Maintained by: NLnet Labs

New to Unbound

Luiz Fernando Softov
Fri Mar 24 03:44:50 CET 2017


see all mailling, but this I know how to do.

>​ ​4. Gathering statistics and graphing queries per second (not sure how
>​ ​to accomplish this

​You can have a daemon, that grab statistics each second

​1 - Using ​'system' ​unbound-control stats_noreset
2 -​ ​Or your own daemon, connecting via TCP+SSL, and making the command.

Each reply has a connection close, so you need to reconnect.

This 2, for me, isn't the best way, because the CPU increase.

3 -​ ​Or, use the Shared Memory, so you can create a daemon and attach to
SHM and get
needed​​ info.

After getting the info, you need to populate some files or database.
With that info, you can create graphs.

Use your imagination and the data needed.

Here are some screenshots from one of our client, to show the ideia.

2017-03-21 16:15 GMT-04:00 Oscar Ricardo Silva via Unbound-users <
unbound-users at>:

> On 03/16/2017 07:13 PM, Eric Luehrsen wrote:
>>> 1. BIND runs in a chroot environment. Should I continue this with
>>> Unbound or is this not as much an issue?
>>> Yes. Do chroot. Have init-start copy everything to /var/lib/unbound.
>> Then allow Unbound only to operate there. Have your init-stop script
>> copy back to /etc/ only non-poisoned updates. Example, double check
>> RFC5011 root.key file.
>>> 2. Minimal responses to queries (I see how Unbound does that)
>>> 3. Resolve RFC1918 addresses (we currently forward those to our
>>> authoritative servers and I believe I see how to do this with Unbound)
>>> "stub:" clause to authoritative servers that normally respond to
>> recursive queries. "forward:" clause to other recursive search or
>> forwarding servers (not authoritative). RFC1918, RC4193...  see the
>> section on private zone data under "unbound.conf" on the web page.
>>> 4. Gathering statistics and graphing queries per second (not sure how
>>> to accomplish this)
> I wanted to thank Eric for taking the time to answer my questions. Testing
> is going well and I'm putting these suggestions to work.
> Oscar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>