Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[kernol]

Not sure why you are getting stats from unbound like that. I am always around 91%.

Hi @juched - thanks for that. My prior installs of unbound had all been back in the days when the now so called "advanced" install option was readily available [it cleverly remembered your choice of "adv" or "advanced" as a preferred menu option].

A clean install from amtm Menu item 7 - now takes you down the "Easy" automated setup mode. I know one can still get to the advanced menu - but from terminal command prompt only. I followed the Easy auto install ... and encountered the low cache hits as per my original post.

I have now uninstalled unbound [nice job - much cleaner uninstall than before] and this time, immediately after amtm option 7 took "e" for exit without installing unbound_manager - and instead did an "advanced" install from the command prompt. I'm not a code digger - but that process seemed to me to have more functionality that the "Easy" mode ... and for eg - noticed the cache.txt routine flash up briefly [auto save and restore cache entries].

I will continue to monitor and report if need be.
I see you are a coder - so up to you [if you wish] to check if there is any difference from a cache persepective in the coding between Easy and Advanced routines. Just trying to be helpful .

 

[kernol]

Agreed I think Kernol is the only one with this problem?

I would be very happy if I am the only one ... but I see someone else already having a similar experience.
I always used to get high seventries and even eighties for cache hits ... my post simply intended to guage whether a gremlin had crept in or not ... particularly in a clean install under the amtm enforced "Easy" mode.

 

[ARKASHA]

Agreed I think Kernol is the only one with this problem?

Sadly no, I'm in the low 60% too.

Inviato dal mio ONEPLUS A6003 utilizzando Tapatalk

 

[joe scian]

Sadly no, I'm in the low 60% too.

Inviato dal mio ONEPLUS A6003 utilizzando Tapatalk

Those that are using more than 1 thread in opt/var/lib/unbound.conf ie num-threads: 1 will almost certainly be experiencing lower than 90% cache hits success

 

[kernol]

Those that are using more than 1 thread in opt/var/lib/unbound.conf ie num-threads: 1 will almost certainly be experiencing lower than 90% cache hits success

Thanks Joe - but for quite some time now I have reverted to default minimal settings designed by Dave and implemented in the default unbound manager install routine.
Back in the day I did tweak my settings along similar lines to @L&LD

Not sure why you are getting stats from unbound like that. I am always around 91%.

@juched - as a matter of interest ... is the "average cache" hits computed on a time basis - or simply on data-points [hourly ones] - and if so what about the data-points run manually ... are they included in the average calc? Has any of that logic changed in recent weeks / months?

 

[ARKASHA]

Those that are using more than 1 thread in opt/var/lib/unbound.conf ie num-threads: 1 will almost certainly be experiencing lower than 90% cache hits success

Still in my unbound.conf that variable num-threads is set to 1.

 

[ika]

Thanks for that - I'm aware that a PC [in this case a laptop running Win10] does make additional DNS requests outside the 30 web pages I was calling up repeatedly. NB - you can see the change between the first and second images in my post above.

The issue is declining cache hit rates for repeating the self same DNS calls - but they should be improving.
Remember only ONE client on this router.

Sorry, maybe I'm a too tired, but I don't understand. You show two pictures and the second has approx 280 additional DNS queries, but only 33 of those were from cache. Why would the hit ratio increase?

 

[Martineau]

scribe was notably missing from the advanced options

I pushed a Hotfix

Version=3.09
Github md5=f99c48a3a5e7393490b6b21919b62a1a
​

Hopefully the missing 'scribe' menu item is now correctly displayed.

 

[Chris0815]

I pushed a Hotfix

Version=3.09
Github md5=f99c48a3a5e7393490b6b21919b62a1a
​

Hopefully the missing 'scribe' menu item is now correctly displayed.

I can confirm - I also can see the "ad" item now that I missed before (its in the same line...)

 

[ika]

I pushed a Hotfix

Version=3.09
Github md5=f99c48a3a5e7393490b6b21919b62a1a
​

Hopefully the missing 'scribe' menu item is now correctly displayed.

Thank you, I updated. Maybe I'm not remmembering correctly, but didn't it show here (see pic) if the DNS firewall option were enabled or not. (I think it did before this update, sorry if I'm mistaken).

 

[Martineau]

Thank you, I updated. Maybe I'm not remmembering correctly, but didn't it show here (see pic) if the DNS firewall option were enabled or not. (I think it did before this update, sorry if I'm mistaken).
View attachment 23190

It still does?

[✔] unbound CPU/Memory Performance tweaks
[✔] Router Graphical GUI statistics TAB installed
[✔] unbound-control FAST response ENABLED
[✔] DNS Firewall ENABLED

@juched's script creates the file

grep -F "unbound.conf.firewall" /opt/var/lib/unbound/unbound.conf

include: "/opt/share/unbound/configs/unbound.conf.firewall"        # Custom DNS Firewall

 

[ika]

It still does?

[✔] unbound CPU/Memory Performance tweaks
[✔] Router Graphical GUI statistics TAB installed
[✔] unbound-control FAST response ENABLED
[✔] DNS Firewall ENABLED

Not here as you see in the picture

edit: Disabling and Enabling the feature fixed the displaying issue.

 

[Milan]

Still in my unbound.conf that variable num-threads is set to 1.

I am using 4 threads and hit ratio was never be over 60 %

 

[Martineau]

Not here as you see in the picture

- or you being humorous?
Did you try the diagnostic command?....post the results

 

[ika]

- or you being humorous?
Did you try the diagnostic command?....post the results

Nope, I just updated, then choose "s" and "?" a couple of times, and took a screenshot. As I said, disabling and enabling the feature with "7" made it appear in the list. Grep returned the same for me as well.

I am using 4 threads and hit ratio was never be over 60 %

I really don't think you need more than one thread for unbound.

 

[joe scian]

Hi Martineau

Is this expected behaviour if I do NOT have a VPN Client active?

A:Option ==> bind


Do you want to force BIND unbound requests via 'WAN'?

        Reply 'y' or press [Enter]  to skip
y


        ***ERROR unbound request force BIND via WAN () 'ppp0'  ABORTED!

 

[JGrana]

I am using 4 threads and hit ratio was never be over 60 %

I have tried 1 and 3 threads (AX88u). I am typically at 70%.

 

[Martineau]

Hi Martineau

Is this expected behaviour if I do NOT have a VPN Client active?

A:Option ==> bind


Do you want to force BIND unbound requests via 'WAN'?

        Reply 'y' or press [Enter]  to skip
y


        ***ERROR unbound request force BIND via WAN () 'ppp0'  ABORTED!

If you only have one available outbound interface, then unbound will obviously be forced by default to use it, so explicitly BINDing unbound to the WAN interface isn't necessary.

The force BIND to WAN simply attempts to pre-empt a potential (not that anyone would notice?) performance drop for unbound DNS requests that leak via the (invariably slower) VPN Client interface.

WAN PPTP users are a $£^&*!!!!

However, would you mind trying to assist and diagnose why the script seemingly fails to identify the actual WAN Gateway IP for the detected 'ppp0' interface

ip route | grep ppp0

Please redact your actual WAN IP before posting.

 

[kernol]

Sorry, maybe I'm a too tired, but I don't understand. You show two pictures and the second has approx 280 additional DNS queries, but only 33 of those were from cache. Why would the hit ratio increase?

Those additional DNS queries arise from multiple openings of the same web pages - so fully correct that the total DNS queries rise - but so should the Cache Hit percentage.

I will try and convey my point with the pdf file [see link below] - which is screen dumped after a second clean install using default "advanced" menu options - and follows three reboots of the router - at which point the cache hits reset to ZERO [so now should be no small surprise that cache hits so low].
https://drive.google.com/open?id=1Z1zyCnMYatDDePMIGcj44LOeOw3o_4Dy

In addition - this time I turned on logging with Scribe - so I can see exactly what DNS calls have been made - how many hits on each and how few there are which have had only ONE hit. I work with stats every day [in the financial markets] - and in my view the correct cache hits for the data presently on my router should be either ...

• "A" 91.57% if based on the number of unique cached DNS entries where the same site has been called more than once [i.e. from cache]; preferred method ... or ...
• "B" 98.48% if based on the total number of DNS queries actually made as repeat against unique [once only count] sites.

See the pdf of my spreadsheet -extracted from the screen grab above]. Right now the cache hits start back at zero after each reboot ... and that seems to me to be one of the things wrong with both the graphs and the summary.

EDIT - have supplied link to the pdf spreadsheet in my google-drive to view in case anyone anxious about a download.
https://drive.google.com/open?id=10wpTCmMsJws__ve_49ff5Xy9EwqtX-KU

 

[juched]

Thanks Joe - but for quite some time now I have reverted to default minimal settings designed by Dave and implemented in the default unbound manager install routine.
Back in the day I did tweak my settings along similar lines to @L&LD



@juched - as a matter of interest ... is the "average cache" hits computed on a time basis - or simply on data-points [hourly ones] - and if so what about the data-points run manually ... are they included in the average calc? Has any of that logic changed in recent weeks / months?

The cache hit percentage in the UI is calculated hourly (at :59) and is calculated the same way as the script does it when you show stats.

Unbound tracks the number of hits and misses and total requests. It is in memory only so if you restart unbound those stats reset. This has nothing to do with the cache, these are just numbers unbound has built internally to track usage.

The calculation is simple total hits / total requests. It has always been the same with no changes.

When I boot my router, yes my number drops as there is such a low number of requests processed by then. But by the next hour it has come back up into the 80s and then grows to 90%.

That also being said, this is highly dependant on your devices and browsing habits.

I do believe there was a change not too long ago to change the max and min time to live inside the conf file. This should change your testing as in my understanding, but may be worth a review.

“Change 'cache-max-ttl: 21600' and 'cache-min-ttl: 5 to 14400/1200'”