Skip to content

unbound

Monitoring uses the remote control interface to fetch statistics.

Provides the following charts:

  1. Queries Processed
    * Ratelimited
    * Cache Misses
    * Cache Hits
    * Expired
    * Prefetched
    * Recursive

  2. Request List
    * Average Size
    * Max Size
    * Overwritten Requests
    * Overruns
    * Current Size
    * User Requests

  3. Recursion Timings
    * Average recursion processing time
    * Median recursion processing time

If extended stats are enabled, also provides:

  1. Cache Sizes
    * Message Cache
    * RRset Cache
    * Infra Cache
    * DNSSEC Key Cache
    * DNSCrypt Shared Secret Cache
    * DNSCrypt Nonce Cache

Configuration

Unbound must be manually configured to enable the remote-control protocol.
Check the Unbound documentation for info on how to do this. Additionally,
if you want to take advantage of the autodetection this plugin offers,
you will need to make sure your unbound.conf file only uses spaces for
indentation (the default config shipped by most distributions uses tabs
instead of spaces).

Once you have the Unbound control protocol enabled, you need to make sure
that either the certificate and key are readable by Netdata (if you’re
using the regular control interface), or that the socket is accessible
to Netdata (if you’re using a UNIX socket for the contorl interface).

By default, for the local system, everything can be auto-detected
assuming Unbound is configured correctly and has been told to listen
on the loopback interface or a UNIX socket. This is done by looking
up info in the Unbound config file specified by the ubconf key.

To enable extended stats for a given job, add extended: yes to the
definition.

You can also enable per-thread charts for a given job by adding
per_thread: yes to the definition. Note that the numbe rof threads
is only checked on startup.

A basic local configuration with extended statistics and per-thread
charts looks like this:

local:
    ubconf: /etc/unbound/unbound.conf
    extended: yes
    per_thread: yes

While it’s a bit more complicated to set up correctly, it is recommended
that you use a UNIX socket as it provides far better performance.

Troubleshooting

If you’ve configured the module and can’t get it to work, make sure and
check all of the following:

  • If you’re using autodetection, double check that your unbound.conf
    file is actually using spaces instead of tabs, and that appropriate
    indentation is present. Most Linux distributions ship a default config
    for Unbound that uses tabs, and the plugin can’t read such a config file
    correctly. Also, make sure this file is actually readable by Netdata.
  • Ensure that the control protocol is actually configured correctly.
    You can check this quickly by running unbound-control stats_noreset
    as root, which should print out a bunch of info about the internal
    statistics of the server. If this returns an error, you don’t have
    the control protocol set up correctly.
  • If using the regular control interface, make sure that the certificate
    and key file you have configured in unbound.conf are readable by
    Netdata. In general, it’s preferred to use ACL’s on the files to
    provide the required permissions.
  • If using a UNIX socket, make sure that the socket is both readable
    and writable by Netdata. Just like with the regular control
    interface, it’s preferred to use ACL’s to provide these permissions.
  • Make sure that SELinux, Apparmor, or any other mandatory access control
    system isn’t interfering with the access requirements mentioned above.
    In some cases, you may have to add a local rule to allow this access.