Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[heysoundude]

Those are how unbound buckets the results. It is an exponential method they use to grow the buckets, agree.

So many categories are...possibly inefficient?
Can this be changed?


Sent from my iPhone using Tapatalk

 

[Milan]

"?" is triggering "unknown option" in 3.18

 

[immi803]

@Martineau
Previously i was using famous ad blocker and just shifted to unbound ad blocker and it's awesome , moreover YouTube ad blocker is great

I always used to whitelist domain

s.youtube.com

in other ad blocker as ad blockers restrict watch history to be stored
How to do this in unbound ad blocker?

 

[jsbeddow]

@Martineau
Previously i was using famous ad blocker and just shifted to unbound ad blocker and it's awesome , moreover YouTube ad blocker is great

I always used to whitelist domain

s.youtube.com

in other ad blocker as ad blockers restrict watch history to be stored
How to do this in unbound ad blocker?

Perhaps the bigger question is WHY you would want Google and YouTube to keep track of your watch history: many of us do our best to avoid that sort of thing.

 

[juched]

So many categories are...possibly inefficient?
Can this be changed?


Sent from my iPhone using Tapatalk

This would need to be proposed to the unbound dev team. I just get the stats from them and this is how they bucket it. This isn’t really inefficient. It is actually quite a simple and efficient way to provide large metric and unbound is built for scale.

What part bothers you about the scale?

 

[juched]

@Martineau
Previously i was using famous ad blocker and just shifted to unbound ad blocker and it's awesome , moreover YouTube ad blocker is great

I always used to whitelist domain

s.youtube.com

in other ad blocker as ad blockers restrict watch history to be stored
How to do this in unbound ad blocker?

Just add this domain to the allowhosts file under /opt/share/unbound/config

Then regenerate or wait for 5am.

 

[SomeWhereOverTheRainBow]

This would need to be proposed to the unbound dev team. I just get the stats from them and this is how they bucket it. This isn’t really inefficient. It is actually quite a simple and efficient way to provide large metric and unbound is built for scale.

What part bothers you about the scale?

Yea i get where you are coming from. to me, for the average home network, the statistics is actually over kill. The statistics are mainly important for troubleshooting more than anything else. You did a great job for setting it up to track dns firewall and ad blocking though.

 

[juched]

Having been up for 43 days my router and unbound have been very stable.

Coming up to the top of my cache limit size just now, after almost 5 million requests.

Wonder how it handles max cache size limit now.

 Standard Statistics
 --------------------------------------------------------

 Number of DNS queries: 4901616
 Number of queries that were successfully answered using cache lookup (ie. cache hit): 4532249
 Number of queries that needed recursive lookup (ie. cache miss): 369367
 Number of queries dropped because request list was full: 0
 Average number of requests in list for recursive processing: 4.37211

 Extended Statistics
 --------------------------------------------------------

 RRset cache usage in bytes: 15640365
 Message cache usage in bytes: 8029246

I guess the memory size is a guideline and not a hard rule.

After 44 days of running:

unbound Memory/Cache:

        'key-cache-size:'       8388608 (8.00 MB)
        'msg-cache-size:'       8388608 (8.00 MB)       103% used 8669405    (8.27 MB)
        'rrset-cache-size:'     16777216 (16.00 MB)     101% used 17069136   (16.28 MB)

But cannot complain with these stats:

total.num.queries=5625782
total.num.queries_ip_ratelimited=0
total.num.cachehits=5211830
total.num.cachemiss=413952
total.num.prefetch=413995
total.num.expired=327426
total.num.recursivereplies=413952

5.6 million requests handled. 92% cache hit.

 

[SomeWhereOverTheRainBow]

I guess the memory size is a guideline and not a hard rule.

After 44 days of running:

unbound Memory/Cache:

        'key-cache-size:'       8388608 (8.00 MB)
        'msg-cache-size:'       8388608 (8.00 MB)       103% used 8669405    (8.27 MB)
        'rrset-cache-size:'     16777216 (16.00 MB)     101% used 17069136   (16.28 MB)

But cannot complain with these stats:

total.num.queries=5625782
total.num.queries_ip_ratelimited=0
total.num.cachehits=5211830
total.num.cachemiss=413952
total.num.prefetch=413995
total.num.expired=327426
total.num.recursivereplies=413952

5.6 million requests handled. 92% cache hit.

what is your thread count and what not?

 

[heysoundude]

This would need to be proposed to the unbound dev team. I just get the stats from them and this is how they bucket it. This isn’t really inefficient. It is actually quite a simple and efficient way to provide large metric and unbound is built for scale.

What part bothers you about the scale?

First, there are jumps, where data might be disregarded or ignored: notice at the top it goes 0-1us then the next is 2-3us? What about 1.3us, or 1.8? Where do they go? Wider ranges would suffice for me...0-10us, 10-100us, 100-1000us, 1ms-10ms, 10-100ms, 100-1000ms, 1-10s, 10-100s, 100-1000s and >1000s (which I hope remains empty, or a medal for patience pops out of the router because anyone who waits >15 min for a DNS lookup to return a result deserves one!)
But what really confuses me is how the data bars in the middle of the range where all the data is don’t seem to line up with what they’re actually trying to display. Perhaps rearrangement of the sorting buckets will clarify this


Sent from my iPhone using Tapatalk

 

[juched]

First, there are jumps, where data might be disregarded or ignored: notice at the top it goes 0-1us then the next is 2-3us? What about 1.3us, or 1.8? Where do they go? Wider ranges would suffice for me...0-10us, 10-100us, 100-1000us, 1ms-10ms, 10-100ms, 100-1000ms, 1-10s, 10-100s, 100-1000s and >1000s (which I hope remains empty, or a medal for patience pops out of the router because anyone who waits >15 min for a DNS lookup to return a result deserves one!)
But what really confuses me is how the data bars in the middle of the range where all the data is don’t seem to line up with what they’re actually trying to display. Perhaps rearrangement of the sorting buckets will clarify this


Sent from my iPhone using Tapatalk

I see what you mean now. I usually use the vertical view which doesn't have bottom labels and I hover to see the values.

Seems the graphing library drops some of the labels to make it readable, but if you hover over them you can see still the missing groups. This may explain the question you are having. See in the example below, 4m-8.5m is not in the labels, but is a bar graph item.

Seems this is just how it works.

 

[juched]

what is your thread count and what not?

Standard as @Martineau ships in his file. 1 thread, 2 slabs, etc.

 

[heysoundude]

I’ll go looking for ways to make my suggestions with the unbound devs. I suspect I’ll find them on GitHub, where I can make a PR.


Sent from my iPhone using Tapatalk

 

[Martineau]

"?" is triggering "unknown option" in 3.18

Sorry I can't replicate the issue.

Is it just the '?' command?

Which SSH Client/Character-set?

 

[archiel]

the 2nd instance of dnsmasq .conf file is generated from the alternate-bf.div file in /opt/share/diversion/file directory.
You would need to alter the echo "servers-file=/tmp/resolv.dnsmasq" line to echo "server=127.0.0.1#53535"
Or alter the alternate-bf.conf file itself restart the 2nd instance of dnsmasq for it to take effect.

Ignorant questions time

Is this change needed for any setup where diversion is using an alternate config, or just when setting unbound as the local DNS to take over from dnsmasq?
I assume that on a diversion update, any changes to alternate-bf.conf or alternate-bf.div would be overwritten but using a .postconf file would carry over - if so
Where do I place it? (/jffs/scripts ?)
Does it matter what it is called (alternate-bf.postconf ?)
What content is required to change the setting to server=127.0.0.1#53535 ?

 

[kobejo34]

Do I need to enable "logging" when installing unbound via amtm and then go into advance setting and enable scribe for syslog-ng or are they redundant and/ or dependent on each other.




my settings

verbosity: 0
logfile: "/opt/var/lib/unbound/unbound.log"
log-time-ascii: yes
log-tag-queryreply: yes
'query'/'reply'
log-queries: yes
log-replies: yes
use-syslog: yes
log-local-actions: yes
log-servfail: yes

 

[juched]

Do I need to enable "logging" when installing unbound via amtm and then go into advance setting and enable scribe for syslog-ng or are they redundant and/ or dependent on each other.




my settings

verbosity: 0
logfile: "/opt/var/lib/unbound/unbound.log"
log-time-ascii: yes
log-tag-queryreply: yes
'query'/'reply'
log-queries: yes
log-replies: yes
use-syslog: yes
log-local-actions: yes
log-servfail: yes

No harm is setting them directly. Even if the other options turn them on. Typically those would al be set by turning on logging and scribe.

Personally I do not enable log-queries as it is just extra logging which isn’t needed for the stats.

 

[tomsk]

Ignorant questions time

Is this change needed for any setup where diversion is using an alternate config, or just when setting unbound as the local DNS to take over from dnsmasq?
I assume that on a diversion update, any changes to alternate-bf.conf or alternate-bf.div would be overwritten but using a .postconf file would carry over - if so
Where do I place it? (/jffs/scripts ?)
Does it matter what it is called (alternate-bf.postconf ?)
What content is required to change the setting to server=127.0.0.1#53535 ?

You will only need to make this change to the 2nd dnsmasq instance config file if you are using the alternate blocking list and you want those queries forwarded to unbound as an upstream resolver.

This 2nd dnsmasq conf is created by the alternate-bf.div file which is in turn called by the postconf.div file whenever the main dnsmasq is restarted. Its not dynamically created like the main dnsmasq instance so i think its ok just to replace the line in the alternate-bf.conf file and restart just the 2nd dnsmasq instance.

I had a go at it and my sed looks ok .. not sure if the 2nd instance of dnsmasq is restarting though....
EDIT: just re-read the man page and seems a SIGHUP wont load reload the config... killing it off and restarting it seems to work.... that will teach me not to read

#!/bin/sh

if [ -f /opt/share/diversion/.conf/alternate-bf.conf ];then

  if [ -n "\$(grep -E "^port: 53535" /opt/var/lib/unbound/unbound.conf)" ] && [ -n "$(grep -F "servers-file=/tmp/resolv.dnsmasq" /opt/share/diversion/.conf/alternate-bf.conf)" ];then

  sed -i 's/servers\-file\=\/tmp\/resolv\.dnsmasq/server\=127\.0\.0\.1\#53535/' /opt/share/diversion/.conf/alternate-bf.conf

  sed -i '14icache-size=0' /opt/share/diversion/.conf/alternate-bf.conf

  # kill -1 $(ps | grep "dnsmasq -C" | awk '{print $1}')   #SIGHUP

  kill -9 $(ps | grep "dnsmasq -C" | awk '{print $1}')                   #or kill process and restart?
  dnsmasq -C "/opt/share/diversion/.conf/alternate-bf.conf"

  fi
fi

i called this altdnsmasq_unbound and put it in /jffs/addons and made it executable

then just added a call to it in /jffs/scripts/dnsmasq.postconf

#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion
sh /jffs/addons/unbound/unbound.postconf "$1"           # unbound_manager
sh /jffs/addons/altdnsmasq_unbound

 

[Milan]

Sorry I can't replicate the issue.

Is it just the '?' command?

Which SSH Client/Character-set?

seems this is happening when I use backspace to delete other char for other commands which I don't want use.
when i put directly correct char then it is fine.

 

[Martineau]

seems this is happening when I use backspace to delete other char for other commands which I don't want use.
when i put directly correct char then it is fine.

Which SSH client are you using, and what setting do you have for the Del/Backspace keys?