What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Unbound Unbound Tuning for gaming

Jack-Sparr0w said:
line 83: IPV6 section is # edns-buffer-size: 1232

line 119: which is part of ipv4 is edns-buffer-size: 1472

Router mtu is 1500
Click to expand...
Perhaps running two instances of Unbound (one for ipv4 and one for ipv6) would push the optimizations to maximum, might achieve even higher hit rate this way.

Edit: I consulted this with AI, it obviously agrees that running two instances will be better.
Judgement day ain't happening anytime soon.
 
Last edited:
This is the same member whose superior Skynet blocklist blocked Ookla speedtest servers.
Once again, onto my ignore list 🤬
 
Tech9 said:
Still going? This is the longest useless thread I've seen on SNB Forums.
Click to expand...
I think there's actually a bunch more settings we still need to cover. Can't wait!
 
Anything under 1400 stops Open VPN bind from working, I tried 1368 and it just messes with everything and dose not connect
edns-buffer-size: 1232 is used for ipv6 encapsulation
 
Better option?
push "redirect-gateway def1" - Redirects all to Unbound
push "dhcp-option DNS 10.100.0.2"

Vs

pull-filter ignore "dhcp-option DNS" - could bypass and cause leaks

push "redirect-gateway def1"
push "dhcp-option DNS 10.100.0.2" - Best way to do this to block pushed VPN DNS

In open VPN config file
 
Jack-Sparr0w said:
Better option?
push "redirect-gateway def1" - Redirects all to Unbound
push "dhcp-option DNS 10.100.0.2"

Vs

pull-filter ignore "dhcp-option DNS" - could bypass and cause leaks

push "redirect-gateway def1"
push "dhcp-option DNS 10.100.0.2" - Best way to do this to block pushed VPN DNS

In open VPN config file
Click to expand...
I bet @Tech9 can probably recommend some better options! :p
 
Jack-Sparr0w said:
just trying to block pushed dns in NordVPN
Click to expand...
Instead of going through all that trouble, you could simply do this... which I mentioned a few pages back?

1759459261393.png
 
Jack-Sparr0w said:
did that and log still said it was pushed
Click to expand...
The log may say that because the VPN provider tried to push it, but your router would have rejected that and done it's own thing based on your own DNS director settings.
 
log shows: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway 10.100.0.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.100.0.2 255.255.0.0,cipher AES-256-GCM'
 
what OpenVPN custom config looks like:

remote-random
nobind
tls-version-min 1.2
tls-version-max 1.3
resolv-retry infinite
remote-cert-tls server
cipher AES-256-GCM
data-ciphers AES-256-GCM
ping 60
ping-restart 180
ping-timer-rem
verify-x509-name CN=ca1507.nordvpn.com
persist-key
persist-tun
max-clients 100
reneg-sec 3600
pull
fast-io
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
push "redirect-gateway def1"
push "dhcp-option DNS 10.100.0.2"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

#log /tmp/vpn.log
 
Tech9 said:
Yes. Go on a vacation and leave DNS alone. This is what I'm doing now and can recommend it. Much better option. 🌴
Click to expand...
remote-random
nobind
tls-version-min 1.2
tls-version-max 1.3
initiate-vacation
relax-mode max
wine-and-beer true
feet-position up

These will really screw up your DNS. Your family will most certainly make you take a vacation if you add these to your Unbound settings.
 
Got lucky. I use remote-own and there was a H2O DDoS attack few times in the area potentially requiring feet-position up. 🌧️
 
You must log in or register to reply here.

Similar threads

Jack-Sparr0w
Unbound Harden Unbound
Replies
15
Views
2K
Jack-Sparr0w
Jack-Sparr0w
Z
Unbound Unbound Config File(s)
Replies
5
Views
2K
Zim
Z
M
Diversion Diversion failed to update. Check the Diversion-web-update.log with sf in the SSH UI.
Replies
4
Views
1K
mikefrommanchester
M
B
IPv6 and NextDNS Configuration Assistance Request
Replies
19
Views
3K
easyriider
easyriider
S
Replacement options for my RT-BE86U
2
Replies
31
Views
2K
degrub
D
Similar threads
Thread starter Title Forum Replies Date
Davidncali001 How to get Unbound Manager to display logs in Scribe? Asuswrt-Merlin AddOns 15
swejuggalo Unbound Unbound and dnscheck results Asuswrt-Merlin AddOns 12
M Unbound Unbound Stats for Asuswrt-Merlin v1.4.3 [2025-Aug-24] Generate Stats for Unbound Asuswrt-Merlin AddOns 4
John DeLuca Unbound low cache hit rate Asuswrt-Merlin AddOns 59
Jack-Sparr0w Unbound Unbound first install questions? Asuswrt-Merlin AddOns 1
Jack-Sparr0w Unbound Harden Unbound Asuswrt-Merlin AddOns 15
aru Unbound After upgrading to firmware version 3006 that Unbound's hit rate has decreased? Asuswrt-Merlin AddOns 25
sentinelvdx Unbound Setup Unbound to work with Diversion and ASUS DDNS Asuswrt-Merlin AddOns 3
Jack-Sparr0w Does this look right for Nord VPN Unbound setup, the extra address worked Asuswrt-Merlin AddOns 22
Jack-Sparr0w How to use forward-zone in Unbound? Asuswrt-Merlin AddOns 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 1,091 (members: 19, guests: 1,072)
Back
Top