Unbound monitoring with Netdata
Unbound is a validating, recursive, and caching DNS resolver product
from NLnet Labs.
This module monitors one or more Unbound servers, depending on your configuration.
Requirements#
Unboundwith enabledremote-controlinterface ( see unbound.conf)
If using unix socket:
- socket should be readable and writeable by
netdatauser
If using ip socket and TLS is disabled:
- socket should be accessible via network
If TLS is enabled, in addition:
control-key-fileshould be readable bynetdatausercontrol-cert-fileshould be readable bynetdatauser
For auto detection parameters from unbound.conf:
unbound.confshould be readable bynetdatauser- if you have several configuration files (include feature) all of them should be readable by
netdatauser
Charts#
Module produces following summary charts:
- Received Queries in
queries - Rate Limited Queries in
queries - DNSCrypt Queries in
queries - Cache Statistics in
events - Cache Statistics Percentage in
percentage - Cache Prefetches in
prefetches - Replies Served From Expired Cache in
replies - Replies That Needed Recursive Processing in
replies - Time Spent On Recursive Processing in
milliseconds - Request List Usage in
queries - Current Request List Usage in
queries - Request List Jostle List Events in
queries - TCP Handler Buffers in
buffers - Uptime
seconds
If extended-statistics is enabled:
- Queries By Type in
queries - Queries By Class in
queries - Queries By OpCode in
queries - Queries By Flag in
queries - Replies By RCode in
replies - Cache Items Count in
items - Cache Memory in
KB - Module Memory in
KB - TCP and TLS Stream Wait Buffer Memory in
KB
Per thread charts (only if number of threads > 1):
- Received Queries in
queries - Rate Limited Queries in
queries - DNSCrypt Queries in
queries - Cache Statistics in
events - Cache Statistics Percentage in
events - Cache Prefetches in
prefetches - Replies Served From Expired Cache in
replies - Replies That Needed Recursive Processing in
replies - Time Spent On Recursive Processing in
milliseconds - Request List Usage in
queries - Current Request List Usage in
queries - Request List Jostle List Events in
queries - TCP Handler Buffers in
buffers
Configuration#
Edit the go.d/unbound.conf configuration file using edit-config from the
Netdata config directory, which is typically at /etc/netdata.
This Unbound collector only needs the address to a server's remote-control interface if TLS is disabled or address
of unix socket. Otherwise you need to set path to the control-key-file and control-cert-file files.
The module tries to auto-detect following parameters reading unbound.conf:
- address
- cumulative_stats
- use_tls
- tls_cert
- tls_key
Module supports both cumulative and non-cumulative modes. Default is non-cumulative. If your server has enabled
statistics-cumulative, but the module fails to auto-detect it (unbound.conf is not readable or it is a remote
server), you need to set it manually in the configuration file.
Here is an example for several servers:
For all available options, please see the module configuration file.
Troubleshooting#
Ensure that the control protocol is actually configured correctly. Run following command as root user:
It should print out a bunch of info about the internal statistics of the server. If this returns an error, you don't have the control protocol set up correctly.
To troubleshoot issues with the unbound collector, run the go.d.plugin with the debug option enabled. The output
should give you clues as to why the collector isn't working.
First, navigate to your plugins directory, usually at /usr/libexec/netdata/plugins.d/. If that's not the case on your
system, open netdata.conf and look for the setting plugins directory. Once you're in the plugin's directory, switch
to the netdata user.
You can now run the go.d.plugin to debug the collector: