viewing unbound cache stats

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Goto page 1, 2  Next
Author Message
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Wed Jun 03, 2020 4:27    Post subject: viewing unbound cache stats Reply with quote
how does one view unbound cache stats? like for dnsmasq, its "killall -s USR1 dnsmasq", but everything related to cache i find for unbound, starts with unbound control, but unbound control "is not found" in ddwrt..? also when i enable query logging in unbound conf, nothing appears in syslog, unlike dnsmasq query logging.
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Wed Jun 03, 2020 5:56    Post subject: Reply with quote
is there any unbound cache log in its directory ?
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Wed Jun 03, 2020 7:46    Post subject: Reply with quote
no it doesnt create or print anything, even if i tell it to in conf. only thing it prints in syslog is "logger : unbound : daemon successfully stopped" or started thats it.
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

tinkeruntilitworks
Guest





PostPosted: Fri Jun 05, 2020 23:57    Post subject: Reply with quote
it's probably possible by installing unbound control via entware. i have no idea how to set it up though. i just set up a usb so i might try to figure it out as well
tinkeruntilitworks
Guest





PostPosted: Sat Jun 06, 2020 23:43    Post subject: Reply with quote
i've had some luck. i installed unbound-control-setup via entware. it also installs other necessities. after it installs type this in command line
Code:
unbound-control-setup

it will create the needed keys

you also have to add this to your start up script
Code:
/opt/etc/init.d/S61unbound start

example start-up script
Quote:
#!/bin/sh
#
sleep 2
stopservice unbound
startservice unbound
/opt/etc/init.d/rc.unslung start
/opt/etc/init.d/S61unbound start

i cant get it to show up in system log or a log file but using the following in command line does show the info. the stats reset on unbound restart though
Code:
unbound-control -c /jffs/etc/unbound.conf stats_noreset

more commands here
https://nlnetlabs.nl/documentation/unbound/unbound-control/
referenced this site
https://github.com/MartineauUK/Unbound-Asuswrt-Merlin/blob/master/unbound.conf

an example conf
Quote:
cat << EOF > /jffs/etc/unbound.conf
server:
verbosity: 1
extended-statistics: yes
num-threads: 2
interface: 127.0.0.1@7053
port: 7053
outgoing-range: 950
msg-cache-size: 50m
msg-cache-slabs: 1
num-queries-per-thread: 512
rrset-cache-size: 100m
rrset-cache-slabs: 1
infra-cache-slabs: 1
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.1/24 allow
chroot: "/jffs/etc"
username: ""
directory: "/jffs/etc"
log-time-ascii: yes
log-tag-queryreply: yes
log-servfail: yes

pidfile: "/var/run/unbound.pid"
root-hints: "/jffs/etc/root.hints"
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
auto-trust-anchor-file: "/jffs/etc/root.key"
key-cache-slabs: 1
include: "/jffs/etc/blockedhosts.conf"
tls-cert-bundle: "/etc/ssl/ca-bundle.crt"
python:
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8953
control-use-cert: no
server-key-file: "/opt/var/lib/unbound/unbound_server.key"
server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
control-key-file: "/opt/var/lib/unbound/unbound_control.key"
control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"

forward-zone:
name: "."
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-tls-upstream: yes
auth-zone:
name: "."
url: "https://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"
EOF
stopservice unbound
startservice unbound
ps | grep unbound


*
This might not work with the most recent builds with unbound-control in them


Last edited by tinkeruntilitworks on Tue Jun 23, 2020 21:37; edited 3 times in total
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Sat Jun 13, 2020 12:10    Post subject: Reply with quote
seems like bs agreed to add it, maybe.. (thought # means commented out) https://svn.dd-wrt.com/changeset/43398
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Sat Jun 13, 2020 13:36    Post subject: Reply with quote
That comment out prevents the removal of unbound-control, rejoice.
tinkeruntilitworks
Guest





PostPosted: Mon Jun 15, 2020 17:32    Post subject: Reply with quote
i see unbound-control in there but it doesn't appear to be configured
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Tue Jun 16, 2020 2:39    Post subject: Reply with quote
under remote-control in unbound.conf, add

control-enable: yes
control-use-cert: no

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

tinkeruntilitworks
Guest





PostPosted: Tue Jun 16, 2020 11:45    Post subject: Reply with quote
tatsuya46 wrote:
under remote-control in unbound.conf, add

control-enable: yes
control-use-cert: no


what else did you do?

i gave it another shot and still didn't have any luck
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Tue Jun 16, 2020 11:55    Post subject: Reply with quote
thats it. i am accessing it from the router locally using telnet. make sure

access-control: 127.0.0.0/8 allow

is in the conf. it still gives a broken warning saying control-enable is no but it works.


Code:

DD-WRT v3.0-r43421 std (c) 2020 NewMedia-NET GmbH
Release: 06/15/20
Board: ASUSTeK COMPUTER INC. Z87M-PLUS

Haswell login: root
Password:
==========================================================

     ___  ___     _      _____  ______       ____  ___
    / _ \/ _ \___| | /| / / _ \/_  __/ _  __|_  / / _ \
   / // / // /___/ |/ |/ / , _/ / /   | |/ //_ <_/ // /
  /____/____/    |__/|__/_/|_| /_/    |___/____(_)___/

                       DD-WRT v3.0
                   http://www.dd-wrt.com

==========================================================


BusyBox v1.31.1 (2020-06-15 14:08:02 +04) built-in shell (ash)

root@Haswell:~# unbound-control stats
[1592308371] unbound-control[11987:0] warning: control-enable is 'no' in the config file.
thread0.num.queries=1308
thread0.num.queries_ip_ratelimited=0
thread0.num.cachehits=857
thread0.num.cachemiss=451
thread0.num.prefetch=186
thread0.num.expired=176
thread0.num.recursivereplies=451
thread0.requestlist.avg=1.21193
thread0.requestlist.max=22
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.148110
thread0.recursion.time.median=0.0739278
thread0.tcpusage=0
thread1.num.queries=1511
thread1.num.queries_ip_ratelimited=0
thread1.num.cachehits=921
thread1.num.cachemiss=590
thread1.num.prefetch=194
thread1.num.expired=185
thread1.num.recursivereplies=590
thread1.requestlist.avg=1.46684
thread1.requestlist.max=28
thread1.requestlist.overwritten=0
thread1.requestlist.exceeded=0
thread1.requestlist.current.all=0
thread1.requestlist.current.user=0
thread1.recursion.time.avg=0.189657
thread1.recursion.time.median=0.0871489
thread1.tcpusage=0
thread2.num.queries=1592
thread2.num.queries_ip_ratelimited=0
thread2.num.cachehits=1000
thread2.num.cachemiss=592
thread2.num.prefetch=219
thread2.num.expired=204
thread2.num.recursivereplies=592
thread2.requestlist.avg=1.45623
thread2.requestlist.max=27
thread2.requestlist.overwritten=0
thread2.requestlist.exceeded=0
thread2.requestlist.current.all=0
thread2.requestlist.current.user=0
thread2.recursion.time.avg=0.158285
thread2.recursion.time.median=0.0791378
thread2.tcpusage=0
thread3.num.queries=1627
thread3.num.queries_ip_ratelimited=0
thread3.num.cachehits=1074
thread3.num.cachemiss=553
thread3.num.prefetch=247
thread3.num.expired=236
thread3.num.recursivereplies=553
thread3.requestlist.avg=1.40625
thread3.requestlist.max=26
thread3.requestlist.overwritten=0
thread3.requestlist.exceeded=0
thread3.requestlist.current.all=0
thread3.requestlist.current.user=0
thread3.recursion.time.avg=0.157800
thread3.recursion.time.median=0.0738952
thread3.tcpusage=0
total.num.queries=6038
total.num.queries_ip_ratelimited=0
total.num.cachehits=3852
total.num.cachemiss=2186
total.num.prefetch=846
total.num.expired=801
total.num.recursivereplies=2186
total.requestlist.avg=1.39446
total.requestlist.max=28
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.164530
total.recursion.time.median=0.0785274
total.tcpusage=0
time.now=1592308371.722718
time.up=18067.622663
time.elapsed=18067.622663
root@Haswell:~#

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

tinkeruntilitworks
Guest





PostPosted: Tue Jun 16, 2020 12:44    Post subject: Reply with quote
appreciate your replies

still can't get it working for some reason

my conf
Code:
cat << EOF > /jffs/etc/unbound.conf
server:
verbosity: 1
extended-statistics: yes
num-threads: 2
interface: 127.0.0.1@7053
port: 7053
outgoing-range: 950
so-rcvbuf: 1m
so-sndbuf: 4m
so-reuseport: no
msg-cache-size: 50m
msg-cache-slabs: 1
num-queries-per-thread: 512
rrset-cache-size: 100m
rrset-cache-slabs: 1
infra-cache-slabs: 1
do-ip6: no
udp-upstream-without-downstream: yes
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.1/24 allow
chroot: "/jffs/etc"
username: ""
directory: "/jffs/etc"
log-time-ascii: yes
log-tag-queryreply: yes
log-servfail: yes
pidfile: "/var/run/unbound.pid"
root-hints: "/jffs/etc/root.hints"
do-not-query-localhost: no
rrset-roundrobin: yes
auto-trust-anchor-file: "/jffs/etc/root.key"
key-cache-slabs: 1
local-data: "localhost A 127.0.0.1"
local-data: "DD-WRT A 192.168.1.1"
include: "/jffs/etc/blockedhosts.conf"
tls-cert-bundle: "/etc/ssl/ca-bundle.crt"
python:
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8953
control-use-cert: no   
forward-zone:
name: "."
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-tls-upstream: yes
auth-zone:
name: "."
url: "https://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"
EOF
stopservice unbound
startservice unbound
ps | grep unbound


Last edited by tinkeruntilitworks on Thu Jun 18, 2020 0:32; edited 3 times in total
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Tue Jun 16, 2020 13:31    Post subject: Reply with quote
are u using unbound alone or dnsmasq+unbound? im using both so dnsmasq forwards all to unbound.

try adding

local-data: "localhost A 127.0.0.1"

to the conf.

i assume on the latest build?

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

tinkeruntilitworks
Guest





PostPosted: Tue Jun 16, 2020 13:54    Post subject: Reply with quote
yeah build r43420 on a Netgear R7000P

i just tried adding local-data: "localhost A 127.0.0.1" it still isn't working

i enable jffs2 for jffs and i tick unbound in the basic setup tab

maybe it isn't working on every router

*
do you enable anything besides Syslogd in GUI?

**
looking through the directories i see unbound-control but it doesn't seem unbound-control-setup was run because i don't see any keys and pems
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Thu Jun 18, 2020 20:17    Post subject: Reply with quote
tinkeruntilitworks wrote:
do you enable anything besides Syslogd in GUI?



in gui under system log:

syslogd: enable
klogd: enable
remote server: logs.papertrailapp.com

that u mean?

_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum