What's new

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Hello! I am a noob regarding Unbound/DNS and I am curious as if using it would provide a benefit in terms of performance. I live in Patagonia, very far "down" in South America. This is the bottom of the world... specially in terms of internet service. Getting a few Mbps is a miracle here and I am trying to squeeze as much I can from the limited bandwidth I have. My router is an AC68U.
Will installing unbound provide some relief by caching DNS queries? Does the default configuration provide that or should I modify the server and interface to match my configuration.

I was looking at this post and the basic minimal configuration it presents, which is different than what is installed by AMTM's unbound installer.



Or, am I using a cannon to kill a mosquito and a simpler solution would do for my minimalistic needs? Any comments appreciated!
I might be inclined to think that since you are geographically so far away from most of the internet (as I think of it), you might be better served by local ISP DNS servers that would point you to closer CDN caches and DNS caches. But only testing and experimentation will say for sure.
 
loading...

adgen.gif
 
Hello! I am a noob regarding Unbound/DNS and I am curious as if using it would provide a benefit in terms of performance. I live in Patagonia, very far "down" in South America. This is the bottom of the world... specially in terms of internet service. Getting a few Mbps is a miracle here and I am trying to squeeze as much I can from the limited bandwidth I have. My router is an AC68U.
Will installing unbound provide some relief by caching DNS queries? Does the default configuration provide that or should I modify the server and interface to match my configuration.

I was looking at this post and the basic minimal configuration it presents, which is different than what is installed by AMTM's unbound installer.



Or, am I using a cannon to kill a mosquito and a simpler solution would do for my minimalistic needs? Any comments appreciated!
DNS resolvers improve the response time between the domain and the client. DNS resolvers will not resolve latency issues, etc. Between you accessing a website, in addition to name resolution, there is data to be loaded. From what I understand, the acquisition of bandwidth is essential.
I know how your problem is. In Brazil, there are places in the Amazon that have the same problem as yours. Unfortunately PTT and quality backbones only for profitable routes.
 
Thanks Reginaldo, I thought you might be from Brazil now I am sure! I had an IBM colleague from Brazil with the same first name, you made me remember him...

I live in Bariloche... (or "Brasiloche" as we call it during the winter season ;)). My connection is a nominal 6 Mbps but in reality with the quarantine nowadays I am getting less than one... to the point I can see the browser going through all steps.... waiting for domain name server... loading... blah blah... a slow process. And now that I think of it, the browser also does have some level of caching DNS entries, and still pages load at a crawl.

For sure the only real solution is more bandwidth, and I am hoping to get fiber to the home very soon but even that service has a very limited bandwidth compared to what you get in large cities and since we only have one fiber reaching the town it's very congested and latency is abysmal.
So I take your response to mean that maybe Unbound is not going to help too much. So far it's installed, no ill consequences. Feels a bit faster but I don't have stats or numbers to prove it.

DNS resolvers improve the response time between the domain and the client. DNS resolvers will not resolve latency issues, etc. Between you accessing a website, in addition to name resolution, there is data to be loaded. From what I understand, the acquisition of bandwidth is essential.
I know how your problem is. In Brazil, there are places in the Amazon that have the same problem as yours. Unfortunately PTT and quality backbones only for profitable routes.
 
I have a question about dnscrypt. I have installed Skynet, Unbound dns and Diversion.
Do I need to install dnscrypt? (Or something else)

I would like to use the most secure DNS configuration with a minimal of adds.

Thanks!

ONEPLUS 5T with Tapatalk
 
Thanks Reginaldo, I thought you might be from Brazil now I am sure! I had an IBM colleague from Brazil with the same first name, you made me remember him...
The great Brazilian developer of FW Advanced Tomato is from IBM Brazil as well. My brother AndreDVJ.
connection is a nominal 6 Mbps but in reality with the quarantine nowadays I am getting less than one... to the point I can see the browser going through all steps.
There is an improvisation, configure QoS and prioritize the navigation of websites.

I live in Bariloche... (or "Brasiloche" as we call it during the winter season ;)).
Nice! Many landscapes ;)
 
Last edited:
The great Brazilian developer of FW Advanced Tomato is from IBM Brazil as well. My brother AndreDVJ.
Cool! I left IBM 16 years ago though.... don't recognize the name!
Thanks for your comments! Yes, adjusting QOS is a helpful idea. Take care and stay safe R.!
 
I am wondering if my unbound is working correct...
Currently I am running Merlin 384.16 on an AC86U, Unbound Manager 3.02, unbound version 1.10.0., Router IP is 192.168.1.1, IP of my Mac is 192.168.1.15.

Using Terminal-App on my Mac and typing the command "dig" I am not sure about a results:
If I dig a page the first time, query time is for example 250 msec. If I dig the same page the second time, query time is always about 95 msec. But I thought that getting the DNS from the cache should be faster (<1 msec).
I also changed the following line in the unbound.conf to include the Router an the Clients:
access-control: 192.168.0.0/24 allow. ---> access-control: 192.168.0.0/16 allow
But this didn't improve the situation.

Any idea where I should look at?
 
I am wondering if my unbound is working correct...
Currently I am running Merlin 384.16 on an AC86U, Unbound Manager 3.02, unbound version 1.10.0., Router IP is 192.168.1.1, IP of my Mac is 192.168.1.15.

Using Terminal-App on my Mac and typing the command "dig" I am not sure about a results:
If I dig a page the first time, query time is for example 250 msec. If I dig the same page the second time, query time is always about 95 msec. But I thought that getting the DNS from the cache should be faster (<1 msec).
I also changed the following line in the unbound.conf to include the Router an the Clients:
access-control: 192.168.0.0/24 allow. ---> access-control: 192.168.0.0/16 allow
But this didn't improve the situation.

Any idea where I should look at?
You do not need the extra access-control because your clients do not communicate directly with Unbound. They communicate with dnsmasq which in turn communicates with unbound.

Be sure you are testing with a hostname that has a long enough TTL so that it doesn’t expire between dig commands. Post the output of 2 commands. It might be that the DNSSEC records are cached but the rest expires and must be refetched (just guessing).
 
Here ist the first one:

Code:
Christians-MBP:~ chris$ dig www.daimler.de

; <<>> DiG 9.10.6 <<>> www.daimler.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55380
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.daimler.de.            IN    A

;; ANSWER SECTION:
www.daimler.de.        3600    IN    CNAME    daimler.com.
daimler.com.        217    IN    A    141.113.99.106

;; Query time: 147 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Apr 13 23:02:58 CEST 2020
;; MSG SIZE  rcvd: 84

here ist the second run:
Code:
Christians-MBP:~ chris$ dig www.daimler.de

; <<>> DiG 9.10.6 <<>> www.daimler.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30545
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.daimler.de.            IN    A

;; ANSWER SECTION:
www.daimler.de.        3584    IN    CNAME    daimler.com.
daimler.com.        201    IN    A    141.113.99.106

;; Query time: 100 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Apr 13 23:03:14 CEST 2020
;; MSG SIZE  rcvd: 84

I never reached a query time <90 msec - even if I use the dig command directly twice...
 
dig within the Router (SSH Terminal) seems to work:
Code:
Administrator@RT-AC86U-6A50:/tmp/home/root# dig www.daimler.de @127.0.0.1

; <<>> DiG 9.14.8 <<>> www.daimler.de @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32203
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.daimler.de.            IN    A

;; ANSWER SECTION:
www.daimler.de.        2267    IN    CNAME    daimler.com.
daimler.com.        2616    IN    A    141.113.99.106

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 13 23:25:11 CEST 2020
;; MSG SIZE  rcvd: 84

But why is the query time much longer if I use the dig command in the "conventional" Terminal?
 
dig within the Router (SSH Terminal) seems to work:
Code:
Administrator@RT-AC86U-6A50:/tmp/home/root# dig www.daimler.de @127.0.0.1

; <<>> DiG 9.14.8 <<>> www.daimler.de @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32203
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.daimler.de.            IN    A

;; ANSWER SECTION:
www.daimler.de.        2267    IN    CNAME    daimler.com.
daimler.com.        2616    IN    A    141.113.99.106

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 13 23:25:11 CEST 2020
;; MSG SIZE  rcvd: 84

But why is the query time much longer if I use the dig command in the "conventional" Terminal?

send your unbound.conf
 
Code:
# rgnldo Github Version=v1.09 Martineau update (Date Loaded by unbound_manager Mon Apr 13 22:05:40 CEST 2020)
# v1.09 Martineau - Change  rpz 'zonefile:' must match @jusched's external script (see 'unbound_rpz.sh'/'rpzsites')
# v1.08 Martineau - Change  'cache-max-ttl: 21600' and 'cache-min-ttl: 5 to 14400/1200'
#                 - Change  'control-use-cert: no' "Fast Menu" ENABLED by default
#                 - Add     Template for bypassing dnsmasq (port=0) for LAN devices DNS requests (@juched's Extended Statistics GUI)
#                 - Add     '#Stubby' and '#DoT' edit markers for unbound_manager - Hack
#                 - Add     'outgoing-interface:' template
#                 - Add     'rpz' feature (requires respip module) introduced unbound v1.10.0 https://dnsrpz.info/ (@juched example)
# v1.07 Martineau - Add     'control-use-cert:' "Fast Menu" template
# v1.06 Martineau - Add     'extended-statistics:' template
# v1.05 Martineau - Add     'DNS-Over-TLS support' & 'so-rcvbuf:' templates
#                   Remove  'prefetch:' & 'prefetch-key:' duplicates - Thanks @Safemode
# v1.04 Martineau - Change  'ip-ratelimit:'
# v1.03 Martineau - Remove  'dns64-prefix:' and 'module-config: "dns64 ..."' from auto ENABLE if IPv6 detected
# v1.02 Martineau - Add     '#use-syslog:' '#log-local-actions:' '#log-tag-queryreply:' Option placeholders
# v1.01 Martineau - Add     'auth-zone:', 'edns-buffer-size:' log-time-ascii: 'log-servfail:' IPv6 'dns64-prefix:' and 'module-config: "dns64 ..."'
#                   Change  'interface: 0.0.0.0' to 'interface: 127.0.0.1@53535'
#                   Add     If IPv6 detected, auto ENABLE 'dns64-prefix:' and modify to include 'module-config: "dns64 ..."'
#-----------------------------------------------------------------------------------------------------------------------------------

server:

##@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53535                                 # v1.08 If 53 (Requires 'port=0' in '/etc/dnsmasq.conf') to answer queries direct from LAN clients
interface: 127.0.0.1@53535                  # v1.01 as per @dave14305 minimal config
#port: 53 #NOdnsmasq                        # v1.08 https://www.snbforums.com/threads/unbound-gui-stats-including-top-blocked-top-replies-todays-replies.63188/
#interface: 0.0.0.0
#interface: 127.0.0.1@53
#access-control: 0.0.0.0/0 allow
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

#outgoing-interface: xxx.xxx.xxx.xxx        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
#log-queries: yes
#log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Let scribe/syslog-ng handle the log as it gets erased daily if Ad Block enabled :-(
#log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

module-config: "respip validator iterator"  # v1.08 add 'respip' for rpz feature @juched

access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/16 allow
access-control: 192.168.0.0/24 allow

# RFC1918 private IP address - Protects against DNS Rebinding
private-address: 127.0.0.0/8
private-address: 169.254.0.0/16
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16

do-ip4: yes
do-udp: yes
do-tcp: yes

#########################################
# integration IPV6
#
do-ip6: no
# do-ip6: yes
# interface: ::0
# access-control: ::0/0 refuse
# access-control: ::1 allow
# private-address: fd00::/8
# private-address: fe80::/10
#########################################
#module-config: "dns64 respip validator iterator"      # v1.08 v1.03 v1.01 perform a query against AAAA record exists
#dns64-prefix: 64:FF9B::/96                            # v1.03 v1.01

tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"     # v1.01 as per @dave14305 minimal config

# no threads and no memory slabs for threads
num-threads: 1
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2


# tiny memory cache
extended-statistics: yes                        # v1.06 Martineau for @juched GUI TAB
key-cache-size: 8m
msg-cache-size: 8m
rrset-cache-size: 16m
cache-max-ttl: 14400                            # v1.08 Martineau
cache-min-ttl: 1200                             # v1.08 Martineau
# prefetch
prefetch: yes
prefetch-key: yes
minimal-responses: yes
serve-expired: yes
serve-expired-ttl: 3600
incoming-num-tcp: 600
outgoing-num-tcp: 100
ip-ratelimit: 0                                  # v1.04 as per @L&LD as it impacts ipleak.net?
edns-buffer-size: 1472                           # v1.01 as per @dave14305 minimal config

# Ensure kernel buffer is large enough to not lose messages in traffic spikes
#so-rcvbuf: 1m                                   # v1.05 Martineau see DEFAULT /proc/sys/net/core/rmem_default

#########################################
# Options for integration with TCP/TLS Stubby
# udp-upstream-without-downstream: yes
#########################################

# gentle on recursion
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
qname-minimisation: yes
harden-glue: yes
harden-below-nxdomain: yes
rrset-roundrobin: yes
aggressive-nsec: yes
deny-any: yes

# Self jail Unbound with user "nobody" to /var/lib/unbound
username: "nobody"
directory: "/opt/var/lib/unbound"
chroot: "/opt/var/lib/unbound"

# The pid file
pidfile: "/opt/var/run/unbound.pid"

# ROOT Server's
root-hints: "/opt/var/lib/unbound/root.hints"

# DNSSEC
auto-trust-anchor-file: "/opt/var/lib/unbound/root.key"

#########################################
# Adblock blacklist
include: /opt/var/lib/unbound/adblock/adservers
#include: /opt/var/lib/unbound/adblock/firefox_DOH
#########################################

remote-control:
control-enable: yes
control-use-cert: no                            # v1.08 Default "Fast Menu" ENABLED v1.07 Martineau "Fast Menu"
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/opt/var/lib/unbound/unbound_server.key"
server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
control-key-file: "/opt/var/lib/unbound/unbound_control.key"
control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"

##########################################
#forward-zone:#Stubby                         # v1.08 Add #Stubby edit marker
#name: "."
#forward-addr: 127.0.1.1@5453
#forward-addr: 0::1@5453 # integration IPV6
#########################################

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
#forward-zone:#DoT                                                    # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
#name: "."
#forward-tls-upstream: yes
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@



# v1.01 Added the following
auth-zone:
       name: "."
       url: "https://www.internic.net/domain/root.zone"
       fallback-enabled: yes
       for-downstream: no
       for-upstream: yes
       zonefile: root.zone

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
# v1.08 Example rpz ( see https://medium.com/nlnetlabs/response-policy-zones-in-unbound-5d453de75f26)
# Uses @juched's script so until NLLabs fix the 'url:' download issue - assume the zonefile will be downloaded externally
#      and an external cron job will update the DNS Firewall every 00:15 minutes
#
#rpz:#RPZ                                                             # v1.08 DNS Firewall
#name: rpz.urlhaus.abuse.ch
#url: "http://urlhaus.abuse.ch/downloads/rpz/"
#zonefile: "rpz.urlhaus.abuse.ch.zone"                                # v1.09 Match @juched's 'rpzsites'
#rpz-log: yes
#rpz-log-name: "rpz.urlhaus.abuse.ch"
#rpz-action-override: nxdomain
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Sorry but I am a so called "noob" - don't know how to get the file out of the router to send it here...
 
dig within the Router (SSH Terminal) seems to work:
Code:
Administrator@RT-AC86U-6A50:/tmp/home/root# dig www.daimler.de @127.0.0.1

; <<>> DiG 9.14.8 <<>> www.daimler.de @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32203
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.daimler.de.            IN    A

;; ANSWER SECTION:
www.daimler.de.        2267    IN    CNAME    daimler.com.
daimler.com.        2616    IN    A    141.113.99.106

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 13 23:25:11 CEST 2020
;; MSG SIZE  rcvd: 84

But why is the query time much longer if I use the dig command in the "conventional" Terminal?
This shows that unbound is indeed caching the response, so I would look into the latency between the MBP and the router.
 
This shows that unbound is indeed caching the response, so I would look into the latency between the MBP and the router.
Yes you are right - I get the same results when I connect via wired LAN instead of WLAN.
So the problem might be the Mac? Or is there anything that has to be changed in the router?
I changed the following points like suggested - anything missing that can cause that offset of 100msec?

Code:
[✔] Swapfile=2097148 kB
    [✔] DNS Filter=ON
    [✔] DNS Filter=ROUTER
    [✔] WAN: Use local caching DNS server as system resolver=NO
    [✔] Enable local NTP server=YES
    [✔] Enable DNS Rebind protection=NO
    [✔] Enable DNSSEC support=NO

    Options:

    [✔] Ad and Tracker Blocking (No. of Adblock domains=54290,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED

    unbound Memory/Cache:

    'key-cache-size:'    14501888 (13.83m)
    'msg-cache-size:'    14501888 (13.83m)
    'rrset-cache-size:'    19335850 (18.44m)
 
send
Code:
cat /etc/dnsmasq

and

Code:
unbound-control stats_noreset
 
Yes you are right - I get the same results when I connect via wired LAN instead of WLAN.
So the problem might be the Mac? Or is there anything that has to be changed in the router?
I changed the following points like suggested - anything missing that can cause that offset of 100msec?

Code:
[✔] Swapfile=2097148 kB
    [✔] DNS Filter=ON
    [✔] DNS Filter=ROUTER
    [✔] WAN: Use local caching DNS server as system resolver=NO
    [✔] Enable local NTP server=YES
    [✔] Enable DNS Rebind protection=NO
    [✔] Enable DNSSEC support=NO

    Options:

    [✔] Ad and Tracker Blocking (No. of Adblock domains=54290,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED

    unbound Memory/Cache:

    'key-cache-size:'    14501888 (13.83m)
    'msg-cache-size:'    14501888 (13.83m)
    'rrset-cache-size:'    19335850 (18.44m)
Now you’re dealing with WiFi performance, which can’t be mitigated with Unbound settings. The more WiFi devices, the more potential delays. Check for any conflicting WiFi signals from neighbors encroaching on your chosen channel. Beyond that, it’s above my skillset.
 
Now you’re dealing with WiFi performance, which can’t be mitigated with Unbound settings. The more WiFi devices, the more potential delays. Check for any conflicting WiFi signals from neighbors encroaching on your chosen channel. Beyond that, it’s above my skillset.

@Chris0815
Download the free Wifi Explorer Lite so you can see the channels being used around you. Change your channels and test to see how things run on each one. You can also use the Mac's Wireless Diagnostics Scan feature and it will recommend channels to use for both 2.4 and 5 GHz.
 
cat /etc/dnsmasq
Code:
Administrator@RT-AC86U-6A50:/tmp/home/root# cat /etc/dnsmasq
cat: can't open '/etc/dnsmasq': No such file or directory
Seems that you are digging in the right direction... I suppose that is not good!

unbound-control stats_noreset
Code:
Administrator@RT-AC86U-6A50:/tmp/home/root# unbound-control stats_noreset
thread0.num.queries=907
thread0.num.queries_ip_ratelimited=0
thread0.num.cachehits=651
thread0.num.cachemiss=256
thread0.num.prefetch=133
thread0.num.expired=123
thread0.num.recursivereplies=256
thread0.requestlist.avg=0.730077
thread0.requestlist.max=13
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.148862
thread0.recursion.time.median=0.0988241
thread0.tcpusage=0
total.num.queries=907
total.num.queries_ip_ratelimited=0
total.num.cachehits=651
total.num.cachemiss=256
total.num.prefetch=133
total.num.expired=123
total.num.recursivereplies=256
total.requestlist.avg=0.730077
total.requestlist.max=13
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.148862
total.recursion.time.median=0.0988241
total.tcpusage=0
time.now=1586818917.326824
time.up=10561.863618
time.elapsed=10561.863618
mem.cache.rrset=1131671
mem.cache.message=310091
mem.mod.iterator=16556
mem.mod.validator=119271
mem.mod.respip=0
mem.streamwait=0
histogram.000000.000000.to.000000.000001=17
histogram.000000.000001.to.000000.000002=0
histogram.000000.000002.to.000000.000004=0
histogram.000000.000004.to.000000.000008=0
histogram.000000.000008.to.000000.000016=0
histogram.000000.000016.to.000000.000032=0
histogram.000000.000032.to.000000.000064=0
histogram.000000.000064.to.000000.000128=0
histogram.000000.000128.to.000000.000256=0
histogram.000000.000256.to.000000.000512=0
histogram.000000.000512.to.000000.001024=0
histogram.000000.001024.to.000000.002048=0
histogram.000000.002048.to.000000.004096=0
histogram.000000.004096.to.000000.008192=0
histogram.000000.008192.to.000000.016384=0
histogram.000000.016384.to.000000.032768=30
histogram.000000.032768.to.000000.065536=49
histogram.000000.065536.to.000000.131072=63
histogram.000000.131072.to.000000.262144=61
histogram.000000.262144.to.000000.524288=26
histogram.000000.524288.to.000001.000000=7
histogram.000001.000000.to.000002.000000=3
histogram.000002.000000.to.000004.000000=0
histogram.000004.000000.to.000008.000000=0
histogram.000008.000000.to.000016.000000=0
histogram.000016.000000.to.000032.000000=0
histogram.000032.000000.to.000064.000000=0
histogram.000064.000000.to.000128.000000=0
histogram.000128.000000.to.000256.000000=0
histogram.000256.000000.to.000512.000000=0
histogram.000512.000000.to.001024.000000=0
histogram.001024.000000.to.002048.000000=0
histogram.002048.000000.to.004096.000000=0
histogram.004096.000000.to.008192.000000=0
histogram.008192.000000.to.016384.000000=0
histogram.016384.000000.to.032768.000000=0
histogram.032768.000000.to.065536.000000=0
histogram.065536.000000.to.131072.000000=0
histogram.131072.000000.to.262144.000000=0
histogram.262144.000000.to.524288.000000=0
num.query.type.A=897
num.query.type.SOA=3
num.query.type.PTR=5
num.query.type.TXT=1
num.query.type.AAAA=1
num.query.class.IN=907
num.query.opcode.QUERY=907
num.query.tcp=0
num.query.tcpout=17
num.query.tls=0
num.query.tls.resume=0
num.query.ipv6=0
num.query.flags.QR=0
num.query.flags.AA=0
num.query.flags.TC=0
num.query.flags.RD=907
num.query.flags.RA=0
num.query.flags.Z=0
num.query.flags.AD=61
num.query.flags.CD=0
num.query.edns.present=61
num.query.edns.DO=0
num.answer.rcode.NOERROR=553
num.answer.rcode.FORMERR=0
num.answer.rcode.SERVFAIL=0
num.answer.rcode.NXDOMAIN=707
num.answer.rcode.NOTIMPL=0
num.answer.rcode.REFUSED=0
num.answer.rcode.nodata=3
num.query.ratelimited=0
num.answer.secure=48
num.answer.bogus=0
num.rrset.bogus=0
num.query.aggressive.NOERROR=0
num.query.aggressive.NXDOMAIN=0
unwanted.queries=0
unwanted.replies=0
msg.cache.count=1023
rrset.cache.count=4053
infra.cache.count=680
key.cache.count=143
num.query.authzone.up=5
num.query.authzone.down=0

Now you’re dealing with WiFi performance, which can’t be mitigated with Unbound settings. The more WiFi devices, the more potential delays. Check for any conflicting WiFi signals from neighbors encroaching on your chosen channel. Beyond that, it’s above my skillset.
Sorry for the confusion, just wanted to say that wired LAN and WLAN leads to the same results.
 
Status
Not open for further replies.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top