:: Re: [DNG] Mozilla and cloudflare to…
Top Page
Delete this message
Reply to this message
Author: Steve Litt
Date:  
To: dng
Subject: Re: [DNG] Mozilla and cloudflare to hijack all your DNS requests - for your own good of course
On Sun, 9 Sep 2018 19:31:28 -0400
Steve Litt <slitt@???> wrote:


> Keeping cache between uses takes some doing with Unbound, but I
> think a second daemon could archive its cache once every couple
> minutes, and Unbound's run script could be tweaked to wait 10 seconds
> after start and then load the archived cache.


A simpler method might be that as soon as unbound runs, it runs a
shellscript that waits 5 seconds for Unbound to be up for sure, and
then runs a bunch of nslookup and elinks --dump commands on domains to
pre-populate the cache. It runs in the background and probably
interferes with little. Running it on my command line after stoping and
starting unbound, unbound's cache went from 5 lines to 5800 lines. The
script took just over 2 minutes to run, and of course most of that time
was waiting for external DNS servers, not spinning the computer's
resources, so it would have almost no effect on anything a human would
be doing on the computer, or on boot time. There would be no problem
using the Internet before the script finishes.

The unbound-control man page says you should reload cache from a file
only for troubleshooting, so maybe this pump-primer technique is the
better way. And also, unlike writing and reading cache to and from
disk, the pump-primer way doesn't require you to enable
unbound-control, which isn't easy and enlarges the attack surface to
some degree.

SteveT

Steve Litt
September 2018 featured book: Quit Joblessness: Start Your Own Business
http://www.troubleshooters.com/startbiz