What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@skeal, I can't explain it well, but with a 4 core CPU (RT-AX88U), I thought I would see if the defaults were too conservative. :)

Code:
# no threads and no memory slabs for threads
num-threads: 4                                  # v1.01 as per @L&LD (default 1)
msg-cache-slabs: 8                            #v1.01 as per @L&LD (default 2)
rrset-cache-slabs: 8                           #v1.01 as per @L&LD (default 2)
infra-cache-slabs: 8                           #v1.01 as per @L&LD (default 2)
key-cache-slabs: 8                             #v1.01 as per @L&LD (default 2)

# tiny memory cache
key-cache-size: 16m                           #v1.01 as per @L&LD (default 8m)
msg-cache-size: 16m                          #v1.01 as per @L&LD (default 8m)
rrset-cache-size: 32m                        #v1.01 as per @L&LD (default 16m)
cache-max-ttl: 21600
cache-min-ttl: 5
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 3600
incoming-num-tcp: 600
outgoing-num-tcp: 100
ip-ratelimit: 100
edns-buffer-size: 1472                           # v1.01 as per @dave14305 minimal config

This is what my router has been running for at least 4 hours now with no issues so far.

After I made the changes from the defaults above, I issued an 'rs' command and could immediately see an increase in responsiveness from surfing to running amtm and the 'u' and 'uu' commands to accessing my NAS too.

I can't guess what the other settings in tiny memory cache do, so I don't think I will be fooling around with those (yet!).

Seeing as you have the same AX model as me, maybe you'd like to try these settings (edit carefully!) and see if you see the same improvements too.

Interestingly, the 's' command in unbound_manager now only shows 37% (with light network usage), but it feels faster than when it was in the 90% range with the previous settings. :)
FYI The official documentation by the authors Optimise unbound CPU/Memory was not written with tiny routers in mind, so the advice/recommendations seem rather strange/inappropriate.

However ensuring 'rrset-cache-size:' is 2X 'msg-cache-size:' seems valid for the router, but the "num-threads:" value may not be valid if the load isn't actually capable of being processed across the physical CPUs in a router?
 
Last edited:
@JemTheWire, I can't tell if you're just being funny? :)

I only posted that in jest because of the insignificant 'error' I found in the comments. :)

Ha. No, i was serious. Guess the joke is is on me!

I had my 'chuckle muscle' removed yesterday. Lol
 
I have to say that Unbound is working fine for me now. I have disabled logging, but also learnt that you can selectively exclude logs from uiScribe.

Thanks to all, i'm learning all the time. Trouble is that it goes in one ear and straight out of the other!
 
FYI The official documentation by the authors Optimise unbound CPU/Memory was not written with tiny routers in mind, so the advice/recommendations seem rather strange/inappropriate.

However ensuring 'rrset-cache-size:' is 2X 'msg-cache-size: 16m' seems valid for the router, but the "num-threads:" value may not be valid if the load isn't actually capable of being processed across the physical CPUs in a router?
Borrowing a page from OpenWRT, if unbound isn't compiled with libevent, they keep num-threads = 1. For memory, they have an interesting "t-shirt size" approach to calculating based on a few multipliers.
https://github.com/openwrt/packages/blob/master/net/unbound/files/unbound.sh#L723

I'm semi-obsessed with their config script and how we could make a UI page for the variables they define, then generate unbound.conf based on those settings stored in the new addon API settings file.
 
Can unbound run with DNSSEC enabled or is it ill-advised?
 
Q&A

Q. Do I need unbound?
A. Well... it depends - However, using this script you should be able to perform a truly transparent risk-free trial to decide for yourself i.e. usually no need for a REBOOT.​

Q. dnsmasq (Trusted/mature/familiar and feature-rich) is included by default in the RMerlin firmware, is there a comparison list of features that dnsmasq has that aren't (yet) available in unbound?
A. Not that I know of (unless proven wrong! ;)) but diversion/x3mRouting rely heavily on dnsmasq for certain features.​

Q. Can I run unbound+dnsmasq+diversion together?
A. Yes. However, unbound+Ad Block+diversion is NOT recommended.​

Q. Can I run unbound with IPv6?
A. Yes, but with caveats. I have no way of testing IPv6, but some use it successfully, while others have hit snags, but I believe v2.06 does work for basic IPv6 environments.

Q. Do I need Stubby Integration?
A. TBA

Q. Can unbound run with DNSSEC ENABLED?
A. TBA

@Martineau ....you are bloody awesome.....thank you for all of your hard work...(others as well)
 
AFAIK, disable dnssec in router GUI.
Because.......
Dnssec is native to Unbound.:)

In other words, could Unbound use the DNSSEC contained in the firmware? Assuming Unbound would eventually be implemented as a new feature of Eric in the firmware, would it use the existing DNSSEC or replace it?

:)
 
@skeal, I can't explain it well, but with a 4 core CPU (RT-AX88U), I thought I would see if the defaults were too conservative. :)

Code:
# no threads and no memory slabs for threads
num-threads: 4                                  # v1.01 as per @L&LD (default 1)
msg-cache-slabs: 8                            #v1.01 as per @L&LD (default 2)
rrset-cache-slabs: 8                           #v1.01 as per @L&LD (default 2)
infra-cache-slabs: 8                           #v1.01 as per @L&LD (default 2)
key-cache-slabs: 8                             #v1.01 as per @L&LD (default 2)

# tiny memory cache
key-cache-size: 16m                           #v1.01 as per @L&LD (default 8m)
msg-cache-size: 16m                          #v1.01 as per @L&LD (default 8m)
rrset-cache-size: 32m                        #v1.01 as per @L&LD (default 16m)
cache-max-ttl: 21600
cache-min-ttl: 5
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 3600
incoming-num-tcp: 600
outgoing-num-tcp: 100
ip-ratelimit: 100
edns-buffer-size: 1472                           # v1.01 as per @dave14305 minimal config

This is what my router has been running for at least 4 hours now with no issues so far.

After I made the changes from the defaults above, I issued an 'rs' command and could immediately see an increase in responsiveness from surfing to running amtm and the 'u' and 'uu' commands to accessing my NAS too.

I can't guess what the other settings in tiny memory cache do, so I don't think I will be fooling around with those (yet!).

Seeing as you have the same AX model as me, maybe you'd like to try these settings (edit carefully!) and see if you see the same improvements too.

Interestingly, the 's' command in unbound_manager now only shows 37% (with light network usage), but it feels faster than when it was in the 90% range with the previous settings. :)

Have implemented here, so far, so good.
Only user comment, “internet seems faster this morning”. :)
 
@Martineau very nice!! Works awesome! Very well polished project! ;):)

EDIT: Faster page refreshing, quite noticeable.
 
Last edited:
@skeal, I can't explain it well, but with a 4 core CPU (RT-AX88U), I thought I would see if the defaults were too conservative. :)

Code:
# no threads and no memory slabs for threads
num-threads: 4                                  # v1.01 as per @L&LD (default 1)
msg-cache-slabs: 8                            #v1.01 as per @L&LD (default 2)
rrset-cache-slabs: 8                           #v1.01 as per @L&LD (default 2)
infra-cache-slabs: 8                           #v1.01 as per @L&LD (default 2)
key-cache-slabs: 8                             #v1.01 as per @L&LD (default 2)

# tiny memory cache
key-cache-size: 16m                           #v1.01 as per @L&LD (default 8m)
msg-cache-size: 16m                          #v1.01 as per @L&LD (default 8m)
rrset-cache-size: 32m                        #v1.01 as per @L&LD (default 16m)
cache-max-ttl: 21600
cache-min-ttl: 5
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 3600
incoming-num-tcp: 600
outgoing-num-tcp: 100
ip-ratelimit: 100
edns-buffer-size: 1472                           # v1.01 as per @dave14305 minimal config

This is what my router has been running for at least 4 hours now with no issues so far.

After I made the changes from the defaults above, I issued an 'rs' command and could immediately see an increase in responsiveness from surfing to running amtm and the 'u' and 'uu' commands to accessing my NAS too.

I can't guess what the other settings in tiny memory cache do, so I don't think I will be fooling around with those (yet!).

Seeing as you have the same AX model as me, maybe you'd like to try these settings (edit carefully!) and see if you see the same improvements too.

Interestingly, the 's' command in unbound_manager now only shows 37% (with light network usage), but it feels faster than when it was in the 90% range with the previous settings. :)

Thanks for this input.

Would the CPU mods you posted work on a RT-AC86U or would you able to recommend safe #s to adjust for this particular model that would maybe make things feel faster? I'm willing to test it on my router :)
 
@Kingp1n the normal disclaimers apply here. Please proceed at your own risk (I haven't tried this on an RT-AC86U myself yet).

If you're brave, use 2 for num-threads (NOT 4).

The rest should be fine to use on your RT-AC86U. :)

I recommend having both PuTTY and WinSCP open when trying this.

Use WinSCP to keep the unbound.conf file open (make sure you hit save after any changes, of course).

Use PuTTY to issue an 'rs' restart command to unbound_manager after saving your changes.

After restarting unbound_manager and it starts up normally, see if the unbound.log file is 'clean' (using WinSCP). Make sure to refresh the file a few times. ;)

Browse some sites, making sure to click on links that stay within that main site, open up some files on your NAS, if available and report back please. :)

If there is an issue, simply undo the changes you made and save the unbound.conf file again. You may need to reboot the router to be able to issue an 'rs' command again though. :)
 
Last edited:
@Kingp1n the normal disclaimers apply here. Please proceed at your own risk (I haven't tried this on an RT-AC86U myself yet).

If you're brave, use 2 for num-threads (NOT 4).

The rest should be fine to use on your RT-AC86U. :)

I recommend having both PuTTY and WinSCP open when trying this.

Use WinSCP to keep the unbound.conf file open (make sure you hit save after any changes, of course).

Use PuTTY to issue an 'rs' restart command to unbound_manager after saving your changes.

After restarting unbound_manager and it starts up normally, see if the unbound.log file is 'clean' (using WinSCP). Make sure to refresh the file a few times. ;)

Browse some sites, making sure to click on links that stay within that main site, open up some files on your NAS, if available and report back please. :)

If there is an issue, simply undo the changes you made and save the unbound.conf file again. You may need to reboot the router to be able to issue an 'rs' command again though. :)

I tried 4 threads and increased mem parameters as per your post on my AC-5300 - no issues whatsoever - but since reverted to 2 threads.
 
@joe scian that should be a better match for your 2 core router. Good to see it didn't have a catastrophic effect with 4 threads. :)

Thanks also for participating in this testing. I'll be posting a new setup after I finish testing (hopefully soon). :)
 
@L&LD, thanks for the info. Before all this I was having issues with unbound and my nest app not working. I know it wasnt due to unbound but rather testing other things (DNSScrypt/DoT) that eventually had my router acting screwy. Since then I've resetted my router and reinstalled the latest unbound script with your input above. I'm also using 2 num-threads (vs 4) as long as with the same values you provided and I'm having no issues. Not sure if its just me but things definitely feel snappier i.e. surfing the web, webs opening faster etc. I'm also using IPV6 but without DNS64. I'm reluctant to try and screw something up.
 
@Kingp1n I too am avoiding DNS64 right now. :)

Glad to see your network is fast and stable now.

I'm still in testing mode (and of course I'm guessing for the RT-AC86U routers as I don't have one here right now), but keep your eyes peeled to this thread for an update after I'm done testing some more.

Btw, what is your router model again? '86U, correct?
 
Thats great to hear....yes I have a RT-AC86U!!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top