Menu
What's new
By:
Filters Better Search

Installing and configuring authoritative, recursive, and DoT/DNSSEC DNS server with Unbound

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Delusion said:
its better to use Thread num=2
Click to expand...
Comparing unbound reports, I found that the stub-zone option redirects the cache to stubby. The detail is that stubby does not offer cache service. Stub zones are other Unbound or Bind servers that interconnect, further reducing response time.
Raising to the thread will make no difference in 'avg'. Unbound works with requests. The higher the query requests, the better the response time, lowering the 'avg'. So for a network with ARM router, better Thead num = 1.
Disregard
Code: 
stub-zone:
name: "1.1.168.192.in-addr.arp"
stub-addr: 192.168.1.1
stub-first: yes
If you want to get CacheHIT
 
rgnldo said:
Comparing unbound reports, I found that the stub-zone option redirects the cache to stubby. The detail is that stubby does not offer cache service. Stub zones are other Unbound or Bind servers that interconnect, further reducing response time.
Raising to the thread will make no difference in 'avg'. Unbound works with requests. The higher the query requests, the better the response time, lowering the 'avg'. So for a network with ARM router, better Thead num = 1.
Disregard
Code: 
stub-zone:
name: "1.1.168.192.in-addr.arp"
stub-addr: 192.168.1.1
stub-first: yes
If you want to get CacheHIT
Click to expand...
You may see better performance if you could pick which thread it uses.
 
I have no clue I just thought it was good tip because you may see better performance if you were able to use the 2nd thread instead of the 1st , that maybe why there is a noticable difference when delusion set it to use both.
 
Swistheater said:
2nd thread instead of the 1st
Click to expand...
Code: 
    # this limits TCP service but uses less buffers
    outgoing-num-tcp: 10
    incoming-num-tcp: 10

    # no threads and no memory slabs for threads
    num-threads: 2
    outgoing-range: 200
    num-queries-per-thread: 512
    msg-cache-slabs: 4
    rrset-cache-slabs: 4
    infra-cache-slabs: 4
    key-cache-slabs: 4
Go tests
 
Update post install unbound on FW 384.13
 
This script seems like it has hit prime time. :)

Can anyone make an installer script for this in a format compatible to be included in a future amtm release? :D:D:D
 
L&LD said:
ompatible to be included in a future amtm release?
Click to expand...
It takes someone with very good shell-script knowledge and good communication with the amtm team. It's not my case. It seems to me that @Voxel builds already include unbound + stubby as an option. Gradually they are including unbound.
 
UPDATE Tips

Unbound and DNSSEC Health Check Tests:


Code: 
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5453
=> status: NOERROR

Code: 
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5453
=> status: SERVFAIL


Code: 
dig snbforums.com  @127.0.0.1 -p 5453
Query time: 0 msec <= On the second attempt the response time should be zero.
SERVER: 127.0.0.1#5453(127.0.0.1)


 
Last edited:
Not entirely sure, but the debate is interesting. Source: https://discourse.pi-hole.net/t/unbound-or-stubby/15432/2

pi-hole.png
 
But stubby still runs ,,,
 
rgnldo said:
Take the test without stubby. Disable
Click to expand...
Which package do I need to install to get 'dig' command? and disable what? stubby? how?
earlier I saw you added also a part in which we need to edit dnsnmasq.postconf (without stubby) but it is not there, no need anymore?
 
Delusion said:
but it is not there, no need anymore?
Click to expand...
I don't want you to stop using stubby. This is an option given the debate about the need for stubby + unbound.
 
well... it works fine... (without stubby).
However, lately I stopped using unbound because it had some issues with VPN and sometimes I had to turn off and on my VPN client configured on router. Sometimes I would loose connection (Merlin FW says no connection but there is connection and internet works but it messes up Skynet and other stuff which think there is no connection ) I hope this time everything will be fine
 
Delusion said:
had to turn off and on my VPN client configured on router
Click to expand...
If you use VPN on the router, there is no need for security options or DNSSEC on Unbound.
 
You must log in or register to reply here.

Similar threads

L
Suggestion: DNS Director, add optional compatibility with DOT
Replies
2
Views
214
Linuxer
L
tRiFFiD
Unbound Unbound & local domain DNS
Replies
0
Views
745
tRiFFiD
tRiFFiD
V
Local system fails to register address with DNS server
Replies
5
Views
270
RMerlin
RMerlin
C
Need help with GT-AXE11000 and DNS Director
Replies
0
Views
599
corruptus
C
G
DNS Hijack?
Replies
3
Views
627
EllaHill
E
Similar threads
Thread starter Title Forum Replies Date
J Installing Merlin on router Asuswrt-Merlin 3
iopq Installing UU game booster on the router Asuswrt-Merlin 7
F INSTALLING MERLIN Asuswrt-Merlin 17
P Installing Asuswrt-Merlin on a new router Asuswrt-Merlin 3
K Installing Merlin Firmware on ASUS RT-AX86U Pro Asuswrt-Merlin 12
P Complete router meltdown after installing scripts Asuswrt-Merlin 12
StrikerXXX Need help configuring NextDNS Asuswrt-Merlin 7
Sunny786 Help Needed: Configuring OpenVPN Server and Instant Guard on Asus GT-AX11000 with Technicolor CobraXh Modem Router Asuswrt-Merlin 11
Wobbo Configuring USB-Connected HDD for FTP Sharing via NordVPN Dedicated IP on AC86U Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,236 (members: 23, guests: 1,213)
Top