Unbound and PiHole bug?

Hi all. Not sure if this is the right place to post. On a fresh install of PiHole and unbound, I noted that the unbound service keeps stopping and starting, each time flushing its cache and making all forward requests to unbound take a few 100ms. I have set up unbound to serve expired entries (whilst fetching an updated record for the next time) which has worked well before and minimises lookup times. I have noticed in the log that unbound restarts usually when the router sends an advertisement to the network. Turning off "Enable IPv6 support (SLAAC + RA)" appears to solve the issue. I would like to be able to have this setting enabled without having Unbound restart every few minutes. Any ideas?

Not sure if it fits here, maybe a unboud forum would be the better choise?

Please post the output of the following command - this will show the non-commented lines in the unbound configuration files:

sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*

/etc/unbound/unbound.conf:include: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/qname-minimisation.conf:server:
/etc/unbound/unbound.conf.d/qname-minimisation.conf:    qname-minimisation: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    cache-min-ttl: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    serve-expired: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    msg-cache-size: 128m
/etc/unbound/unbound.conf.d/pi-hole.conf:    rrset-cache-size: 256m
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:    remote-control:
/etc/unbound/unbound.conf.d/pi-hole.conf:    control-enable: yes

What performance problem were you experiencing that led to using this option?

Only a slight delay on loading pages. When TTLs expire, PiHole forwards the request to unbound. Because unbound keeps restarting it doesn’t have any useful cache to serve from, so queries can take from 100ms to over a second (depending on where the servers are I suppose). When it’s not resetting constantly I will get lookups of less than a millisecond which feels snappy to me. Using cloudflare, for example, will get me results in about 10ms which is ok. But I want to use Unbound, and I want it to serve expired entries, which it can’t do if it keeps flushing its cache every few minutes.

I would temporarily increase the unbound logging verbosity to 5 and see if there is any indication in the log for the cause of the crash or any common factors. You have set fairly high memory settings as well - the default for both of these is 4M:

msg-cache-size: 128m
rrset-cache-size: 256m

You might also experiment with removing the "serve-expired" option and using "cache-min-TTL" to force higher TTLs. As noted in the documentation, this can lead to stale data if you set if too high.

I have had good success with a setting of 3600 (1 hour). I have had no problems with stale IPs.

This thread (Frequent unbound restarts | Netgate Forum) seems to be related to the issue I've encountered. This on pfSense though, so I'm not sure what the workaround would be in PiHole.

Edit: I suspect a custom settings file in /etc/dnsmasq.d needs to be created but I don't currently know which settings would work.

41 posts were split to a new topic: Unbound frequent restarts