when Unbound cannot find an answer to a query in its built-in in-memory cache, it consults the specified backend. If it finds a valid answer in the backend, Unbound uses it to respond to the query without performing iterative DNS resolution. If Unbound cannot even find an answer in the backend, it resolves the query as usual, and stores the answer in the backend."
It's also used when Unbound is also configured to serve stale answers (RFC 8767)
> Should apparmor profile be updated for it to work?
Regards,
Shaft
[1]: https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#cache-db-module-options
0 new messages