What's new

Tutorial How to monitor DNS traffic in real-time

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

While I don't pretend to understand if/how unbound squares that particular circle, I do know that I can ping any device on the LAN by name, whether from another device on the LAN, from an external device by VPN or directly from the router - though all devices having manually assigned addresses could be relevant.
 
though all devices having manually assigned addresses could be relevant.
That would be the reason as manually assigned devices have their names written to the local hosts file, so DNS is not used.

If you change that Tools setting to Yes, it should fix the issue you're seeing.
 
I don't know anything about how Unbound works but by setting that Tools option to No you're telling the router's onboard services to go directly to the WAN DNS servers. So what you're seeing is expected behaviour as far as I understand your description.

Personally, I always have this option set as Yes otherwise the router cannot resolve local host names. Yes used to be the default setting until Merlin changed it a few releases back.
I'm slightly confused, as here in these 2 threads @ColinTaylor you recommend setting this option Tools - Other Settings > Wan: Use local caching DNS server as system resolver to No (i.e. default) and local hosts will use dnsmasq to resolve hostnames:

 
I'm slightly confused, as here in these 2 threads @ColinTaylor you recommend setting this option Tools - Other Settings > Wan: Use local caching DNS server as system resolver to No (i.e. default) and local hosts will use dnsmasq to resolve hostnames:

I made no such recommendation in those threads. In fact I didn't make any posts at all in that second thread. I think you're confusing me with someone else. My only suggestions in the first thread were specifically about the LAN DNS/WINS settings and the “Forward local domain..." setting. No mention of local hosts was made in either of those threads.

The default setting of No is a "safe" setting that is appropriate for most "normal" users. Once you start installing non-standard software on the router itself you have to make a judgment call as to what is the best setting for your particular environment. There is no right or wrong setting at that point.
 
Last edited:
That would be the reason as manually assigned devices have their names written to the local hosts file, so DNS is not used.

If you change that Tools setting to Yes, it should fix the issue you're seeing.
I know this is probably a stupid question, but as the problem is that Skynet cannot resolve the address of the filter files it is attempting to download to the router, why should the the local addresses be relevant? Once the files are downloaded and parsed Skynet works as intended, regardless of whether there are or are not any default (as opposed to DoT) DNS Servers defined. The problem then becomes that Skynet cannot update the filter files. This does not occur with Diversion which also needs to update its signature files.

Also, while the host file would explain pinging IPv4 addresses in the format devicename.hostname, if I exclude the hostname set in LAN LAN-IP and use just devicename ping also works for (in fact defaults to) the IPv6 addresses, which are not in etc/hosts.
 
I know this is probably a stupid question, but as the problem is that Skynet cannot resolve the address of the filter files it is attempting to download to the router, why should the the local addresses be relevant?
They're not relevant. I was merely explaining why you can resolve local host names from the router when you're not using the local DNS resolver. This has nothing to do with Skynet.
 
They're not relevant. I was merely explaining why you can resolve local host names from the router when you're not using the local DNS resolver. This has nothing to do with Skynet.
Sorry - definitely got the wrong end of the stick there.:oops:
 
I made no such recommendation in those threads. In fact I didn't make any posts at all in that second thread. I think you're confusing me with someone else. My only suggestions in the first thread were specifically about the LAN DNS/WINS settings and the “Forward local domain..." setting. No mention of local hosts was made in either of those threads.

The default setting of No is a "safe" setting that is appropriate for most "normal" users. Once you start installing non-standard software on the router itself you have to make a judgment call as to what is the best setting for your particular environment. There is no right or wrong setting at that point.
Thanks Colin. Your explanation makes sense, I just defaulted back to "No" now after removing some non-standard software.
 
Very basic question, but how do I access the menu?

If I press any of the menu keys (n/w/h/etc.) I get this at the bottom:

Enter:next line Space:next page Q:quit R:show the rest

Is there a special key combo I need to press along with the menu item?

I also noted that sometimes in the out I get:

egrep: warning: egrep is obsolescent; using grep -E
 
Very basic question, but how do I access the menu?

If I press any of the menu keys (n/w/h/etc.) I get this at the bottom:

Enter:next line Space:next page Q:quit R:show the rest

Is there a special key combo I need to press along with the menu item?

I also noted that sometimes in the out I get:

egrep: warning: egrep is obsolescent; using grep -E
This is an old script. To make it work with the current firmware I had to change three egrep statements to grep -E.

Code:
# diff /mnt/TOSHIBA2/ASUS/merlin-dns-monitor.sh ./dnsmonitor.sh
--- /mnt/TOSHIBA2/ASUS/merlin-dns-monitor.sh
+++ ./dnsmonitor.sh
@@ -1,5 +1,7 @@
 #!/bin/sh

+# Changed egrep to grep -E
+
 #          name: merlin-dns-monitor.sh
 #       version: 1.4.2, 26-apr-2022, by eibgrad
 #       purpose: monitor what dns servers are active and where routed
@@ -200,7 +202,7 @@
     [ ${sw_dupes+x} ] && _print_with_dupe_count || uniq $DATA

     # publish Do53/DoT over tcp (replied and sorted)
-    egrep '^ipv4 .* tcp .* dport=(53|853) ' /proc/net/nf_conntrack | \
+    grep -E '^ipv4 .* tcp .* dport=(53|853) ' /proc/net/nf_conntrack | \
         awk '/ASSURED/{printf "%s %-19s %-19s %-9s %-19s %s\n",
                 $3, $7, $8, $10, $11, $12}' | \
             sort > $DATA
@@ -328,7 +330,7 @@
     fi

     if echo $line | grep 'dport=53 ' | \
-            egrep -q "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
+            grep -qE "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
         # Do53 connection routed over WAN
         printf "${sev_lvl_2}$line_4disp${RS}\n"

@@ -340,7 +342,7 @@
             grep -qxF "$line" $LOG || echo "$line" >> $LOG
         fi
     elif echo $line | grep 'dport=853 ' | \
-            egrep -q "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
+            grep -qE "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
         # DoT connection routed over WAN
         printf "${sev_lvl_1}$line_4disp${RS}\n"
     else
 
This is an old script. To make it work with the current firmware I had to change three egrep statements to grep -E.

Code:
# diff /mnt/TOSHIBA2/ASUS/merlin-dns-monitor.sh ./dnsmonitor.sh
--- /mnt/TOSHIBA2/ASUS/merlin-dns-monitor.sh
+++ ./dnsmonitor.sh
@@ -1,5 +1,7 @@
 #!/bin/sh

+# Changed egrep to grep -E
+
 #          name: merlin-dns-monitor.sh
 #       version: 1.4.2, 26-apr-2022, by eibgrad
 #       purpose: monitor what dns servers are active and where routed
@@ -200,7 +202,7 @@
     [ ${sw_dupes+x} ] && _print_with_dupe_count || uniq $DATA

     # publish Do53/DoT over tcp (replied and sorted)
-    egrep '^ipv4 .* tcp .* dport=(53|853) ' /proc/net/nf_conntrack | \
+    grep -E '^ipv4 .* tcp .* dport=(53|853) ' /proc/net/nf_conntrack | \
         awk '/ASSURED/{printf "%s %-19s %-19s %-9s %-19s %s\n",
                 $3, $7, $8, $10, $11, $12}' | \
             sort > $DATA
@@ -328,7 +330,7 @@
     fi

     if echo $line | grep 'dport=53 ' | \
-            egrep -q "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
+            grep -qE "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
         # Do53 connection routed over WAN
         printf "${sev_lvl_2}$line_4disp${RS}\n"

@@ -340,7 +342,7 @@
             grep -qxF "$line" $LOG || echo "$line" >> $LOG
         fi
     elif echo $line | grep 'dport=853 ' | \
-            egrep -q "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
+            grep -qE "(src|dst)=($wan0_ip|$wan1_ip)( |$)"; then
         # DoT connection routed over WAN
         printf "${sev_lvl_1}$line_4disp${RS}\n"
     else
Thanks much! That worked and I am also able to access the menu now.
 
There are several ways to skin that cat. Could do what was shown; could prepend the full path to the (each) called executable (/usr/bin/egrep - or whatever it actually is if not that, thus totally bypassing use of $PATH); could more simply add the one line "alias egrep=/usr/bin/egrep"; or MOST APPROPRIATELY the developers of whatever addons cause this grief by altering "system-wide" defaults should instead use full-path calls or only alter PATH /within/ their scripts.

There was an (early) code example shown with a function declared in the
script, then only used one time thereafter. I've never understood such muddying of scripts. Don't know yet what this script looks like otherwise...
 
Was on my way out the door on that post. Am now back. I see I should've declared that over the past day or so, when able, I've just read through this thread for the first time. I like the look of what's going on here, intend to fetch the script for perusal, and think maybe creating and using a named pipe might be even better than using (was it?) "screen" (which may well just create a named pipe...).

Hope the OP is yet "with us" and doing well.
 
Hope the OP is yet "with us" and doing well.
Our OP hasn't been with us for quite some time. He was an amazing source of knowledge and experience, and had excellent offline conversations with him. He is missed.
 
Our OP hasn't been with us for quite some time. He was an amazing source of knowledge and experience, and had excellent offline conversations with him. He is missed.
And his scripts were a pleasure to read and learn from.

Highly recommended reading for any new shell script developer.
 
When I use this script it doesn't like the use of egrep and replaces it with grep -E. To remove the lines with the notice I just edit it and change the 3 instances where egrep is used. Thought I'd give you a heads up. Thanks.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top