Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Martineau]

Unable to get 3.10 beta from dev branch


It flashes and return to menu with minor update for 3.09

Apologies. you did actually download v3.10 beta, but I stupidly didn't change the version number since the feature is experimental, but I have now updated it on GitHub 'dev' branch

 

[Milan]

I updated to 3.10 beta. now it explains low hit rate for multiple threads - as it is showing average in 3.09 when using multiple threads.

after restart and do some browsing one thread has 15 % second 11 % - stats are showing 13 %

 

[kernol]

Kernol
Please post your ? command and s command when you get a chance - mine is below
PS since I use Diversion I am not using adblock

A:Option ==> ?

        Version=3.09
        Local                                           md5=f99c48a3a5e7393490b6b21919b62a1a
        Github                                          md5=f99c48a3a5e7393490b6b21919b62a1a
        /jffs/addons/unbound/unbound_manager.md5        md5=f99c48a3a5e7393490b6b21919b62a1a

        Router Configuration recommended pre-reqs status:

        [✔] Swapfile=2097148 kB
        [✔] DNS Filter=ON
        [✔] DNS Filter=ROUTER
        [✔] WAN: Use local caching DNS server as system resolver=NO
        [✔] Entware NTP server is running
        [✔] Enable DNS Rebind protection=NO
        [✔] Enable DNSSEC support=NO
        [✖] Warning Skynet's Country BAN feature is currently ACTIVE and may significantly reduce unbound performance and in some cases block sites

        Options: Auto Reply='y' for User Selectable Options ('1 4 5') unbound Logging,Performance Tweaks,Firefox DoH

        [✔] unbound Logging
        [✔] unbound CPU/Memory Performance tweaks
        [✔] Firefox DNS-over-HTTPS (DoH) DISABLE/Blocker
        [✔] Router Graphical GUI statistics TAB installed
        [✔] unbound-control FAST response ENABLED
        [✔] DNS Firewall ENABLED

        unbound Memory/Cache:

        'key-cache-size:'       8388608 (8.00 MB)
        'msg-cache-size:'       8388608 (8.00 MB)       6% used 555365  (542.35 KB)
        'rrset-cache-size:'     16777216 (16.00 MB)     10% used 1775426        (1.69 MB)

        System Memory/Cache:

                     total       used       free     shared    buffers     cached
        Mem:        515184     425944      89240          0       3004      32912
        -/+ buffers/cache:     390028     125156
        Swap:      2097148      77412    2019736

A:Option ==> s


total.num.queries=33102                 total.num.expired=1775                  total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0      total.num.recursivereplies=2101         total.requestlist.current.all=0         msg.cache.count=2921
total.num.cachehits=31001               total.requestlist.avg=1.03428           total.requestlist.current.user=0        rrset.cache.count=8567
total.num.cachemiss=2101                total.requestlist.max=51                total.recursion.time.avg=0.322397       infra.cache.count=2618
total.num.prefetch=2392                 total.requestlist.overwritten=0         total.recursion.time.median=0.208716    key.cache.count=487

Summary: Cache Hits success=93.00%

As requested ...

        Version=3.09
        Local                                           md5=f99c48a3a5e7393490b6b21919b62a1a
        Github                                          md5=f99c48a3a5e7393490b6b21919b62a1a
        /jffs/addons/unbound/unbound_manager.md5        md5=f99c48a3a5e7393490b6b21919b62a1a

        Router Configuration recommended pre-reqs status:

        [✔] Swapfile=2097148 kB
        [✔] DNS Filter=ON
        [✔] DNS Filter=ROUTER
        [✔] WAN: Use local caching DNS server as system resolver=NO
        [✔] Enable local NTP server=YES
        [✔] Enable DNS Rebind protection=NO
        [✔] Enable DNSSEC support=NO

        Options: Auto Reply='y' for User Selectable Options ('4') Performance Tweaks

        [✔] unbound CPU/Memory Performance tweaks
        [✔] Router Graphical GUI statistics TAB installed
        [✔] unbound-control FAST response ENABLED

        unbound Memory/Cache:

        'key-cache-size:'       8388608 (8.00 MB)
        'msg-cache-size:'       8388608 (8.00 MB)       1% used 155473  (151.83 KB)
        'rrset-cache-size:'     16777216 (16.00 MB)     2% used 491235  (479.72 KB)

        System Memory/Cache:

                     total       used       free     shared    buffers     cached
        Mem:        255676     116748     138928          0       2008      19820
        -/+ buffers/cache:      94920     160756
        Swap:      2097148          0    2097148

EDIT: I am intrigued by the fact that my dump of the config above does not - like yours - show that Logging is enabled - but it most certainly is - can see it in scribe and in the unbound webui stats ???


and "s" ...

total.num.queries=1136                  total.requestlist.avg=1.04955           total.recursion.time.median=0.752877
total.num.queries_ip_ratelimited=0      total.requestlist.max=16                total.tcpusage=0
total.num.cachehits=476                 total.requestlist.overwritten=0         msg.cache.count=834
total.num.cachemiss=660                 total.requestlist.exceeded=0            rrset.cache.count=2458
total.num.prefetch=349                  total.requestlist.current.all=0         infra.cache.count=844
total.num.expired=335                   total.requestlist.current.user=0        key.cache.count=97
total.num.recursivereplies=660          total.recursion.time.avg=1.017393

Summary: Cache Hits success=41.00%

Thanks - have yet to try fresh install with command line - which I assume you got from here ...
https://github.com/MartineauUK/Unbo...-the-commandline-the-default-is-advanced-mode

 

[Martineau]

I updated to 3.10 beta. now it explains low hit rate for multiple threads - as it is showing average in 3.09 when using multiple threads.

after restart and do some browsing one thread has 15 % second 11 % - stats are showing 13 %

For my recent two threads configuration, after 12 hours the requests seem to be split pretty much 50-50 between them

i.e. Avg=87.00%, Thread 0=87.00% and Thread 1=87.00%

Spoiler: Cache report Details

A:Option ==> s

total.num.queries=31212                 total.num.expired=2934              total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0      total.num.recursivereplies=3878     total.requestlist.current.all=0         msg.cache.count=3413
total.num.cachehits=27334               total.requestlist.avg=1.39012       total.requestlist.current.user=0        rrset.cache.count=9005
total.num.cachemiss=3878                total.requestlist.max=26            total.recursion.time.avg=0.117486       infra.cache.count=2969
total.num.prefetch=3730                 total.requestlist.overwritten=0     total.recursion.time.median=0.0555293   key.cache.count=453

Summary: Cache Hits success=87.00%

thread0.num.queries=15489               thread0.num.expired=1536            thread0.requestlist.exceeded=0          thread0.tcpusage=0
thread0.num.queries_ip_ratelimited=0    thread0.num.recursivereplies=1887   thread0.requestlist.current.all=0       msg.cache.count=3413
thread0.num.cachehits=13602             thread0.requestlist.avg=1.42722     thread0.requestlist.current.user=0      rrset.cache.count=9005
thread0.num.cachemiss=1887              thread0.requestlist.max=26          thread0.recursion.time.avg=0.114474     infra.cache.count=2969
thread0.num.prefetch=1919               thread0.requestlist.overwritten=0   thread0.recursion.time.median=0.0541181 key.cache.count=453

Thread 0: Cache Hits success=87.00%

thread1.num.queries=15723               thread1.num.expired=1398            thread1.requestlist.exceeded=0          thread1.tcpusage=0
thread1.num.queries_ip_ratelimited=0    thread1.num.recursivereplies=1991   thread1.requestlist.current.all=0       msg.cache.count=3413
thread1.num.cachehits=13732             thread1.requestlist.avg=1.35297     thread1.requestlist.current.user=0      rrset.cache.count=9005
thread1.num.cachemiss=1991              thread1.requestlist.max=25          thread1.recursion.time.avg=0.120342     infra.cache.count=2969
thread1.num.prefetch=1811               thread1.requestlist.overwritten=0   thread1.recursion.time.median=0.0569405 key.cache.count=453

Thread 1: Cache Hits success=87.00%

So if it is deemed worthwhile in keeping the feature to report the cache stats per thread, I will probably drop the original 'average' Summary section, as it can be derived from the individual thread metrics, but also to save screen space.

EDIT: v3.10b2 on GitHub 'dev' no longer displays Average Summary if multiple threads configured.

Spoiler: num-threads: 3

e  = Exit Script [?]

A:Option ==> s

thread0.num.queries=121                 thread0.num.expired=1               thread0.requestlist.exceeded=0          thread0.tcpusage=0
thread0.num.queries_ip_ratelimited=0    thread0.num.recursivereplies=46     thread0.requestlist.current.all=0       msg.cache.count=953
thread0.num.cachehits=75                thread0.requestlist.avg=1.4898      thread0.requestlist.current.user=0      rrset.cache.count=5219
thread0.num.cachemiss=46                thread0.requestlist.max=6           thread0.recursion.time.avg=0.127746     infra.cache.count=149
thread0.num.prefetch=3                  thread0.requestlist.overwritten=0   thread0.recursion.time.median=0.0538331 key.cache.count=48

Thread 0 Summary: Cache Hits success=61.00%

thread1.num.queries=127                 thread1.num.expired=0               thread1.requestlist.exceeded=0          thread1.tcpusage=0
thread1.num.queries_ip_ratelimited=0    thread1.num.recursivereplies=55     thread1.requestlist.current.all=0       msg.cache.count=953
thread1.num.cachehits=72                thread1.requestlist.avg=1.67273     thread1.requestlist.current.user=0      rrset.cache.count=5219
thread1.num.cachemiss=55                thread1.requestlist.max=19          thread1.recursion.time.avg=0.149601     infra.cache.count=149
thread1.num.prefetch=0                  thread1.requestlist.overwritten=0   thread1.recursion.time.median=0.0959634 key.cache.count=48

Thread 1 Summary: Cache Hits success=56.00%

thread2.num.queries=78                  thread2.num.expired=0               thread2.requestlist.exceeded=0          thread2.tcpusage=0
thread2.num.queries_ip_ratelimited=0    thread2.num.recursivereplies=49     thread2.requestlist.current.all=0       msg.cache.count=953
thread2.num.cachehits=29                thread2.requestlist.avg=1.59184     thread2.requestlist.current.user=0      rrset.cache.count=5219
thread2.num.cachemiss=49                thread2.requestlist.max=8           thread2.recursion.time.avg=0.109549     infra.cache.count=149
thread2.num.prefetch=0                  thread2.requestlist.overwritten=0   thread2.recursion.time.median=0.0643657 key.cache.count=48

Thread 2 Summary: Cache Hits success=37.00%

However, I'm sure the jury is still out on the question "On the router, is there any tangible performance benefit in having multiple threads?"

 

[Torson]

@Martineau, would you consider adding 'Beta' or whatever indication you deem appropriate to the versions downloaded from the 'dev' branch? As for the screen real estate ,just a suggestion to have 's' show the individual threads only, since you already have 's thread' that show the additional information.

 

[Martineau]

@Martineau, would you consider adding 'Beta' or whatever indication you deem appropriate to the versions downloaded from the 'dev' branch?

It is rare for me to advertise the use of the GitHub 'dev' branch, but in the rush (because it was getting late here) I lazily didn't alter the version number for this particular temporary/experimental feature, but I have now corrected this oversight earlier today.

As for the screen real estate ,just a suggestion to have 's' show the individual threads only, since you already have 's thread' that show the additional information.

That is what I already proposed in post 1884#

EDIT: v3.10b2 on GitHub 'dev' no longer displays Average Summary if multiple threads configured.

However, whilst there doesn't seem to be any measurable detrimental effects in setting 'num-threads:' > 1 IMHO unless you are an advanced user and manually change other services on the router, there is no point.

 

[joe scian]

As requested ...

        Version=3.09
        Local                                           md5=f99c48a3a5e7393490b6b21919b62a1a
        Github                                          md5=f99c48a3a5e7393490b6b21919b62a1a
        /jffs/addons/unbound/unbound_manager.md5        md5=f99c48a3a5e7393490b6b21919b62a1a

        Router Configuration recommended pre-reqs status:

        [✔] Swapfile=2097148 kB
        [✔] DNS Filter=ON
        [✔] DNS Filter=ROUTER
        [✔] WAN: Use local caching DNS server as system resolver=NO
        [✔] Enable local NTP server=YES
        [✔] Enable DNS Rebind protection=NO
        [✔] Enable DNSSEC support=NO

        Options: Auto Reply='y' for User Selectable Options ('4') Performance Tweaks

        [✔] unbound CPU/Memory Performance tweaks
        [✔] Router Graphical GUI statistics TAB installed
        [✔] unbound-control FAST response ENABLED

        unbound Memory/Cache:

        'key-cache-size:'       8388608 (8.00 MB)
        'msg-cache-size:'       8388608 (8.00 MB)       1% used 155473  (151.83 KB)
        'rrset-cache-size:'     16777216 (16.00 MB)     2% used 491235  (479.72 KB)

        System Memory/Cache:

                     total       used       free     shared    buffers     cached
        Mem:        255676     116748     138928          0       2008      19820
        -/+ buffers/cache:      94920     160756
        Swap:      2097148          0    2097148

EDIT: I am intrigued by the fact that my dump of the config above does not - like yours - show that Logging is enabled - but it most certainly is - can see it in scribe and in the unbound webui stats ???


and "s" ...

total.num.queries=1136                  total.requestlist.avg=1.04955           total.recursion.time.median=0.752877
total.num.queries_ip_ratelimited=0      total.requestlist.max=16                total.tcpusage=0
total.num.cachehits=476                 total.requestlist.overwritten=0         msg.cache.count=834
total.num.cachemiss=660                 total.requestlist.exceeded=0            rrset.cache.count=2458
total.num.prefetch=349                  total.requestlist.current.all=0         infra.cache.count=844
total.num.expired=335                   total.requestlist.current.user=0        key.cache.count=97
total.num.recursivereplies=660          total.recursion.time.avg=1.017393

Summary: Cache Hits success=41.00%

Thanks - have yet to try fresh install with command line - which I assume you got from here ...
https://github.com/MartineauUK/Unbo...-the-commandline-the-default-is-advanced-mode

Your total.num.queries=1136 - thats a very very small sample - hardly a basis for calculating final cache stats - get that figure up to somewhere approaching 30000++ then you can make a case for low cache success rate of 40%

 

[Martineau]

Hi Martineau

I substituted made up values below for WAN Gateway address -

ip route | grep ppp0

gives following output

110.3.231.6 dev ppp0  proto kernel  scope link
default via 110.3.231.6  dev ppp0

Thanks,

I've included a patch in v3.10Beta3 available on GitHub 'dev' branch for you to test at your leisure.

 

[kernol]

Your total.num.queries=1136 - thats a very very small sample - hardly a basis for calculating final cache stats - get that figure up to somewhere approaching 30000++ then you can make a case for low cache success rate of 40%

I am not and have not been making a case for low cache success rate - just an apparent under-reporting by the stats given.
If I compute the cache hits from the logs I get a high cache count 90%+.

Never mind - thanks for your input ... but I doubt that I will ever get to 30k+ since the numbers reset on every reboot [pity no accumulator].

Strange that with no change to number or type of devices connected to my main router network ... the "reported" cache hits steadily decline in recent weeks - but I used to [within a day or two of fresh install or update] have cache hits of 90%.
Maybe its Covid-19 ... need to haul out my ultra-violet light - or try a disinfectant injection.

Cheers.

 

[Safemode]

A:Option ==> s

thread0.num.queries=3361                thread0.num.expired=1314                thread0.requestlist.exceeded=0          thread0.tcpusage=0
thread0.num.queries_ip_ratelimited=0    thread0.num.recursivereplies=941        thread0.requestlist.current.all=0       msg.cache.count=7364
thread0.num.cachehits=2420              thread0.requestlist.avg=0.63709         thread0.requestlist.current.user=0      rrset.cache.count=7248
thread0.num.cachemiss=941               thread0.requestlist.max=31              thread0.recursion.time.avg=0.346957     infra.cache.count=3051
thread0.num.prefetch=1561               thread0.requestlist.overwritten=0       thread0.recursion.time.median=0.104239  key.cache.count=497

Thread 0 Summary: Cache Hits success=72.00%

thread1.num.queries=3314                thread1.num.expired=1297                thread1.requestlist.exceeded=0          thread1.tcpusage=0
thread1.num.queries_ip_ratelimited=0    thread1.num.recursivereplies=946        thread1.requestlist.current.all=0       msg.cache.count=7364
thread1.num.cachehits=2368              thread1.requestlist.avg=0.787607        thread1.requestlist.current.user=0      rrset.cache.count=7248
thread1.num.cachemiss=946               thread1.requestlist.max=38              thread1.recursion.time.avg=0.320597     infra.cache.count=3051
thread1.num.prefetch=1507               thread1.requestlist.overwritten=0       thread1.recursion.time.median=0.0971741 key.cache.count=497

Thread 1 Summary: Cache Hits success=71.00%



unbound (pid 11696 11499) is running... uptime: 0 Days, 14:38:39 version: 1.10.0 # rgnldo Github Version=v1.09 Martineau update (Date Loaded by unbound_manager Fri May 1 20:07:14 DST 2020)

Not bad at all. Looks cleaner indeed Martineau. I will be leaving num-threads to 2 but i will go to unbound defaults which are 4mb per thread. This means each thread will have 4mb for each cache.

# no threads and no memory slabs for threads
num-threads: 2
msg-cache-slabs: 1
rrset-cache-slabs: 1
infra-cache-slabs: 1
key-cache-slabs: 1

# tiny memory cache / # prefetch / # gentle on recursion
extended-statistics: yes                        # v1.06 Martineau for @juched GUI TAB
cache-min-ttl: 300
outgoing-range: 450
num-queries-per-thread: 256
edns-buffer-size: 1232
max-udp-size: 1232
harden-algo-downgrade: yes
harden-referral-path: yes
harden-large-queries: yes
harden-short-bufsize: yes
identity: "DNS"
use-caps-for-id: yes
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
aggressive-nsec: yes
ratelimit: 1000
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 3600
deny-any: yes

        unbound Memory/Cache:

        'key-cache-size:'       4194304 (4.00 MB)
        'msg-cache-size:'       4194304 (4.00 MB)       27% used 1164354        (1.11 MB)
        'rrset-cache-size:'     4194304 (4.00 MB)       28% used 1190198        (1.14 MB)

 

[Martineau]

A:Option ==> s

thread0.num.queries=3361                thread0.num.expired=1314                thread0.requestlist.exceeded=0          thread0.tcpusage=0
thread0.num.queries_ip_ratelimited=0    thread0.num.recursivereplies=941        thread0.requestlist.current.all=0       msg.cache.count=7364
thread0.num.cachehits=2420              thread0.requestlist.avg=0.63709         thread0.requestlist.current.user=0      rrset.cache.count=7248
thread0.num.cachemiss=941               thread0.requestlist.max=31              thread0.recursion.time.avg=0.346957     infra.cache.count=3051
thread0.num.prefetch=1561               thread0.requestlist.overwritten=0       thread0.recursion.time.median=0.104239  key.cache.count=497

Thread 0 Summary: Cache Hits success=72.00%

thread1.num.queries=3314                thread1.num.expired=1297                thread1.requestlist.exceeded=0          thread1.tcpusage=0
thread1.num.queries_ip_ratelimited=0    thread1.num.recursivereplies=946        thread1.requestlist.current.all=0       msg.cache.count=7364
thread1.num.cachehits=2368              thread1.requestlist.avg=0.787607        thread1.requestlist.current.user=0      rrset.cache.count=7248
thread1.num.cachemiss=946               thread1.requestlist.max=38              thread1.recursion.time.avg=0.320597     infra.cache.count=3051
thread1.num.prefetch=1507               thread1.requestlist.overwritten=0       thread1.recursion.time.median=0.0971741 key.cache.count=497

Thread 1 Summary: Cache Hits success=71.00%



unbound (pid 11696 11499) is running... uptime: 0 Days, 14:38:39 version: 1.10.0 # rgnldo Github Version=v1.09 Martineau update (Date Loaded by unbound_manager Fri May 1 20:07:14 DST 2020)

Not bad at all. Looks cleaner indeed Martineau. I will be leaving num-threads to 2 but i will go to unbound defaults which are 4mb per thread. This means each thread will have 4mb for each cache.

# no threads and no memory slabs for threads
num-threads: 2
msg-cache-slabs: 1
rrset-cache-slabs: 1
infra-cache-slabs: 1
key-cache-slabs: 1

# tiny memory cache / # prefetch / # gentle on recursion
extended-statistics: yes                        # v1.06 Martineau for @juched GUI TAB
cache-min-ttl: 300
outgoing-range: 450
num-queries-per-thread: 256
edns-buffer-size: 1232
max-udp-size: 1232
harden-algo-downgrade: yes
harden-referral-path: yes
harden-large-queries: yes
harden-short-bufsize: yes
identity: "DNS"
use-caps-for-id: yes
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
aggressive-nsec: yes
ratelimit: 1000
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 3600
deny-any: yes

        unbound Memory/Cache:

        'key-cache-size:'       4194304 (4.00 MB)
        'msg-cache-size:'       4194304 (4.00 MB)       27% used 1164354        (1.11 MB)
        'rrset-cache-size:'     4194304 (4.00 MB)       28% used 1190198        (1.14 MB)

No doubt you are diligently measuring the effects of your tweaks? and it is your prerogative to decide on the settings appropriate for your environment.

However, I'm not saying that the vendor's notes were written with routers in mind, but two of your choices seemingly contradict their published Optimise recommendations (although I haven't recently waded thru' the User Group posts to see if their advice has changed with respect to routers)

i.e.

Set *-slabs to a power of 2 close to the num-threads value.
Do this for msg-cache-slabs, rrset-cache-slabs, infra-cache-slabs and key-cache-slabs. This reduces lock contention.

Increase the memory size of the cache.
Use roughly twice as much rrset cache memory as you use msg cache memory.

 

[Safemode]

No doubt you are diligently measuring the effects of your tweaks? and it is your prerogative to decide on the settings appropriate for your environment.

However, I'm not saying that the vendor's notes were written with routers in mind, but two of your choices seemingly contradict their published Optimise recommendations (although I haven't recently waded thru' the User Group posts to see if their advice has changed with respect to routers)

i.e.

Set *-slabs to a power of 2 close to the num-threads value.
Do this for msg-cache-slabs, rrset-cache-slabs, infra-cache-slabs and key-cache-slabs. This reduces lock contention.

Increase the memory size of the cache.
Use roughly twice as much rrset cache memory as you use msg cache memory.

I see your point but i'm going by the optimised forked operation:

Forked operation

Unbound has a unique mode where it can operate without threading. This can be useful if libevent fails on the platform, for extra performance, or for creating walls between the cores so that one cannot poison another.

To compile for forked operation, before compilation use ./configure --without-pthreads --without-solaris-threads to disable threads and enable forked operation. Because no locking has to be done, the code speeds up (about 10 to 20%).

In the config file, num-threads still specifies the number of cores you want to use (even though it uses processes and not threads). And note that the outgoing-range and cache memory values are all per thread. This means that much more memory is used, as every core uses its own cache. Because every core has its own cache, if one gets cache poisoned, the others are not affected.

# with forked operation
server:
    # use all CPUs
    num-threads: <number of cores>

    msg-cache-slabs: 1
    rrset-cache-slabs: 1
    infra-cache-slabs: 1
    key-cache-slabs: 1

    # more cache memory, rrset=msg*2
    # total usage is 150m*cores
    rrset-cache-size: 100m
    msg-cache-size: 50m

    # does not depend on number of cores
    outgoing-range: 950
    num-queries-per-thread: 512

    # Larger socket buffer.  OS may need config.
    so-rcvbuf: 4m

Because every process is using at most 1024 file descriptors now, the effective maximum is the number of cores * 1024. The config above uses 950 per process, for 4 processes gives a respectable 3800 sockets. The number of queries per thread is half the number of sockets, to guarantee that every query can get a socket, and some to spare for queries-for-nameservers.

Using forked operation together with libevent is also possible. It may be useful to force the OS to service the filedescriptors for different processes, instead of threads. This may have (radically) different performance if the underlying network stack uses (slow) lookup structures per-process.

Also, last time i had unbound running for almost 1 month my cache never reached 4mb with single thread. My configuration at the time was exactly as the forked version and my cache rate was well over 90%.

 

[tomsk]

I see your point but i'm going by the optimised forked operation:

Forked operation

Unbound has a unique mode where it can operate without threading. This can be useful if libevent fails on the platform, for extra performance, or for creating walls between the cores so that one cannot poison another.

To compile for forked operation, before compilation use ./configure --without-pthreads --without-solaris-threads to disable threads and enable forked operation. Because no locking has to be done, the code speeds up (about 10 to 20%).

In the config file, num-threads still specifies the number of cores you want to use (even though it uses processes and not threads). And note that the outgoing-range and cache memory values are all per thread. This means that much more memory is used, as every core uses its own cache. Because every core has its own cache, if one gets cache poisoned, the others are not affected.

# with forked operation
server:
    # use all CPUs
    num-threads: <number of cores>

    msg-cache-slabs: 1
    rrset-cache-slabs: 1
    infra-cache-slabs: 1
    key-cache-slabs: 1

    # more cache memory, rrset=msg*2
    # total usage is 150m*cores
    rrset-cache-size: 100m
    msg-cache-size: 50m

    # does not depend on number of cores
    outgoing-range: 950
    num-queries-per-thread: 512

    # Larger socket buffer.  OS may need config.
    so-rcvbuf: 4m

Because every process is using at most 1024 file descriptors now, the effective maximum is the number of cores * 1024. The config above uses 950 per process, for 4 processes gives a respectable 3800 sockets. The number of queries per thread is half the number of sockets, to guarantee that every query can get a socket, and some to spare for queries-for-nameservers.

Using forked operation together with libevent is also possible. It may be useful to force the OS to service the filedescriptors for different processes, instead of threads. This may have (radically) different performance if the underlying network stack uses (slow) lookup structures per-process.

Also, last time i had unbound running for almost 1 month my cache never reached 4mb with single thread. My configuration at the time was exactly as the forked version and my cache rate was well over 90%.

the entware unbound is compiled for threading isn't it?

 

[dave14305]

the entware unbound is compiled for threading isn't it?

--without-pthreads --without-solaris-threads --without-libevent

 

[tomsk]

--without-pthreads --without-solaris-threads --without-libevent

Ah unbound -V

all those thread0 thread1 reports confused me

 

[bluzfanmr1]

Yesterday I came back to unbound from NextDNS and installed it via the one line method and not through amtm. I am using the default unbound.conf file. After just under 20 hours my cache hits success rate is 99%. That can't be right can it? Seems odd that I went from being unable to get higher than 50% and now I'm at nearly 100%. I am going to dig into this later today when I have more time.

total.num.queries=909569        total.requestlist.exceeded=0
total.num.queries_ip_ratelimited=0    total.requestlist.current.all=0
total.num.cachehits=907772        total.requestlist.current.user=0
total.num.cachemiss=1797        total.recursion.time.avg=0.216086
total.num.prefetch=835            total.recursion.time.median=0.165271
total.num.expired=805            total.tcpusage=0
total.num.recursivereplies=1797        msg.cache.count=3231
total.requestlist.avg=1.03837        rrset.cache.count=9068
total.requestlist.max=18        infra.cache.count=2689
total.requestlist.overwritten=0        key.cache.count=557

Summary: Cache Hits success=99.00%

 

[dave14305]

My cash hit rate is low. I need to visit an ATM.

 

[kernol]

My cash hit rate is low. I need to visit an ATM.

Wish I had thought of that - nice easy quick fix ...

 

[m3a1]

Hi Guys any idea why i am getting the below error ? :

Bad address
[1588460622] unbound-checkconf[14383:0] fatal error: control-key-file: "(null)" does not exist
***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

Thank you!

 

[Mutzli]

My cash hit rate is low. I need to visit an ATM.

Hopefully the stimulus check from the IRS should help out with your low cash rate.