What's new

Installing and configuring authoritative, recursive, and DoT/DNSSEC DNS server with Unbound

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

its better to use Thread num=2
Comparing unbound reports, I found that the stub-zone option redirects the cache to stubby. The detail is that stubby does not offer cache service. Stub zones are other Unbound or Bind servers that interconnect, further reducing response time.
Raising to the thread will make no difference in 'avg'. Unbound works with requests. The higher the query requests, the better the response time, lowering the 'avg'. So for a network with ARM router, better Thead num = 1.
Disregard
Code:
stub-zone:
name: "1.1.168.192.in-addr.arp"
stub-addr: 192.168.1.1
stub-first: yes
If you want to get CacheHIT
 
Comparing unbound reports, I found that the stub-zone option redirects the cache to stubby. The detail is that stubby does not offer cache service. Stub zones are other Unbound or Bind servers that interconnect, further reducing response time.
Raising to the thread will make no difference in 'avg'. Unbound works with requests. The higher the query requests, the better the response time, lowering the 'avg'. So for a network with ARM router, better Thead num = 1.
Disregard
Code:
stub-zone:
name: "1.1.168.192.in-addr.arp"
stub-addr: 192.168.1.1
stub-first: yes
If you want to get CacheHIT
You may see better performance if you could pick which thread it uses.
 
I have no clue I just thought it was good tip because you may see better performance if you were able to use the 2nd thread instead of the 1st , that maybe why there is a noticable difference when delusion set it to use both.
 
2nd thread instead of the 1st
Code:
    # this limits TCP service but uses less buffers
    outgoing-num-tcp: 10
    incoming-num-tcp: 10

    # no threads and no memory slabs for threads
    num-threads: 2
    outgoing-range: 200
    num-queries-per-thread: 512
    msg-cache-slabs: 4
    rrset-cache-slabs: 4
    infra-cache-slabs: 4
    key-cache-slabs: 4
Go tests
 
Update post install unbound on FW 384.13
 
This script seems like it has hit prime time. :)

Can anyone make an installer script for this in a format compatible to be included in a future amtm release? :D:D:D
 
ompatible to be included in a future amtm release?
It takes someone with very good shell-script knowledge and good communication with the amtm team. It's not my case. It seems to me that @Voxel builds already include unbound + stubby as an option. Gradually they are including unbound.
 
UPDATE Tips

Unbound and DNSSEC Health Check Tests:


Code:
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5453
=> status: NOERROR

Code:
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5453
=> status: SERVFAIL


Code:
dig snbforums.com  @127.0.0.1 -p 5453
Query time: 0 msec <= On the second attempt the response time should be zero.
SERVER: 127.0.0.1#5453(127.0.0.1)


 
Last edited:
Not entirely sure, but the debate is interesting. Source: https://discourse.pi-hole.net/t/unbound-or-stubby/15432/2

pi-hole.png
 
But stubby still runs ,,,
 
Take the test without stubby. Disable
Which package do I need to install to get 'dig' command? and disable what? stubby? how?
earlier I saw you added also a part in which we need to edit dnsnmasq.postconf (without stubby) but it is not there, no need anymore?
 
but it is not there, no need anymore?
I don't want you to stop using stubby. This is an option given the debate about the need for stubby + unbound.
 
well... it works fine... (without stubby).
However, lately I stopped using unbound because it had some issues with VPN and sometimes I had to turn off and on my VPN client configured on router. Sometimes I would loose connection (Merlin FW says no connection but there is connection and internet works but it messes up Skynet and other stuff which think there is no connection ) I hope this time everything will be fine
 
had to turn off and on my VPN client configured on router
If you use VPN on the router, there is no need for security options or DNSSEC on Unbound.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top