ContextQMD
Back to Netdata

Unbound

src/go/plugin/go.d/collector/unbound/README.md

2.10.311.3 KB
Original Source
<!--startmeta custom_edit_url: "https://github.com/netdata/netdata/edit/master/src/go/plugin/go.d/collector/unbound/README.md" meta_yaml: "https://github.com/netdata/netdata/edit/master/src/go/plugin/go.d/collector/unbound/metadata.yaml" sidebar_label: "Unbound" learn_status: "Published" learn_rel_path: "Collecting Metrics/Collectors/Networking" keywords: ['unbound', 'dns'] message: "DO NOT EDIT THIS FILE DIRECTLY, IT IS GENERATED BY THE COLLECTOR'S metadata.yaml FILE" endmeta-->

Unbound

Plugin: go.d.plugin Module: unbound

Overview

This collector monitors Unbound servers.

This collector is supported on all platforms.

This collector supports collecting metrics from multiple instances of this integration, including remote instances.

Default Behavior

Auto-Detection

This integration doesn't support auto-detection.

Limits

The default configuration for this integration does not impose any limits on data collection.

Performance Impact

The default configuration for this integration is not expected to impose a significant performance impact on the system.

Setup

You can configure the unbound collector in two ways:

MethodBest forHow to
UIFast setup without editing filesGo to Nodes → Configure this node → Collectors → Jobs, search for unbound, then click + to add a job.
FileIf you prefer configuring via file, or need to automate deployments (e.g., with Ansible)Edit go.d/unbound.conf and add a job.

:::important

UI configuration requires paid Netdata Cloud plan.

:::

Prerequisites

Enable remote control interface

Set control-enable to yes in unbound.conf.

Check permissions and adjust if necessary

If using unix socket:

  • socket should be readable and writeable by netdata user

If using ip socket and TLS is disabled:

  • socket should be accessible via network

If TLS is enabled, in addition:

  • control-key-file should be readable by netdata user
  • control-cert-file should be readable by netdata user

For auto-detection parameters from unbound.conf:

  • unbound.conf should be readable by netdata user
  • if you have several configuration files (include feature) all of them should be readable by netdata user

Configuration

Options

The following options can be defined globally: update_every, autodetection_retry.

<details open><summary>Config options</summary>
GroupOptionDescriptionDefaultRequired
Collectionupdate_everyData collection frequency.5no
autodetection_retryRecheck interval in seconds. Zero means no recheck will be scheduled.0no
TargetaddressServer address in IP:PORT format.127.0.0.1:8953yes
timeoutConnection/read/write/SSL handshake timeout.1no
conf_pathAbsolute path to the Unbound configuration file. Used to adjust behavior based on the remote-control section./etc/unbound/unbound.confno
Customizationcumulative_statsStatistics collection mode. Should match the statistics-cumulative parameter in the Unbound configuration file.nono
TLSuse_tlsWhether to use TLS or not.yesno
tls_skip_verifyServer certificate chain and hostname validation policy. Controls whether the client performs this check.yesno
tls_caCertificate authority that the client uses when verifying server certificates.no
tls_certClient TLS certificate./etc/unbound/unbound_control.pemno
tls_keyClient TLS key./etc/unbound/unbound_control.keyno
</details>

via UI

Configure the unbound collector from the Netdata web interface:

  1. Go to Nodes.
  2. Select the node where you want the unbound data-collection job to run and click the :gear: (Configure this node). That node will run the data collection.
  3. The Collectors → Jobs view opens by default.
  4. In the Search box, type unbound (or scroll the list) to locate the unbound collector.
  5. Click the + next to the unbound collector to add a new job.
  6. Fill in the job fields, then click Test to verify the configuration and Submit to save.
    • Test runs the job with the provided settings and shows whether data can be collected.
    • If it fails, an error message appears with details (for example, connection refused, timeout, or command execution errors), so you can adjust and retest.

via File

The configuration file name for this integration is go.d/unbound.conf.

The file format is YAML. Generally, the structure is:

yaml
update_every: 1
autodetection_retry: 0
jobs:
  - name: some_name1
  - name: some_name2

You can edit the configuration file using the edit-config script from the Netdata config directory.

bash
cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
sudo ./edit-config go.d/unbound.conf
Examples
Basic

An example configuration.

<details open><summary>Config</summary>
yaml
jobs:
  - name: local
    address: 127.0.0.1:8953
</details>
Unix socket

Connecting through Unix socket.

<details open><summary>Config</summary>
yaml
jobs:
  - name: socket
    address: /var/run/unbound.sock
</details>
Multi-instance

Note: When you define multiple jobs, their names must be unique.

Local and remote instances.

<details open><summary>Config</summary>
yaml
jobs:
  - name: local
    address: 127.0.0.1:8953

  - name: remote
    address: 203.0.113.11:8953
</details>

Alerts

There are no alerts configured by default for this integration.

Metrics

Metrics grouped by scope.

The scope defines the instance that the metric belongs to. An instance is uniquely identified by a set of labels.

Per Unbound instance

These metrics refer to the entire monitored application.

This scope has no labels.

Metrics:

MetricDimensionsUnit
unbound.queriesqueriesqueries
unbound.queries_ip_ratelimitedratelimitedqueries
unbound.dnscrypt_queriescrypted, cert, cleartext, malformedqueries
unbound.cachehits, missevents
unbound.cache_percentagehits, misspercentage
unbound.prefetchprefetchesprefetches
unbound.expiredexpiredreplies
unbound.zero_ttl_replieszero_ttlreplies
unbound.recursive_repliesrecursivereplies
unbound.recursion_timeavg, medianmilliseconds
unbound.request_list_usageavg, maxqueries
unbound.current_request_list_usageall, usersqueries
unbound.request_list_jostle_listoverwritten, droppedqueries
unbound.tcpusageusagebuffers
unbound.uptimetimeseconds
unbound.cache_memorymessage, rrset, dnscrypt_nonce, dnscrypt_shared_secretKB
unbound.mod_memoryiterator, respip, validator, subnet, ipsecKB
unbound.mem_streamwaitstreamwaitKB
unbound.cache_countinfra, key, msg, rrset, dnscrypt_nonce, shared_secretitems
unbound.type_queriesa dimension per query typequeries
unbound.class_queriesa dimension per query classqueries
unbound.opcode_queriesa dimension per query opcodequeries
unbound.flag_queriesqr, aa, tc, rd, ra, z, ad, cdqueries
unbound.rcode_answersa dimension per reply rcodereplies

Per thread

These metrics refer to threads.

This scope has no labels.

Metrics:

MetricDimensionsUnit
unbound.thread_queriesqueriesqueries
unbound.thread_queries_ip_ratelimitedratelimitedqueries
unbound.thread_dnscrypt_queriescrypted, cert, cleartext, malformedqueries
unbound.thread_cachehits, missevents
unbound.thread_cache_percentagehits, misspercentage
unbound.thread_prefetchprefetchesprefetches
unbound.thread_expiredexpiredreplies
unbound.thread_zero_ttl_replieszero_ttlreplies
unbound.thread_recursive_repliesrecursivereplies
unbound.thread_recursion_timeavg, medianmilliseconds
unbound.thread_request_list_usageavg, maxqueries
unbound.thread_current_request_list_usageall, usersqueries
unbound.thread_request_list_jostle_listoverwritten, droppedqueries
unbound.thread_tcpusageusagebuffers

Troubleshooting

Debug Mode

Important: Debug mode is not supported for data collection jobs created via the UI using the Dyncfg feature.

To troubleshoot issues with the unbound collector, run the go.d.plugin with the debug option enabled. The output should give you clues as to why the collector isn't working.

  • Navigate to the plugins.d directory, usually at /usr/libexec/netdata/plugins.d/. If that's not the case on your system, open netdata.conf and look for the plugins setting under [directories].

    bash
    cd /usr/libexec/netdata/plugins.d/

  • Switch to the netdata user.

    bash
    sudo -u netdata -s

  • Run the go.d.plugin to debug the collector:

    bash
    ./go.d.plugin -d -m unbound

    To debug a specific job:

    bash
    ./go.d.plugin -d -m unbound -j jobName

Getting Logs

If you're encountering problems with the unbound collector, follow these steps to retrieve logs and identify potential issues:

  • Run the command specific to your system (systemd, non-systemd, or Docker container).
  • Examine the output for any warnings or error messages that might indicate issues. These messages should provide clues about the root cause of the problem.

System with systemd

Use the following command to view logs generated since the last Netdata service restart:

bash
journalctl _SYSTEMD_INVOCATION_ID="$(systemctl show --value --property=InvocationID netdata)" --namespace=netdata --grep unbound

System without systemd

Locate the collector log file, typically at /var/log/netdata/collector.log, and use grep to filter for collector's name:

bash
grep unbound /var/log/netdata/collector.log

Note: This method shows logs from all restarts. Focus on the latest entries for troubleshooting current issues.

Docker Container

If your Netdata runs in a Docker container named "netdata" (replace if different), use this command:

bash
docker logs netdata 2>&1 | grep unbound