Unbound - RemoteControl

How to Enable Remote Control for Unbound

Setup Remote Control

doas unbound-control-setup

$ doas unbound-control-setup
setup in directory /var/unbound/etc
Generating RSA private key, 3072 bit long modulus
..................................++++
..................................++++
e is 010001 (0x65537)
Generating RSA private key, 3072 bit long modulus
........................................++++
........................................++++
e is 010001 (0x65537)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
removing artifacts
Setup success. Certificates created. Enable in unbound.conf file to use

Enable in unbound.conf

/var/unbound/etc/unbound.conf

# add this
remote-control:
  # enable remote-control
  control-enable: yes

# existing config ...
server:
    interface: 0.0.0.0
    interface: ::0
...

restart service

doas rcctl restart unbound

get stats

openbsd-box $ doas unbound-control stats |head
thread0.num.queries=142
thread0.num.queries_ip_ratelimited=0
thread0.num.cachehits=34
thread0.num.cachemiss=108
thread0.num.prefetch=0
thread0.num.expired=0
thread0.num.recursivereplies=108
thread0.requestlist.avg=0.657407
thread0.requestlist.max=4
thread0.requestlist.overwritten=0

flush cache

doas unbound-control flush_zone .

openbsd-box $ doas unbound-control flush_zone .
ok removed 42 rrsets, 39 messages and 0 key entries

sha256: 009b3e71d85f4c0c86f00e9725657fd0afb25280a4a8f3001c925f08dfde3ed4