L&LD
Part of the Furniture
I'm creating a new post here because there are too many characters to update post 1042 above. 
The unbound.conf file I'm using right now is
(Please use this only as an example for an RT-AX88U and an ISP with IPv6 connectivity).
The router was rebooted with 2 days and 12 hours of uptime in my previous post above.
The cache hit ratio was 87% in unbound_manager 's'.
Before rebooting, I did notice the changes I had made, but after the reboot, they are even more apparent and so far, this is only with a 41% cache hit ratio too.
No matter whether surfing the web, accessing the NAS, or using PuTTY to access amtm, ChannelHog or unbound_manager, the experience is obviously faster and more 'snappy'.
The only thing missing is the ability to have unbound in Scribe, but the log grows too large, too fast and crashes the web GUI still.
The network responsiveness now rivals any corporate or city network I've ever used. Can it get any better?
I'm going to buy a second RT-AX88U router (hopefully in the next few months) and see if AiMesh is all it's cracked up to be.
The unbound.conf file I'm using right now is
(Please use this only as an example for an RT-AX88U and an ISP with IPv6 connectivity).
Code:
# rgnldo User Install Custom Version vx.xx (Date Loaded by unbound_manager Tue Feb 4 17:41:31 MST 2020)
server:
# port to answer queries from
port: 53535
#########################################
# integration LOG's
#
verbosity: 2
logfile: "/opt/var/lib/unbound/unbound.log"
log-time-ascii: yes
log-queries: yes
log-replies: yes
#########################################
do-ip4: yes
#do-ip6: no
do-udp: yes
do-tcp: yes
# don't be picky about interfaces but consider your firewall
interface: 0.0.0.0
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/16 allow
access-control: 192.168.0.0/24 allow
# RFC1918 private IP address - Protects against DNS Rebinding
private-address: 127.0.0.0/8
private-address: 169.254.0.0/16
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
#########################################
# integration IPV6
#
do-ip6: yes
interface: ::0
access-control: ::0/0 refuse
access-control: ::1 allow
private-address: fd00::/8
private-address: fe80::/10
#########################################
# perform a query against AAAA record exists
module-config: "dns64 validator iterator"
dns64-prefix: 64:FF9B::/96
# no threads and no memory slabs for threads
num-threads: 1
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2
# tiny memory cache
key-cache-size: 8m
msg-cache-size: 8m
rrset-cache-size: 16m
cache-max-ttl: 21600
cache-min-ttl: 5
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 3600
incoming-num-tcp: 600
outgoing-num-tcp: 100
ip-ratelimit: 100
#########################################
# Options for integration with TCP/TLS Stubby
# udp-upstream-without-downstream: yes
#########################################
# prefetch
prefetch: yes
prefetch-key: yes
minimal-responses: yes
# gentle on recursion
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
qname-minimisation: yes
harden-glue: yes
harden-below-nxdomain: yes
rrset-roundrobin: yes
aggressive-nsec: yes
deny-any: yes
# Self jail Unbound with user "unbound" to /var/lib/unbound
username: "nobody"
directory: "/opt/var/lib/unbound"
chroot: "/opt/var/lib/unbound"
# The pid file
pidfile: "/opt/var/run/unbound.pid"
# ROOT Server's
root-hints: "/opt/var/lib/unbound/root.hints"
# DNSSEC
auto-trust-anchor-file: "/opt/var/lib/unbound/root.key"
#########################################
# Adblock blacklist
#include: /opt/var/lib/unbound/adblock/adservers
#include: /opt/var/lib/unbound/adblock/firefox_DOH
#########################################
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/opt/var/lib/unbound/unbound_server.key"
server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
control-key-file: "/opt/var/lib/unbound/unbound_control.key"
control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"
#########################################
#forward-zone:
# name: "."
# forward-addr: 127.0.0.1@5453
# forward-addr: 0::1@5453 # integration IPV6
#########################################
auth-zone:
name: "."
url: "https://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: root.zoneThe router was rebooted with 2 days and 12 hours of uptime in my previous post above.
The cache hit ratio was 87% in unbound_manager 's'.
Before rebooting, I did notice the changes I had made, but after the reboot, they are even more apparent and so far, this is only with a 41% cache hit ratio too.
No matter whether surfing the web, accessing the NAS, or using PuTTY to access amtm, ChannelHog or unbound_manager, the experience is obviously faster and more 'snappy'.
The only thing missing is the ability to have unbound in Scribe, but the log grows too large, too fast and crashes the web GUI still.
The network responsiveness now rivals any corporate or city network I've ever used. Can it get any better?
I'm going to buy a second RT-AX88U router (hopefully in the next few months) and see if AiMesh is all it's cracked up to be.
Last edited:
... but now embarrassed to admit it 
. 
.
- still use Quad9 for DoT under WAN settings!
