Recommended setting for `cachedb-check-when-serve-expired`?
Closed this issue · 5 comments
What's the recommended settings for cachedb-check-when-serve-expired? This was introduced in Unbound 1.20.
And it seems to be slower when using a specific config based on NLnetLabs/unbound#1064, so i'm not sure which config to use for the fastest performance with redis.
From the documentation
If enabled, the cachedb is checked before an expired response is returned. When [serve-expired] is enabled, without [serve-expired-client-timeout], it then does not immediately respond with an expired response from cache, but instead first checks the cachedb for valid contents, and if so returns it.
Unbound 1.20 fixed multiple cachedb issues. I have tested this new option since the release with both yes and no. Use cachedb-check-when-serve-expired: no under cachedb: tag.
This new option is only useful if you are running multiple instances of unbound with single cachedb in your lan. If you set the cachedb-check-when-serve-expired to yes in single unbound instance both unbound cache and cachedb will have the expired record, rather than serving instantly from the unbound cache, unbound will check cachedb and serve the expired record from cachedb.
Comment out serve-expired-reply-ttl: 0, cachedb issue with this option is fixed in unbound 1.20. Now both cache and cachedb expired responses are served with ttl of 30.
Do not use Unbound 1.20.0 release. Download latest source code from:
https://github.com/NLnetLabs/unbound/archive/refs/heads/master.zip
Compile it just like you compile the released version. Unbound team fixed couple of cachedb issues, introduced in Unbound 1.20 release.
NLnetLabs/unbound@7107d3c
NLnetLabs/unbound@fbdc06e
closing, thank you so much for the quick response!
Most of the changes in 1.21.0 are bug fixes. There is no config change required in this release.
Noticeable change for end users is the addition of new DNSSEC key (38696) to the default list of keys in unbound-anchor. These keys are used to generate /var/lib/unbound/root.key file. You can check the new key with id 38696 in the list of default keys by running command unbound-anchor -l
Timer & service used to update the root.hints also updates the /var/lib/unbound/root.key file (if it is outdated).
If you want you can delete the existing /var/lib/unbound/root.key and generate the new file with below cmd:
sudo runuser -u unbound -- unbound-anchor
@elusyx i think this phrase answers that question
There is no config change required in this release.
Most of the changes in 1.21.0 are bug fixes. There is no config change required in this release.
Noticeable change for end users is the addition of new DNSSEC key (38696) to the default list of keys in unbound-anchor. These keys are used to generate /var/lib/unbound/root.key file. You can check the new key with id 38696 in the list of default keys by running command
unbound-anchor -lTimer & service used to update the root.hints also updates the /var/lib/unbound/root.key file (if it is outdated).
If you want you can delete the existing /var/lib/unbound/root.key and generate the new file with below cmd:
sudo runuser -u unbound -- unbound-anchor
Thank you very much.
I did a reboot of my DNS server and was seeing high query times for domains that I visit frequently. I'm not sure if Redis is actually working as L2 cache. How can I verify that it is working on a fresh restart of unbound?