| CARVIEW |
Select Language
HTTP/2 200
date: Tue, 15 Jul 2025 12:30:32 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
link: ; rel=preload; as=fetch; crossorigin=use-credentials
referrer-policy: no-referrer-when-downgrade
server-timing: issue_layout-fragment;desc="issue_layout fragment";dur=230.30928,issue_conversation_content-fragment;desc="issue_conversation_content fragment";dur=573.824173,issue_conversation_sidebar-fragment;desc="issue_conversation_sidebar fragment";dur=45.001631,nginx;desc="NGINX";dur=1.033266,glb;desc="GLB";dur=96.568325
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Accept,Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: 6a3bf42
x-xss-protection: 0
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=vfy7JCSSNdYPkS8Q73XTMKbjir%2FFOq8KSYnKzjN3KBEyqY2dmIbeTnjdiAJ2Lou6Ucn0MnUS7yR3M9vIxhmUeyjtOKiqmh59w%2BwKPDHikRQJ2WQyPyoG3ILa2PZxCRJpM390OdU%2FyNW8ABSrgRcay9Nju%2BAbMGUa5%2BKJiLEA325L%2BWcNxtcRMJbJM5Zx7uS%2BCyTanKw%2BI7IUKW7mcjBQJovfzYv%2BDd5nzhlI6MhlN4xsFNAXJM0UOrQn7iprLaP21bxWmOP%2Fs4DBDTEYa19cUg%3D%3D--gtU%2BP5hgunD857It--9UfXsShjQf3KMyG2dVEq9A%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1467117335.1752582632; Path=/; Domain=github.com; Expires=Wed, 15 Jul 2026 12:30:32 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Wed, 15 Jul 2026 12:30:32 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 88F2:325BD:89954C:9A8AC3:687649E8
Cache entries fail to be removed from Redis `cachedb` backend with `unbound-control flush* +c` · Issue #1253 · NLnetLabs/unbound · GitHub
No one assignedNo labelsNo typeNo projectsNo milestoneNone yetNo branches or pull requests
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 397
Closed
Description
Describe the bug
When calling unbound-control flush* +c to remove cache entries from both the first-level cache and the cachedb second-level cache, the operation fails:
info: cachedb msg remove example.com A IN
debug: redis_store 9AB54C417C77A0529023C6E81D124446753F76329B01977285F8AB0D1223440E (4 bytes) with ttl 0
error: redis: set resulted in an error: ERR invalid expire time in setex
debug: redis_store set completed
To reproduce
Steps to reproduce the behavior with Redis cachedb backend enabled:
- Query for a ressource record:
% dig @127.0.0.1 example.com A - Observe Redis key being created with proper TTL in the logs:
debug: redis_store 9AB54C417C77A0529023C6E81D124446753F76329B01977285F8AB0D1223440E (259 bytes) with ttl 300 - Flush record from both cache levels:
% unbound-control flush_type +c example.com A - Observe the error from the logs:
debug: redis_store 9AB54C417C77A0529023C6E81D124446753F76329B01977285F8AB0D1223440E (4 bytes) with ttl 0
error: redis: set resulted in an error: ERR invalid expire time in setex
- Query for the same ressource record:
% dig @127.0.0.1 example.com A - Observe the key still exists from the logs:
debug: redis_lookup of 9AB54C417C77A0529023C6E81D124446753F76329B01977285F8AB0D1223440E
debug: redis_lookup found 259 bytes
- Additionally, observe the key still exists in Redis with a non-null TTL:
% redis-cli GET 9AB54C417C77A0529023C6E81D124446753F76329B01977285F8AB0D1223440E
"\x00\x00\x81\x80\x00\x01\x00\a\x00\x00\x00\x01\aexample\x03com\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x01,\x00\x04\x17\xd7\x00\x8a\xc0\x0c\x00\x01\x00\x01\x00\x00\x01,\x00\x04`\a\x80\xaf\xc0\x0c\x00\x01\x00\x01\x00\x00\x01,\x00\x04`\a\x80\xc6\xc0\x0c\x00\x01\x00\x01\x00\x00\x01,\x00\x04\x17\xc0\xe4P\xc0\x0c\x00\x01\x00\x01\x00\x00\x01,\x00\x04\x17\xc0\xe4T\xc0\x0c\x00\x01\x00\x01\x00\x00\x01,\x00\x04\x17\xd7\x00\x88\xc0\x0c\x00.\x00\x01\x00\x00\x01,\x00_\x00\x01\r\x02\x00\x00\x01,g\xf2\x1c|g\xd6\xc2\xc5<\x88\aexample\x03com\x00\xc82{6\xff\x8c\n\xd0\x8b\xbe\x86\xcf E WG\xbc\x81\r\xff\x8fLK\xe6\x15\xc2\xf9r\x17\xbf\xad\xe0\xf8\"\xa9\xb5K\x99\xd6\xb5\x14E\x93\xdc\x96\x89\xd2\xcae\x7f\x9d\x0bO\xcd<\xa8J(\x01C\b\x14\xf7\x00\x00)\x04\xd0\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00g\xddD\xdf\x00\x00\x00\x00g\xddF\x0b"
% redis-cli TTL 9AB54C417C77A0529023C6E81D124446753F76329B01977285F8AB0D1223440E
(integer) 244
Expected behavior
After executing step 3. the key(s) shall no longer exist in the Redis database.
System:
- Unbound version: 1.22.0
- OS: Debian 12
- Redis 7.2.7 / KeyDB 6.3.4
unbound -Voutput:
Version 1.22.0
Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --with-pythonmodule --with-pyunbound --enable-subnet --enable-dnstap --enable-systemd --enable-cachedb --with-libhiredis --with-libnghttp2 --with-chroot-dir= --with-dnstap-socket-path=/run/dnstap.sock --disable-rpath --with-pidfile=/run/unbound.pid --with-libevent --enable-tfo-client --with-rootkey-file=/usr/share/dns/root.key --enable-tfo-server
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.0.15 3 Sep 2024
Linked modules: dns64 python cachedb subnetcache respip validator iterator
TCP Fastopen feature available
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues
Additional information
The issue comes from the fact that the following commands are refused by Redis:
> SETEX mykey 0 "value"
(error) ERR invalid expire time in 'setex' command
> SET mykey "value" EX 0
(error) ERR invalid expire time in 'set' command
However using the EXPIRE command works:
> EXPIRE mykey 0
(integer) 1
> GET mykey
(nil)
To fix this either:
1can be passed instead of0incachedb_msg_remove_qinfooncachedb/cachedb.c:1034: key(s) will then expire in the next second- additional logic can be added to
cachedb/redis.c:373so that, whenttl==0, theEXPIREcommand is invoked instead ofSET/SETEX.
As the fix is specific to the Redis backend and may have less side effects, the second option is preferable.
Note that SETEX is deprecated and shall be replaced by SET key value EX seconds).
This issue occurred with both Redis 7.2.7 and KeyDB 6.3.4 backends for the cachedb module.
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Milestone
Relationships
Development
Issue actions
You can’t perform that action at this time.