These are chat archives for CZ-NIC/knot-resolver

21st
Dec 2018
edoo
@ookangzheng
Dec 21 2018 18:08 UTC
Is there any easyway to disable cache? I did it somehow like that
modules.unload('cache')
modules.unload('priming')
modules.unload('ta_sentinel')
modules.unload('ta_signal_query')
modules.unload('detect_time_jump')
modules.unload('detect_time_skew')
Vladimír Čunát
@vcunat
Dec 21 2018 18:25 UTC
Yes, unloading the module will disable all writing to it and most reading from it (or perhaps all, I'm not 100% certain). In any case, I'm not sure if kresd will really be usable completely without cache.
edoo
@ookangzheng
Dec 21 2018 18:26 UTC
ya, but it was little bit messy
I tried with this solution
Vladimír Čunát
@vcunat
Dec 21 2018 18:27 UTC
Why do you want to avoid all cache?
edoo
@ookangzheng
Dec 21 2018 18:27 UTC
modules = { view }
view:addr('0.0.0.0/0', policy.all(policy.FLAGS({'NO_CACHE'})))
view:addr('::/0', policy.all(policy.FLAGS({'NO_CACHE'})))
it works
because I have upstream DNS firewall
When blacklist updated, knot-resolver still using cache
because I using RPZ, but somehow knot-resolver cannot automatically reload latest version RPZ.
As far I know, I gonna restart knot-resolver service everytime
Vladimír Čunát
@vcunat
Dec 21 2018 18:30 UTC
You might want to consider capping max. TTL to some reasonable value instead: https://knot-resolver.readthedocs.io/en/stable/daemon.html?highlight=ttl#c.cache.max_ttl
edoo
@ookangzheng
Dec 21 2018 18:31 UTC
Can this solution affect immediately, when upstream return NXDOMAIN, then knot-resolver will return NXDOMAIN too?
edoo
@ookangzheng
Dec 21 2018 18:39 UTC
Hmm, this solution works too. I set max_ttl to 10 sec, then will get the newest result from upstream
cache.max_ttl(10)