Skip to content

letsencrypt/unbound_exporter

3 Branches10 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

dependabot[bot]dependabot[bot]
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#79)
Feb 11, 2025
39672d0 · Feb 11, 2025

History

58 Commits
.github
.github
Feb 11, 2025
contrib
contrib
Feb 22, 2023
.gitignore
.gitignore
Oct 19, 2017
Dockerfile
Dockerfile
Nov 17, 2023
LICENSE
LICENSE
Jan 9, 2017
README.md
README.md
Nov 14, 2023
docker-compose.yml
docker-compose.yml
Jan 8, 2024
droplist.zone
droplist.zone
Jan 8, 2024
go.mod
go.mod
Feb 11, 2025
go.sum
go.sum
Feb 11, 2025
integration_test.go
integration_test.go
Jan 30, 2024
nfpm.yaml
nfpm.yaml
Apr 22, 2022
unbound-example.conf
unbound-example.conf
Jan 8, 2024
unbound_exporter.go
unbound_exporter.go
Jan 30, 2024
unbound_exporter_test.go
unbound_exporter_test.go
Nov 17, 2021

Repository files navigation

Prometheus Unbound exporter

This repository provides code for a simple Prometheus metrics exporter for the Unbound DNS resolver. This exporter connects to Unbounds TLS control socket and sends the stats_noreset command, causing Unbound to return metrics as key-value pairs. The metrics exporter converts Unbound metric names to Prometheus metric names and labels by using a set of regular expressions.

Prerequisites

Go 1.20 or above is required.

Installation

go install github.com/letsencrypt/unbound_exporter@latest

This will install the binary in $GOBIN, or $HOME/go/bin if $GOBIN is unset.

Updating dependencies

go get -u
go mod tidy

Usage - Unix socket

The simplest way to run unbound_exporter is on the same machine as your Unbound instance, connecting via a Unix socket. First, make sure you have this in your unbound.conf:

remote-control:
  control-enable: yes
  control-interface: /run/unbound.ctl

Then, arrange to run this on the same machine:

unbound_exporter -unbound.ca "" -unbound.cert "" -unbound.host "unix:///run/unbound.ctl"

Metrics will be exported under /metrics, on port 9167, on all interfaces.

$ curl 127.0.0.1:9167/metrics | grep '^unbound_up'
unbound_up 1

Usage - TLS

The more complicated way to run unbound_exporter is to configure unbound's control-interface with a TLS certificate from a private CA, and run unbound_exporter on a separate host. This is more of a hassle because you have to keep the certificate up to date and distribute the private CA to the host that unbound_exporter runs on.

See https://unbound.docs.nlnetlabs.nl/en/latest/getting-started/configuration.html#set-up-remote-control for instructions on setting up the certificates and keys for remote-control via TLS. On the unbound_exporter side you will need to set the -unbound.ca, -unbound.cert, and -unbound.key flags to point to valid files that will trust the Unbound server's certificate and be trusted by Unbound in return.

Extended statistics

From the Unbound statistics doc: Unbound has an option to enable extended statistics collection. If enabled, more statistics are collected, for example what types of queries are sent to the resolver. Otherwise, only the total number of queries is collected. Add the following to your unbound.conf.

server:
    extended-statistics: yes

About

A Prometheus exporter for Unbound.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

195 stars

Watchers

16 watching

Forks

87 forks
Report repository

Releases 7

v0.4.6 Latest
Feb 7, 2024
+ 6 releases

Packages

No packages published

Contributors 21

+ 7 contributors

Languages