Edit tuning.conf /unbound

yoni-priester · 11 June 2022 16:58

I would like to edit the Tuning.conf of Unbound.
I would like to add the following entry ->num-threads
the current dns performance is not sufficient.

thx for help

pmueller · 11 June 2022 17:12

Hi,

welcome to the IPFire community.

In spring 2020, this directive has been removed from IPFire’s Unbound configuration, since Unbound was found to issue any given DNS query as many times as it had threads started (see this commit). I don’t know if this bug has been fixed upstream since then.

That being said, I assume you have conducted measurements regarding Unbound performance and possible improvements in your setup. Nevertheless, I am a bit surprised – we know IPFire users running appliances in very large environments handling tons of DNS requests fine without the num-threads directive. Just out of curiosity: Can you elaborate a bit more on your setup? In which way is the DNS performance insufficient?

Unbound will read any files in /etc/unbound/local.d/ with .conf suffix, so you can just place a file containing the appropriate num-threads directive there, and restart Unbound via

/etc/init.d/unbound restart

to apply it.

Thanks, and best regards,
Peter Müller

yoni-priester · 11 June 2022 17:39

Thank you for the quick answer.
I currently need up to 12000 qps.
in the Tuning.conf it says
num-queries-per-thread: 4096

I interpret this to mean that only one thread starts with max 4096 qps.
that would clearly be too little.
unbound occupies a core with up to 100 percent. here i get dns errors from the applications.
with the expansion to several threads, i hope for an even load on several cores and minimisation of the dns errors.

pmueller · 11 June 2022 17:51

Hi,

yes, I understand the unbound.conf manpage the same way.

I see, increasing num-threats is worth trying indeed.

Could you report back whether you see any questions issued multiple times then? If this turns out not to be the case, we could revert the aforementioned commit…

Thanks, and best regards,
Peter Müller

yoni-priester · 11 June 2022 18:18

Hello Mr.Müller
Your suggestion with the transfer with /etc/unbound/local.d/ did not work.
Unbound cannot do anything with the .conf file I created.
Based on the log file, I would say that a lot of multiple requests are being made.

yoni-priester · 11 June 2022 18:19

Attached is a current excerpt from the log file:

|19:57:01|unbound: [15627:0]|info: start of service (unbound 1.14.0).|
|---|---|---|
|19:57:01|unbound: [15627:0]|notice: init module 1: iterator|
|19:57:01|unbound: [15627:0]|notice: init module 0: validator|
|19:49:47|unbound: [10466:0]|info: 256.000000 512.000000 29|
|19:49:47|unbound: [10466:0]|info: 128.000000 256.000000 2717|
|19:49:47|unbound: [10466:0]|info: 64.000000 128.000000 8193|
|19:49:47|unbound: [10466:0]|info: 32.000000 64.000000 10985|
|19:49:47|unbound: [10466:0]|info: 16.000000 32.000000 8996|
|19:49:47|unbound: [10466:0]|info: 8.000000 16.000000 9439|
|19:49:47|unbound: [10466:0]|info: 4.000000 8.000000 16003|
|19:49:47|unbound: [10466:0]|info: 2.000000 4.000000 30774|
|19:49:47|unbound: [10466:0]|info: 1.000000 2.000000 49719|
|19:49:47|unbound: [10466:0]|info: 0.524288 1.000000 84856|
|19:49:47|unbound: [10466:0]|info: 0.262144 0.524288 137605|
|19:49:47|unbound: [10466:0]|info: 0.131072 0.262144 135579|
|19:49:47|unbound: [10466:0]|info: 0.065536 0.131072 130512|
|19:49:47|unbound: [10466:0]|info: 0.032768 0.065536 123887|
|19:49:47|unbound: [10466:0]|info: 0.016384 0.032768 24943|
|19:49:47|unbound: [10466:0]|info: 0.008192 0.016384 1438|
|19:49:47|unbound: [10466:0]|info: 0.004096 0.008192 26|
|19:49:47|unbound: [10466:0]|info: 0.002048 0.004096 14|
|19:49:47|unbound: [10466:0]|info: 0.001024 0.002048 7|
|19:49:47|unbound: [10466:0]|info: 0.000512 0.001024 3|
|19:49:47|unbound: [10466:0]|info: 0.000256 0.000512 2|
|19:49:47|unbound: [10466:0]|info: 0.000000 0.000001 17878|
|19:49:47|unbound: [10466:0]|info: lower(secs) upper(secs) recursions|
|19:49:47|unbound: [10466:0]|info: [25%]=0.0807024 median[50%]=0.225904 [75%]=0.654965|
|19:49:47|unbound: [10466:0]|info: histogram of recursion processing times|
|19:49:47|unbound: [10466:0]|info: average recursion processing time 3.026069 sec|
|19:49:47|unbound: [10466:0]|info: server stats for thread 0: requestlist max 2297 avg 331.352 exceeded 0 jo stled 0|
|19:49:47|unbound: [10466:0]|info: server stats for thread 0: 1374226 queries, 580631 answers from cache, 79 3595 recursions, 3987 prefetch, 0 rejected by ip ratelimiting|
|19:49:45|unbound: [10466:0]|info: service stopped (unbound 1.14.0).|
|18:13:24|unbound: [10466:0]|info: generate keytag query _ta-4a5c-4f66. NULL IN|
|14:18:19|unbound: [10466:0]|error: SERVFAIL <futureworldvision.com. A IN>: all the configured stub or forwa rd servers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:17:44|unbound: [10466:0]|error: SERVFAIL <www.shtcscphs.com. AAAA IN>: all the configured stub or forwar d servers failed, at zone . from 185.95.218.42 upstream server timeout|
|14:17:36|unbound: [10466:0]|error: SERVFAIL <www.shtaoshuyuan.com. AAAA IN>: all the configured stub or for ward servers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:16:39|unbound: [10466:0]|error: SERVFAIL <www.shtcscphs.com. A IN>: all the configured stub or forward s ervers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:16:38|unbound: [10466:0]|error: SERVFAIL <www.shtaoshuyuan.com. AAAA IN>: all the configured stub or for ward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:16:38|unbound: [10466:0]|error: SERVFAIL <www.shtaoshuyuan.com. A IN>: all the configured stub or forwar d servers failed, at zone . from 91.239.100.100 upstream server timeout|
|14:15:04|unbound: [10466:0]|error: SERVFAIL <geogo.com.br. A IN>: all the configured stub or forward server s failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:14:58|unbound: [10466:0]|error: SERVFAIL <geoliportas.com.br. A IN>: all the configured stub or forward servers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:14:49|unbound: [10466:0]|error: SERVFAIL <geogo.com.br. A IN>: all the configured stub or forward server s failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:14:49|unbound: [10466:0]|error: SERVFAIL <geoliportas.com.br. A IN>: all the configured stub or forward servers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:13:53|unbound: [10466:0]|error: SERVFAIL <www.muyuwan.com. A IN>: all the configured stub or forward ser vers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:13:27|unbound: [10466:0]|error: SERVFAIL <2f.tel. A IN>: all the configured stub or forward servers fail ed, at zone . from 185.95.218.42 got SERVFAIL|
|14:13:15|unbound: [10466:0]|error: SERVFAIL <2f.tel. AAAA IN>: all the configured stub or forward servers f ailed, at zone . from 91.239.100.100 got SERVFAIL|
|14:13:14|unbound: [10466:0]|error: SERVFAIL <2f.tel. A IN>: all the configured stub or forward servers fail ed, at zone . from 1.1.1.1 got SERVFAIL|
|14:13:07|unbound: [10466:0]|error: SERVFAIL <muyustone888.com. AAAA IN>: all the configured stub or forward servers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:13:07|unbound: [10466:0]|error: SERVFAIL <muyustone888.com. A IN>: all the configured stub or forward se rvers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:12:54|unbound: [10466:0]|error: SERVFAIL <muyustone888.com. A IN>: all the configured stub or forward se rvers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:12:32|unbound: [10466:0]|error: SERVFAIL <ayyoobi.com. A IN>: all the configured stub or forward servers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:12:29|unbound: [10466:0]|error: SERVFAIL <ayyoobi.com. AAAA IN>: all the configured stub or forward serv ers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:12:13|unbound: [10466:0]|error: SERVFAIL <www.wideip.sfda.gov.sa. AAAA IN>: all the configured stub or f orward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:11:52|unbound: [10466:0]|error: SERVFAIL <www.finalconclusion.fsnet.co.uk. A IN>: all the configured stu b or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:11:40|unbound: [10466:0]|error: SERVFAIL <www.finalconclusion.fsnet.co.uk. A IN>: all the configured stu b or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:11:25|unbound: [10466:0]|error: SERVFAIL <m.919golden919.com. A IN>: all the configured stub or forward servers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:11:13|unbound: [10466:0]|error: SERVFAIL <m.919golden919.com. A IN>: all the configured stub or forward servers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:11:03|unbound: [10466:0]|error: SERVFAIL <sayinglaw.com. A IN>: all the configured stub or forward serve rs failed, at zone . from 185.95.218.42 upstream server timeout|
|14:11:00|unbound: [10466:0]|error: SERVFAIL <bluetoothvietnam.vn. A IN>: all the configured stub or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:10:44|unbound: [10466:0]|error: SERVFAIL <bluetoothvietnam.vn. A IN>: all the configured stub or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:10:35|unbound: [10466:0]|error: SERVFAIL <sayinglaw.com. AAAA IN>: all the configured stub or forward se rvers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:10:10|unbound: [10466:0]|error: SERVFAIL <sayinglaw.com. AAAA IN>: all the configured stub or forward se rvers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:10:00|unbound: [10466:0]|error: SERVFAIL <www.goylq.com. A IN>: all the configured stub or forward serve rs failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:09:06|unbound: [10466:0]|error: SERVFAIL <goynabd.com. A IN>: all the configured stub or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:08:57|unbound: [10466:0]|error: SERVFAIL <goynabd.com. A IN>: all the configured stub or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:07:01|unbound: [10466:0]|error: SERVFAIL <xinyouyl.com. AAAA IN>: all the configured stub or forward ser vers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:07:01|unbound: [10466:0]|error: SERVFAIL <xinyouyl.com. A IN>: all the configured stub or forward server s failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:06:41|unbound: [10466:0]|error: SERVFAIL <www.flcc168.com. A IN>: all the configured stub or forward ser vers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:06:26|unbound: [10466:0]|error: SERVFAIL <www.flcc168.com. A IN>: all the configured stub or forward ser vers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:06:26|unbound: [10466:0]|error: SERVFAIL <www.flcc168.com. AAAA IN>: all the configured stub or forward servers failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:05:59|unbound: [10466:0]|error: SERVFAIL <betfa.win. AAAA IN>: all the configured stub or forward server s failed, at zone . from 1.1.1.1 got SERVFAIL|
|14:05:59|unbound: [10466:0]|error: SERVFAIL <betfa.win. A IN>: all the configured stub or forward servers f ailed, at zone . from 1.1.1.1 got SERVFAIL|
|14:04:18|unbound: [10466:0]|error: SERVFAIL <www.hbkeke.com. AAAA IN>: all the configured stub or forward s ervers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:04:18|unbound: [10466:0]|error: SERVFAIL <ukimmigrationattorneymassachusetts.us. AAAA IN>: all the confi gured stub or forward servers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:04:18|unbound: [10466:0]|error: SERVFAIL <ukimmigrationattorneymaryland.us. AAAA IN>: all the configured stub or forward servers failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:04:18|unbound: [10466:0]|error: SERVFAIL <trasverige.se. A IN>: all the configured stub or forward serve rs failed, at zone . from 185.95.218.42 got SERVFAIL|
|14:04:14|unbound: [10466:0]|error: SERVFAIL <www.hbkeke.com. A IN>: all the configured stub or forward serv ers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:04:01|unbound: [10466:0]|error: SERVFAIL <www.hbkeke.com. A IN>: all the configured stub or forward serv ers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:03:58|unbound: [10466:0]|error: SERVFAIL <ukimmigrationattorneymassachusetts.us. A IN>: all the configur ed stub or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:03:58|unbound: [10466:0]|error: SERVFAIL <ukimmigrationattorneymaryland.us. A IN>: all the configured st ub or forward servers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:03:57|unbound: [10466:0]|error: SERVFAIL <www.ksfyts.com. A IN>: all the configured stub or forward serv ers failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:03:05|unbound: [10466:0]|error: SERVFAIL <www.ksgbd.com. A IN>: all the configured stub or forward serve rs failed, at zone . from 91.239.100.100 got SERVFAIL|
|14:02:25|unbound: [10466:0]|error: SERVFAIL <www.shjajnby.com. A IN>: all the configured stub or forward se rvers failed, at zone . from 91.239.100.100 upstream server timeout|
|14:01:33|unbound: [10466:0]|error: SERVFAIL <publicdata.dk. A IN>: all the configured stub or forward serve rs failed, at zone . from 91.239.100.100 got SERVFAIL|

pmueller · 11 June 2022 18:31

Hi,

oh, my bad. I should have mentioned you need to put the directive under the server section. The file should look like:

[root@maverick ~]# cat /etc/unbound/local.d/multiple-threads.conf 
server:
	num-threads: 4

If this does not work either, please post the output of unbound-checkconf here so we can investigate further.

But these were without the multiple threads enabled, weren’t they?

Thanks, and best regards,
Peter Müller

yoni-priester · 11 June 2022 18:48

yes

I will test the new setting.
no error message
thanks for your time und help.

Have a nice evening