What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

After the rs & rl command on my RT-AC86U with 384.16_alpha1 firmware the *.cache.count remained close to the pre rs & rl values

Using option i saved my cache

The restorecache function after a manual reboot also worked

Many thanks




Sent from my iPad using Tapatalk
 
Last edited:
I noticed that if one has say 8 threads in their unbound.conf the cache hit success rate rarely goes north of 65-70%. When I go back to single thread the cache hit success rate goes well north of 75% and can go easily go into the high 90's with a bit of time.

Even though the AX88 settings with 8 threads and much increased memory cache buffers and EDNS buffers run just fine on an AC-5300 I havent seen any real speed increases over just a single threaded standard unbound.conf generated from a new install. Maybe thats just specific to the AC-5300 and not a reflection on whether an multithreaded and increased buffer/cache unbound.conf settings actually do increase speed on HND type routers. I think it could well be subjective as to perceived speed increase. Im happy to go back to single threaded and enjoy the 90 plus cache hit success rate on my AC-5300
 
Last edited:
I noticed that if one has say 8 threads in their unbound.conf the cache hit success rate rarely goes north of 65-70%. When I go back to single thread the cache hit success rate goes well north of 75% and can go easily go into the high 90's with a bit of time.

Even though the AX88 settings with 8 threads and much increased memory cache buffers and EDNS buffers run just fine on an AC-5300 I havent seen any real speed increases over just a single threaded standard unbound.conf generated from a new install. Maybe thats just specific to the AC-5300 and not a reflection on whether an multithreaded and increased buffer/cache unbound.conf settings actually do increase speed on HND type routers. I think it could well be subjective as to pereived speed increase. Im happy to go back to single threaded and enjoy the 90 plus cache hit success rate on my AC-5300

IMHO, each thread has its own cache, hence multiple threads take longer to work up to the desired high cache % hit rates?
Multi threading tried here, reverted back to single.:)
 
I noticed that if one has say 8 threads in their unbound.conf the cache hit success rate rarely goes north of 65-70%. When I go back to single thread the cache hit success rate goes well north of 75% and can go easily go into the high 90's with a bit of time.

Even though the AX88 settings with 8 threads and much increased memory cache buffers and EDNS buffers run just fine on an AC-5300 I havent seen any real speed increases over just a single threaded standard unbound.conf generated from a new install. Maybe thats just specific to the AC-5300 and not a reflection on whether an multithreaded and increased buffer/cache unbound.conf settings actually do increase speed on HND type routers. I think it could well be subjective as to pereived speed increase. Im happy to go back to single threaded and enjoy the 90 plus cache hit success rate on my AC-5300
IMHO, each thread has its own cache, hence multiple threads take longer to work up to the desired high cache % hit rates?
Multi threading tried here, reverted back to single.:)
+1 I tested thoroughly, and default values work the best all things considered.
 
Is there another setting that forces all requests on to port 853?

No, for the reason I just enumerated. It's not a matter of redirecting queries to port 853, it's about having them redirected to a middleware that may not be up and running, and some queries MUST be handled before that middleware can be up and running (like NTP requests), and those queries must also be free from any local stale caching (like any WAN monitoring).
 
+1 I tested thoroughly, and default values work the best all things considered.

I upgraded to Unbound Manager 2.12 this morning (RT-AC86U), did an "i" reinstall and I've also gone back to the latest install defaults (1 thread etc) after maxing out everything and probably tinkering way too much! :)

I think if anything DNS / page reload etc responsiveness has gotten faster again, which confirms what others have "felt" about slowdowns over time with some parameters tweaked ... not sure which one(s) make the difference though. Completely unscientific conclusion, only based on "mouth feel" ... are there better tools we can use to measure this over time?

Also, I see the new template for DNS-Over-TLS support but have no idea how to experiment.
Is this a new way of doing DOT as well (as we have to turn off the built-in Merlin version to use Unbound) or is it an alternative use to being a local recursive resolver?
 
Last edited:
Also, I see the new template for DNS-Over-TLS support but have no idea how to experiment.
Is this a new way of doing DOT as well (as we have to turn off the built-in Merlin version to use Unbound) or is it an alternative use to being a local recursive resolver?
I did not include a formal DoT menu option under '3 = Advanced Tools' as it is indeed experimental.

To enable unbound DoT
Code:
e  = Exit Script

A:Option ==> DoT

Do you want to ENABLE DoT with unbound?

    Warning: This will DISABLE being able to be your own trusted Recursive DNS Resolver

So, do you STILL want to ENABLE DoT with unbound?

    Reply 'y' or press [Enter]  to skip
y

    Enabling DoT with unbound now as a Forwarder.....

    unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

   Shutting down unbound...              done.
   Starting unbound...              done.
then to check (I don't have IPv6 so only the IPv4 servers are configured)
Code:
e  = Exit Script

A:Option ==> ?

    Version=2.12
    Local                        md5=99c68c00413253ddb16a61608fcddd8a

<snip>

 Options:
 [✔] unbound Logging
 [✔] unbound CPU/Memory Performance tweaks
 [✔] DoT ENABLED. These third parties are used:
            1.1.1.1@853#cloudflare-dns.com
            1.0.0.1@853#cloudflare-dns.com
            9.9.9.9@853#dns.quad9.net
            149.112.112.112@853#dns.quad9.net
To disable unbound DoT issue
Code:
e  = Exit Script

A:Option ==> DoT disable

    unbound DoT disabled.
Obviously if there is a need to keep the DoT option, it may be prudent to allow selection of which DoT servers to use, or simply expect users to use the 'vx' option or 'unbound.postconf' to tweak the desired configuration.
 
@Martineau thanks for that explanation of Unbound DoT, will pass as I prefer the speed of the local recursive DNS resolver for now ... thanks for all your great work on this.
 
I'll take a look at your first issue tomorrow.

If either of the two files 'unbound.conf.add' or 'unbound.postconf' exist then there is no prompt to retain your current .conf, as it is assumed you are using the files to automatically (re)apply your custom tweaks.

I can't find either of the above files - and have no recollection of ever creating them.
Are they created manually - or is there an option to create them under menu item in unbound_manager?

Every application of the "i" option under ver 2.12 results in unbound.conf file being reset to defaults without a prompt to retain or overwrite?
Not sure if I am alone in experiencing this - if so ... I'll live with it ;-)
 
Every application of the "i" option under ver 2.12 results in unbound.conf file being reset to defaults without a prompt to retain or overwrite?
Not sure if I am alone in experiencing this - if so ... I'll live with it ;-)

I too get this behavior where it resets to defaults and I lose my cache.
 
I too get this behavior where it resets to defaults and I lose my cache.

When I run
Code:
unbound-control dump_cache
there are tons of entries so I guess I lose my stats but not my cache?
 
Thanks for this.
What dns servers are used when no entry in cache? - dns root servers
Does this still honour settings in dnsmasq.postconf ? - ?
 
Last edited:
When I run
Code:
unbound-control dump_cache
there are tons of entries so I guess I lose my stats but not my cache?
Correct. I don't think it is possible to retain the stats across an unbound restart/reload ('rs'/'rl')
 
I have spend a week running Unbound and it working well.

In order to have Unbound and amtm working smoothly one has to have WAN DoT enabled. Otherwise I noticed that amtm is unable to resolve addresses when one is trying to do amtm -> u. If I disable all WAN settings related to DNS - since Unbound is configured, I expected that everything would work, but it does not. At least for me with Others Settings->WAN: Use local cache=No this is the behaviour I can see.

I would expect that since we configured dnsmasq to use Unbound as DNS resolver that should work and there should be no need on WAN page to have anything enabled. My question is, is it possible to setup dnsmasq and Unbound is such way so
1. I keep WAN:Use local cache=No
2. Disable all settings on WAN page relates to DNS

cheers
 
I can't find either of the above files - and have no recollection of ever creating them.
Are they created manually - or is there an option to create them under menu item in unbound_manager?

Every application of the "i" option under ver 2.12 results in unbound.conf file being reset to defaults without a prompt to retain or overwrite?
Not sure if I am alone in experiencing this - if so ... I'll live with it ;-)
You would need to manually create either file in

'/opt/share/unbound/configs/'

However, I have pushed a single char hotfix to Github

upload_2020-2-23_18-2-28.png


to reinstate the prompt to retain the previous custom 'unbound.conf' :oops::oops::oops: (Use 'u' to retrieve the hotfix/script)

P.S. I suggest you always create a backup of your configuration using
Code:
vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
so if the 'i' command still goes wrong, you will be able to restore your custom configuration using the 'rl' command.

Abject apologies for the inconvenience caused by losing your tweaks.
 
Last edited:
What does this look like when you’re done? Post a screenshot.

If I disable WAN DoT as the router is running things work properly. But, if I do a reboot the Unbound is waiting for NTP to start. So I narrow it down to the fact that Asus NTP daemon is not able to resolve the address at this stage hence unbound.postconf will not execute at this time. I have confirmed that as the router was waiting for NTP during Unbound initial init script, I looked at dnsmasq.conf the there was not entry for the server=127.0.0.1@53535. I am running Asus NTP firmware.

This is why we need WAN DoT configured for the initial config/boot sequence. Also, since Unbound is waiting for NTP and did not executed script to update dnsmasq.conf nothing works. Internet is down and things like amtm cannot resolve to connect.

Makes me wonder how we can change that so dnsmasq and Unbound starts properly without waiting for NTP .

FIX

Configure Asus router NTP pool and specify IP address instead of URL. This way when Unbound is running through init boot and NTP is able to use the IP and it all works. Now, I have everything disabled in WAN and Unbound boots.

I dont now if this is desirable to specify NTP IP address instead of URL.
 
Last edited by a moderator:
If I disable WAN DoT as the router is running things work properly. But, if I do a reboot the Unbound is waiting for NTP to start. So I narrow it down to the fact that Asus NTP daemon is not able to resolve the address at this stage hence unbound.postconf will not execute at this time. I have confirmed that as the router was waiting for NTP during Unbound initial init script, I looked at dnsmasq.conf the there was not entry for the server=127.0.0.1@53535. I am running Asus NTP firmware.

This is why we need WAN DoT configured for the initial config/boot sequence. Also, since Unbound is waiting for NTP and did not executed script to update dnsmasq.conf nothing works. Internet is down and things like amtm cannot resolve to connect.

Makes me wonder how we can change that so dnsmasq and Unbound starts properly without waiting for NTP .

FIX

Configure Asus router NTP pool and specify IP address instead of URL. This way when Unbound is running through init boot and NTP is able to use the IP and it all works. Now, I have everything disabled in WAN and Unbound boots.

I dont now if this is desirable to specify NTP IP address instead of URL.
What are your normal (non-DoT) WAN DNS Settings? You should not need DoT enabled for the router to resolve names.

What does this look like on your router? Fields must be filled in if No.
upload_2020-2-23_15-0-41.png
 
Exactly as yours. I have a fresh install Skynet, Unbound and Scribe.

If I specify NTP as pool.ntp.org when Unbound boots with S61unbound script it waits for NTP. I see message in the unbound log waiting for NTP.

If all my setting s in WAN tab are empty/disabled it will not work. I am thinking it is happening because pool.ntp.org cannot resolve since there is not DNS specified. I had to enable DoT and have DoT DNS server entries. Then it would work.

Once I switch NTP from pool.ntp.org to IP address on Administration/System tab and disabled all WAN settings as in attached image everything is working.
 

Attachments

  • Screen Shot 2020-02-23 at 1.19.25 PM.jpg
    Screen Shot 2020-02-23 at 1.19.25 PM.jpg
    36.9 KB · Views: 167
I dont now if this is desirable to specify NTP IP address instead of URL.
Whatever. Leave the WAN like everything automatic and standard. Install the Unbound script and be happy. It's carnival in Brazil. :)
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top