What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Unbound low cache hit rate

John DeLuca

John DeLuca

Regular Contributor
Hello does anyone know why my unbound would be close to 40 cache misses I had a previous setup on my old router and I was close 90%+ hit rate. Could there be something wrong with my settings?
 
John DeLuca said:
Hello does anyone know why my unbound would be close to 40 cache misses I had a previous setup on my old router and I was close 90%+ hit rate. Could there be something wrong with my settings?
Click to expand...
I believe it has something to do with new 3.0.0.6 firmware and/or if using GuestNetworkPro:

Thread 'After upgrading to firmware version 3006 that Unbound's hit rate has decreased?' https://www.snbforums.com/threads/a...6-that-unbounds-hit-rate-has-decreased.95001/

I haven't used Unbound in a while so i cant help much. See similar post
 
It may also be related to the latest version of unbound package from Entware.
I have also lower cache percentage. The only change was update of Entware packages, without any changes to unbound.conf or firmware version.
 
Running latest here (1.23.0)

Screenshot 2025-07-31 at 9.00.41 AM.png
 
Unbound made changes to the way serve-expired is now handled.

By default, the serve-expired-ttl is now 86400 seconds (rather than 0 - ie infinite), and serve-expired-client-timeout is now 1800ms (Time in milliseconds before replying to the client with expired data. This essentially enables the serve-stale behavior as specified in RFC 8767 that first tries to resolve before immediately responding with expired data. Setting this to 0 will disable this behavior and instead serve the expired record immediately from the cache before attempting to refresh it via resolution.)

This means if DNS can’t resolve with a “clean” reply within 1800ms it will then (and only then) serve the expired/cached reply.
 
Gary_Dexter said:
Unbound made changes to the way serve-expired is now handled.

By default, the serve-expired-ttl is now 86400 seconds (rather than 0 - ie infinite), and serve-expired-client-timeout is now 1800ms (Time in milliseconds before replying to the client with expired data. This essentially enables the serve-stale behavior as specified in RFC 8767 that first tries to resolve before immediately responding with expired data. Setting this to 0 will disable this behavior and instead serve the expired record immediately from the cache before attempting to refresh it via resolution.)

This means if DNS can’t resolve with a “clean” reply within 1800ms it will then (and only then) serve the expired/cached reply.
Click to expand...
Thank you for reply.
În my case I checked the backup of Unbound.conf before update to 1.23.0 and is the same with the current. In both I have:

Code: 
serve-expired: yes
serve-expired-ttl: 86400
 
Gary_Dexter said:
You need to override this one and set to 0 in your config, otherwise it will default to 1800ms:

serve-expired-client-timeout: 0
Click to expand...
That setting is not part of the default unbound.conf file, at least ours here. Does that mean it needs to be added?
 
Gary_Dexter said:
You need to override this one and set to 0 in your config, otherwise it will default to 1800ms:

serve-expired-client-timeout: 0
Click to expand...
Thank you very much! This fixed my cache percentage. Now I am on max (83.5%) of last 7 days running unbound 1.23.0.
Thank you very much @John DeLuca for this thread.
 

Attachments

  • X.png
    X.png
    26.8 KB · Views: 11
dave14305 said:
Is anyone even bothered by the idea that — for unknown reasons — you’re forced to serve expired DNS records to maintain an artificial cache hit rate?

Why aren’t these records refreshing themselves?
Click to expand...
Yes, and now I'm having trouble sleeping because of this. Thank you very much!!
 
I am glad someone raised this point :)

Cache hits is not an absolute measure that Unbound is working 'Well'.

It is possible that your cache hits are lower because you happen to be accessing a large, varied and mostly distinct set of addresses.

Cache hits is a measure of how varied your DNS requests are ... If most people are accessing a small number of addresses regularly the cache hits will be 'Higher' otherwise 'Lower'.

A better measure of 'performance' is available by looking at the Unbound stats (See example below)

Unbound-stats-example.jpg


Unbound supports serving expired records following the RFC 8767 guidelines or if you set 'serve-expired-client-timeout: 0' it serves the cached 'expired' record immediately, before attempting normal resolution, this may increase client-side performance BUT is against the desirable intent of RFC 8767 to return expired answers ONLY as fallback for normal resolution.

See (from the Unbound Docs) ==> Serving Stale Data
 
dave14305 said:
Is anyone even bothered by the idea that — for unknown reasons — you’re forced to serve expired DNS records to maintain an artificial cache hit rate?

Why aren’t these records refreshing themselves?
Click to expand...
My understanding of Unbound was that it manages when to know to look for a refreshed record and that it doesn't need to look every single time. To me, it looked like the change was causing a lookup just about every time, slowing down DNS resolution on the network, and making Unbound like any other DNS option. When Unbound became an option here, we posted our Cache Hit % as a badge of honor. Perhaps that thinking is wrong or outdated nowadays?
 
You must log in or register to reply here.

Similar threads

aru
Unbound After upgrading to firmware version 3006 that Unbound's hit rate has decreased?
Replies
16
Views
863
aru
aru
muffintastic
Unbound Force all DNS requests through Unbound using iptables?
Replies
18
Views
2K
aru
aru
M
ASUS GT-AXE16000 Pihole+Unbound
Replies
9
Views
837
mustardquail
M
S
AdguardHome + Unbound on Pi4 Correct DNS settings
Replies
6
Views
2K
sammyano
S
Q
Problems unbound reverse proxy
Replies
2
Views
987
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
Jack-Sparr0w Unbound Unbound first install questions? Asuswrt-Merlin AddOns 1
Jack-Sparr0w Unbound Harden Unbound Asuswrt-Merlin AddOns 13
Jack-Sparr0w Unbound Unbound Tuning for gaming Asuswrt-Merlin AddOns 31
aru Unbound After upgrading to firmware version 3006 that Unbound's hit rate has decreased? Asuswrt-Merlin AddOns 16
sentinelvdx Unbound Setup Unbound to work with Diversion and ASUS DDNS Asuswrt-Merlin AddOns 3
Jack-Sparr0w Does this look right for Nord VPN Unbound setup, the extra address worked Asuswrt-Merlin AddOns 22
Jack-Sparr0w How to use forward-zone in Unbound? Asuswrt-Merlin AddOns 1
Jack-Sparr0w Is it possible to add more addresses in unbound dns firewall? Asuswrt-Merlin AddOns 7
Jack-Sparr0w Unbound Redirect Internet traffic through tunnel best setting for unbound dns and vpn Asuswrt-Merlin AddOns 3
Gen10 Unbound unable to resolve certain domains (DNS address could not be found. Diagnosing the problem. DNS_PROBE_POSSIBLE) Asuswrt-Merlin AddOns 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 828 (members: 30, guests: 798)
Back
Top