Jack Yaz
Part of the Furniture
I can see that you've declined to reference where the approach to block YT ads came from in the script itself. Oversight?
Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)
- Thread starter Martineau
- Start date
juched
Very Senior Member
Good point. Will do that. Thanks.
tomsk
Very Senior Member
I understand that your script creates a list of domains and loads them as local data...... but i don't understand how unbound knows to block them. For the ad blocking you have a local zone and for each match you tell what to do with it e.g
Code:
local-zone: "017gj.com" always_nxdomain
local-zone: "01apple.com" always_nxdomain
local-zone: "01mspmd5yalky8.com" always_nxdomaincare to explain in simple terms? just trying to understand the mechanism ....... thanks
joe scian
Very Senior Member
Martineau
I disabled Diversion and installed Adblock. When I choose the option below I get the following-
I disabled Diversion and installed Adblock. When I choose the option below I get the following-
Code:
A:Option ==> dnsmasq disable
If you currently use or rely on dnsmasq features such as Diversion/x3mRouting etc., then re-consider.
Do you still want to DISABLE dnsmasq?
Reply 'y' or press [Enter] to skip
y
17:42:36 Configuring unbound to be the primary DNS for ALL LAN Clients.....
17:42:36 Converting dnsmasq local hosts to 'unbound'.....
17:42:36 Checking 'include: unbound.conf.localhosts' .....
Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui" to '/opt/var/lib/unbound/unbound.conf'
Adding 'include: "/opt/share/unbound/configs/unbound.conf.localhosts" to '/opt/var/lib/unbound/unbound.conf'
17:42:36 Restarting dnsmasq
Done.
17:42:38 Checking 'unbound.conf' for syntax errors.....
17:42:39 Saving unbound cache to '/opt/share/unbound/configs/cache.txt'
17:42:41 Requesting unbound (S61unbound) restart.....
Shutting down unbound... done.
Starting unbound... done.
17:42:44 Checking status, please wait.....
***ERROR unbound went AWOL after 1 seconds.....
Try option 'debug' and check for unbound.conf or runtime errors!tomsk
Very Senior Member
Did you disable diversion manually before you disabled dnsmasq? I had ad blocking through dnsmasq enabled before i started and i got a warning telling me diversion was in use... i don't see that in your post
Code:
:Option ==> dnsmasq disable
If you currently use or rely on dnsmasq features such as Diversion/x3mRouting etc., then re-consider.
Warning Diversion is ACTIVE (You can switch to Ad Block)
Do you still want to DISABLE dnsmasq?
Reply 'y' or press [Enter] to skip
Last edited:
joe scian
Very Senior Member
Yes disabled manually before disabling dnsmasq
Martineau
Part of the Furniture
I've uploaded v3.11Beta on GitHub dev branch for those that want to try it
Code:
e = Exit Script [?]
A:Option ==> uf dev
A:Option ==> adblockHaving visited YouTube, rather than wait 5 mins ('cos you are too excited!
), you can force the scanning.....
Code:
A:Option ==> adblock update
Updating Ads and Tracker Blocking.....
_____ _ _ _ _
| _ |_| | |_| |___ ___| |_
| | . | . | | . | _| '_|
|__|__|___|___|_|___|___|_,_|
(gen_adblock.sh): 32637 @juched - v1.0.6 - Thanks to @SomeWhereOverTheRainBow
Removing possible temporary files..
Downloading list(s) from block site(s) configured...
Attempting to Download 1 of 3 from https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts.
######################################################################## 100.0%
Attempting to Download 4 of 3 from https://raw.githubusercontent.com/llacb47/mischosts/master/tiktok-hosts.
######################################################################## 100.0%
Attempting to Download 7 of 3 from https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hacked-domains.list.
######################################################################## 100.0%
Downloading list(s) from allow site(s) configured...
Adding user requested hosts to list...
Removing user requested hosts from list...
Removing required hosts from list...
Removing unnecessary formatting from the domain list...
Generating Unbound adservers file...
(gen_adblock.sh): 32637 Number of adblocked hosts: 63968
Generating Unbound unload/load lists...
Loading/Unload Unbound local-zones to take effect...
removed 63968 zones
added 63968 zones
Removing temporary files...
Adblock update complete!
Updating YouTube Video Ad Blocking.....
Y88b d88P 88888888888 d8888 888 888888b. 888 888
Y88b d88P 888 d88888 888 888 "88b 888 888
Y88o88P 888 d88P888 888 888 .88P 888 888
Y888P 888 d88P 888 .d88888 8888888K. 888 .d88b. .d8888b 888 888
888 888 d88P 888 d88" 888 888 "Y88b 888 d88""88b d88P" 888 .88P
888 888 d88P 888 888 888 888 888 888 888 888 888 888888K
888 888 d8888888888 Y88b 888 888 d88P 888 Y88..88P Y88b. 888 "88b
888 888 d88P 888 "Y88888 8888888P" 888 "Y88P" "Y8888P 888 888
## by @juched - dynamically block YT ads - v1.0
gen_ytadblock.sh
Forcing to use YT IP
Generating Unbound yt adblock list...
(gen_ytadblock.sh): 388 Number of yt adblocked domains: 4
Loading/Unload Unbound local-data to take effect...
added 4 datas
All done updating YT hosts!
Last edited:
tomsk
Very Senior Member
Theres no need to do that... the script will automagically detect diversion is running and shut it down and then set up adblocking in unbound for you
Martineau
Part of the Furniture
Can you update to v3.11beta
Code:
e = Exit Script [?]
A:Option ==> uf dev
Code:
e = Exit Script [?]
A:Option ==> debugtesting ...
Martineau
Part of the Furniture
Indeed...unlike some I will remain quietly modest!
FYI, I assume you are still happy with bypassing dnsmasq, but I wonder if you have rebooted?.
Anyway, if you have time, could you download v3.11beta
Code:
e = Exit Script [?]
A:Option ==> uf dev
Code:
e = Exit Script [?]
A:Option ==> i s61unboundWhen convenient, could you then reboot, and see if unbound remains as the Primary DNS bypassing dnsmasq.
NOTE: There should be 'bypass dnsmasq' messages in Sylog to try and identify the timing and the pesky watch-dog jumping in being "helpful"
Last edited:
Indeed...unlike some I will remain quietly modest!
FYI, I assume you are still happy with bypassing dnsmasq, but I wonder if you have rebooted?.
Anyway, if you have time, could you download v3.11beta
and issueCode:e = Exit Script [?] A:Option ==> uf dev
Code:e = Exit Script [?] A:Option ==> i s61unbound
When convenient, could you then reboot, and see if unbound remains as the Primary DNS bypassing dnsmasq.
NOTE: There should by 'bypass' messages in Sylog to try and identify the timing and the pesky watch-dog
in my case after update to latest alpha, unboud stays primary - at this time i was using v3.10
tomsk
Very Senior Member
Yes im very happy with the way the manager behaves... unlike poor @joe scian i haven't had one failure of unbound to start... i tried to bypass with Diversion already disabled through its own (a) command, but unbound still came up ok. I noticed on enabling the dnsmasq again there was some mention that diversion was enabled , which of course isn't true. I notice that when adblocking is disabled through the diversion menu that the start and end of diversion directives are still there in the dnsmasq.conf .... so testing for them as a method of seeing if diversion is active is flawed... maybe you can test for the start or end of diversion directives plus test for the add-hosts as well?Indeed...unlike some I will remain quietly modest!
FYI, I assume you are still happy with bypassing dnsmasq, but I wonder if you have rebooted?.
Anyway, if you have time, could you download v3.11beta
and issueCode:e = Exit Script [?] A:Option ==> uf dev
Code:e = Exit Script [?] A:Option ==> i s61unbound
When convenient, could you then reboot, and see if unbound remains as the Primary DNS bypassing dnsmasq.
NOTE: There should by 'bypass' messages in Sylog to try and identify the timing and the pesky watch-dog
I'll download the 3.11 beta this afternoon and see if it survives the reboot.... thanks for the hard work.
Martineau
Part of the Furniture
Thanks for the feedback.
As I stated earlier, I still have reservations about fully automating the Ad Block/Diversion switch, but clearly 'unbound_manager' has to guess if some Ad blocking is a MUST.
joe scian
Very Senior Member
Martineau
with Ver 3.11 beta
Code:
A:Option ==> debug
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5481/portmap
tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN 244/wanduck
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 13062/vsftpd
tcp 0 0 0.0.0.0:3394 0.0.0.0:* LISTEN 1130/u2ec
tcp 0 0 0.0.0.0:3702 0.0.0.0:* LISTEN 12741/wsdd2
tcp 0 0 0.0.0.0:40939 0.0.0.0:* LISTEN 12762/statd
tcp 0 0 0.0.0.0:45071 0.0.0.0:* LISTEN 12800/mountd
tcp 0 0 0.0.0.0:54131 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5473 0.0.0.0:* LISTEN 1130/u2ec
tcp 0 0 0.0.0.0:6800 0.0.0.0:* LISTEN 4649/aria2c
tcp 0 0 0.0.0.0:7788 0.0.0.0:* LISTEN 440/cfg_server
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 4605/lighttpd
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN 13498/minidlna
tcp 0 0 10.16.0.1:53 0.0.0.0:* LISTEN 21727/dnsmasq
tcp 0 0 10.8.0.1:53 0.0.0.0:* LISTEN 21727/dnsmasq
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 21727/dnsmasq
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 358/httpd
tcp 0 0 127.0.0.1:8443 0.0.0.0:* LISTEN 357/httpds
tcp 0 0 192.168.2.240:139 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 192.168.2.240:22 0.0.0.0:* LISTEN 298/dropbear
tcp 0 0 192.168.2.240:3838 0.0.0.0:* LISTEN 1135/lpd
tcp 0 0 192.168.2.240:445 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 192.168.2.240:515 0.0.0.0:* LISTEN 1135/lpd
tcp 0 0 192.168.2.240:53 0.0.0.0:* LISTEN 21727/dnsmasq
tcp 0 0 192.168.2.240:80 0.0.0.0:* LISTEN 358/httpd
tcp 0 0 192.168.2.240:8443 0.0.0.0:* LISTEN 357/httpds
tcp 0 0 192.168.2.240:9100 0.0.0.0:* LISTEN 1135/lpd
tcp 0 0 192.168.2.2:443 0.0.0.0:* LISTEN 24261/pixelserv-tls
tcp 0 0 192.168.2.2:80 0.0.0.0:* LISTEN 24261/pixelserv-tls
tcp 0 0 192.168.3.240:53 0.0.0.0:* LISTEN 21727/dnsmasq
tcp 0 0 :::1193 :::* LISTEN 1900/vpnserver1
[1588929785] unbound[22003:0] notice: Start of unbound 1.10.0.
May 08 09:23:05 unbound[22003:0] error: can't bind socket: Address already in use for 127.0.0.1 port 53
May 08 09:23:05 unbound[22003:0] fatal error: could not open portsserver: unbound.conf after executing dnsmasq disable
Code:
server:
##@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53 # v1.08 If 53 (Requires 'port=0' in '/etc/dnsmasq.conf') to answer queries direct from LAN clients
interface: 127.0.0.1
interface: 192.168.2.240 # v1.01 as per @dave14305 minimal config
#port: 53 #NOdnsmasq # v1.08 https://www.snbforums.com/threads/unbound-gui-stats-including-top-blocked-top-replies-todays-replies.63188/
#interface: 0.0.0.0
interface: 127.0.0.1@53
#access-control: 0.0.0.0/0 allowcontents of dnsmasq.conf.add - after execution and subsequent fail
Code:
port=0 # unbound_manager
dhcp-option=lan,6,192.168.2.240 # unbound_manager
Last edited:
Martineau
Part of the Furniture
Can you please try
Code:
e = Exit Script [?]
A:Option ==> i s61unbound
Updating S61unbound
S61unbound downloaded successfully
Code:
e = Exit Script [?]
A:Option ==> rsjoe scian
Very Senior Member
Martineau
still a problem however i think its related to trying to assign interface to 192.168.2.1 instead of 192.168.2.240?
Code:
A:Option ==> debug
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5481/portmap
tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN 244/wanduck
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 13062/vsftpd
tcp 0 0 0.0.0.0:3394 0.0.0.0:* LISTEN 1130/u2ec
tcp 0 0 0.0.0.0:3702 0.0.0.0:* LISTEN 12741/wsdd2
tcp 0 0 0.0.0.0:40939 0.0.0.0:* LISTEN 12762/statd
tcp 0 0 0.0.0.0:45071 0.0.0.0:* LISTEN 12800/mountd
tcp 0 0 0.0.0.0:54131 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5473 0.0.0.0:* LISTEN 1130/u2ec
tcp 0 0 0.0.0.0:6800 0.0.0.0:* LISTEN 4649/aria2c
tcp 0 0 0.0.0.0:7788 0.0.0.0:* LISTEN 440/cfg_server
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 4605/lighttpd
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN 13498/minidlna
tcp 0 0 10.16.0.1:53 0.0.0.0:* LISTEN 23551/dnsmasq
tcp 0 0 10.8.0.1:53 0.0.0.0:* LISTEN 23551/dnsmasq
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 23551/dnsmasq
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 358/httpd
tcp 0 0 127.0.0.1:8443 0.0.0.0:* LISTEN 357/httpds
tcp 0 0 192.168.2.240:139 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 192.168.2.240:22 0.0.0.0:* LISTEN 298/dropbear
tcp 0 0 192.168.2.240:3838 0.0.0.0:* LISTEN 1135/lpd
tcp 0 0 192.168.2.240:445 0.0.0.0:* LISTEN 12704/smbd
tcp 0 0 192.168.2.240:515 0.0.0.0:* LISTEN 1135/lpd
tcp 0 0 192.168.2.240:53 0.0.0.0:* LISTEN 23551/dnsmasq
tcp 0 0 192.168.2.240:80 0.0.0.0:* LISTEN 358/httpd
tcp 0 0 192.168.2.240:8443 0.0.0.0:* LISTEN 357/httpds
tcp 0 0 192.168.2.240:9100 0.0.0.0:* LISTEN 1135/lpd
tcp 0 0 192.168.2.2:443 0.0.0.0:* LISTEN 24261/pixelserv-tls
tcp 0 0 192.168.2.2:80 0.0.0.0:* LISTEN 24261/pixelserv-tls
tcp 0 0 192.168.3.240:53 0.0.0.0:* LISTEN 23551/dnsmasq
tcp 0 0 :::1193 :::* LISTEN 1900/vpnserver1
[1588931873] unbound[23756:0] notice: Start of unbound 1.10.0.
May 08 09:57:53 unbound[23756:0] error: can't bind socket: Cannot assign requested address for 192.168.2.1 port 53
May 08 09:57:53 unbound[23756:0] fatal error: could not open portsMy unbound.conf server after running dnsmasq disable
Code:
server:
##@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53 # v1.08 If 53 (Requires 'port=0' in '/etc/dnsmasq.conf') to answer queries direct from LAN clients
interface: 192.168.2.1 # v1.01 as per @dave14305 minimal config
#port: 53 #NOdnsmasq # v1.08 https://www.snbforums.com/threads/unbound-gui-stats-including-top-blocked-top-replies-todays-replies.63188/
#interface: 0.0.0.0
interface: 127.0.0.1@53
#access-control: 0.0.0.0/0 allowbut 192.168.2.240:53 is already in use as is 127.0.0.1:53 ?
Last edited:
tomsk
Very Senior Member
V3.11b installed and system rebooted.... Unbound up as primary DNSIndeed...unlike some I will remain quietly modest!
FYI, I assume you are still happy with bypassing dnsmasq, but I wonder if you have rebooted?.
Anyway, if you have time, could you download v3.11beta
and issueCode:e = Exit Script [?] A:Option ==> uf dev
Code:e = Exit Script [?] A:Option ==> i s61unbound
When convenient, could you then reboot, and see if unbound remains as the Primary DNS bypassing dnsmasq.
NOTE: There should be 'bypass dnsmasq' messages in Sylog to try and identify the timing and the pesky watch-dog jumping in being "helpful"
I don't get what Martineau is saying.
What does that mean, and what are the pros/cons of this?
Martineau
Part of the Furniture
Can you check
Code:
grep -A1 "port=0" /jffs/configs/dnsmasq.conf.add /etc/dnsmasq.conf
Code:
##@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53 # v1.08 If 53 (Requires 'port=0' in '/etc/dnsmasq.conf') to answer queries direct from LAN clients
interface: 192.168.2.1 # v1.01 as per @dave14305 minimal config
#port: 53 #NOdnsmasq # v1.08 https://www.snbforums.com/threads/unbound-gui-stats-including-top-blocked-top-replies-todays-replies.63188/
#interface: 0.0.0.0
interface: 127.0.0.1@53
#access-control: 0.0.0.0/0 allow <<=== this should match the subnet for the 'interface: 192.168.2.1 above i.e. 192.168.1.0/24
Code:
nvram get lan_ipaddr_rtEDIT: I've uploaded a Hotfix v3.11Beta 2 to correct 192.168.2.1-->192.168.2.240 ??
Code:
A:Option ==> uf dev
unbound_manager.sh downloaded successfully Github 'dev/development' branch
unbound Manager UPDATE Complete! 6126e734d0ea5c65965cbae5a221f322
Last edited:
Similar threads
Similar threads
Similar threads
-
Unbound Force all DNS requests through Unbound using iptables?- Started by muffintastic
- Replies: 14
-
-
-
-
-
-
Is it possible to use nord dns with unbound or any way to add it?- Started by Jack-Sparr0w
- Replies: 9
-
-
Unbound Use unbound/router as default DNS server
- Started by BeachGuy
- Replies: 2
-
Latest threads
-
-
Release ASUS ZenWiFi Pro ET12 Firmware version 3.0.0.4.З88_24610 (2024/11/08)- Started by rudoyeugene
- Replies: 0
-
Release ASUS GT-AX11000 Pro Firmware version 3.0.0.6.102_34735 (2024/11/07)
- Started by fruitcornbread
- Replies: 0
-
Release ASUS RT-AX59U Firmware version 3.0.0.4.388_33404 (2024/11/07)
- Started by fruitcornbread
- Replies: 0
-
New router for good price - Best firmware for stability, security and privacy?
- Started by SysXpl
- Replies: 2
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!