Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Slawek P]

Hi, I have seen that Suricata have been your next pet project. Would you care to share more details?

Is this the yaml you use? https://github.com/rgnldo/knot-resolver-suricata/blob/master/suricata.yaml
Lots of magic numbers...

 

[rgnldo]

Hi, I have seen that Suricata have been your next pet project. Would you care to share more details?

In the urlhaus.abuse project there are rules for Suricata (https://urlhaus.abuse.ch/downloads/ids/). It is more efficient for this purpose, since it will not depend on the DNS.
Search the forum for my post on Suricata.

 

[Martineau]

Sorry, I can't replicate this.

So without rebooting, does the alert still appear, or does the alert only reappear after a reboot?

Yeah. I tick the option on the router and before and after reboot o have the same outcome... outbound says is not enabled. Tried already on all 3 routers that I have ...

Which routers/firmware?

I assume we are talking about the same setting?

Click the 'Full Screen icon' on the bottom Right corner before playing the video!
https://vimeo.com/422203527​

 

[ugandy]

i think my unbound entry in crontab to update stats is gone. what should it look like?
i did a "i" install but it's still missing
thanks

 

[Martineau]

i think my unbound entry in crontab to update stats is gone. what should it look like?
i did a "i" install but it's still missing
thanks

'i' doesn't create the cron (first two) rules for the stats, you need 'sgui'

s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats

59 * * * * /jffs/addons/unbound/unbound_stats.sh generate #Unbound_Stats.sh#
57 * * * * /jffs/addons/unbound/unbound_log.sh #Unbound_Log.sh#


12 4 * * * curl -o /opt/var/lib/unbound/root.hints https://www.internic.net/domain/named.cache #root_servers#
0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh #adblock#
*/5 * * * * /opt/var/lib/unbound/adblock/gen_ytadblock.sh #ytadblock#
*/15 * * * * /jffs/addons/unbound/unbound_rpz.sh download #Unbound_RPZ.sh#
1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

 

[Chris0815]

12 4 * * * curl -o /opt/var/lib/unbound/root.hints https://www.internic.net/domain/named.cache #root_servers#

Is this something that is installed automatically with unbound or something special? Never seen this before...

 

[Chris0815]

s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats

Now I am lost... I am currently running version 3.16, and this is how it looks like here:

s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user3.asp)

 

[Martineau]

Now I am lost... I am currently running version 3.16, and this is how it looks like here:

s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user3.asp)

The first shows the option menu description BEFORE you enabled the StatisticsGUI, and the second shows the actual installed Statistics GUI URL

 

[Martineau]

Is this something that is installed automatically with unbound or something special? Never seen this before...

Without it unbound should still work, as unbound itself contains a basic 'boot-strap' static list.

e.g. Last update: April 29, 2020 see the listed live 13 Root Servers A-M

Actually daily cron is overkill, as probably monthly or even quarterly is more appropriate...but let's not go there.

 

[Chris0815]

Without it unbound should still work

For sure, it does - just thought I missed something... - Thanks!

 

[tomsk]

Without it unbound should still work, as unbound itself contains a basic 'boot-strap' static list.

e.g. Last update: April 29, 2020 see the listed live 13 Root Servers A-M

Actually daily cron is overkill, as probably monthly or even quarterly is more appropriate...but let's not go there.

Talking of cron jobs.... something seems to have gone awry.... my menu says DNS firewall, YT blocking etc are active but the cron jobs seem to have disappeared...

    [✔] unbound Logging
    [✔] Ad and Tracker Blocking (No. of Adblock domains=84191,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED
    [✔] DNS Firewall ENABLED
    [✔] Unbound is the Primary DNS for ALL LAN Clients (dnsmaq DNS features DISABLED e.g. IPSET auto-populate)
    [✔] YouTube Ad Blocking (Forcing to use YT IP 74.125.167.166, No. of YouTube Video Ad domains=87)

tOmsK@RT-AC68U-4690:/tmp/home/root# cru l
0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh #adblock#
1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

 

[Martineau]

Talking of cron jobs.... something seems to have gone awry.... my menu says DNS firewall, YT blocking etc are active but the cron jobs seem to have disappeared...

    [✔] unbound Logging
    [✔] Ad and Tracker Blocking (No. of Adblock domains=84191,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED
    [✔] DNS Firewall ENABLED
    [✔] Unbound is the Primary DNS for ALL LAN Clients (dnsmaq DNS features DISABLED e.g. IPSET auto-populate)
    [✔] YouTube Ad Blocking (Forcing to use YT IP 74.125.167.166, No. of YouTube Video Ad domains=87)

tOmsK@RT-AC68U-4690:/tmp/home/root# cru l
0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh #adblock#
1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

Are they recreated if you rerun DNS Firewall/YT Video Blocking etc.?

 

[tomsk]

Are they recreated if you rerun DNS Firewall/YT Video Blocking etc.?

I was going to do that but i just wanted to do any debugging before i wiped out any potential evidence.... i'll let you know.. i can't see why it wouldn't work.

 

[ugandy]

after re installing, with firewall enabled, this is the only entry:
1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

after disabling/enabling firewall, i now have this one too:
*/15 * * * * /jffs/addons/unbound/unbound_rpz.sh download #Unbound_RPZ.sh#

i imagine the root servers update should have been there too, no?

not sure how it disappeared but I've manually re created it.

all needed entries are now in the cron list:

*/15 * * * * /jffs/addons/unbound/unbound_rpz.sh download #Unbound_RPZ.sh#
57 * * * * /jffs/addons/unbound/unbound_log.sh #Unbound_Log.sh#
59 * * * * /jffs/addons/unbound/unbound_stats.sh generate #Unbound_Stats.sh#
12 4 * * * curl -o /opt/var/lib/unbound/root.hints https://www.internic.net/domain/named.cache #root_servers#
1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

 

[tomsk]

Are they recreated if you rerun DNS Firewall/YT Video Blocking etc.?

Cron jobs are back after reloading firewall and YTblocking..... is there supposed to be a cron job for the stats as well?

tOmsK@RT-AC68U-4690:/tmp/home/root# cru l
0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh #adblock#
*/5 * * * * /opt/var/lib/unbound/adblock/gen_ytadblock.sh #ytadblock#
*/15 * * * * /jffs/addons/unbound/unbound_rpz.sh download #Unbound_RPZ.sh#
1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

 

[Martineau]

Cron jobs are back after reloading firewall and YTblocking..... is there supposed to be a cron job for the stats as well?

tOmsK@RT-AC68U-4690:/tmp/home/root# cru l
0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh #adblock#
*/5 * * * * /opt/var/lib/unbound/adblock/gen_ytadblock.sh #ytadblock#
*/15 * * * * /jffs/addons/unbound/unbound_rpz.sh download #Unbound_RPZ.sh#
1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

see this post#

 

[tomsk]

see this post#

I just ran the whole install routine over again from the command line

/jffs/addons/unbound/unbound_stats.sh install

Just a mystery why it all went missing..... i tried a couple of disable/enable dnsmasq cycles and the cron jobs survive ok.....

I am getting a weird thing going on when i enable dnsmasq as the primary dns.... i get a warning every time

    ***ERROR Unable to verify Github version...check DNS/Internet access!

but i don't see this error after making unbound primary...
i did add a couple of guest networks to test the interfaces conversion...could that be making dnsmasq a bit slow to come up?...timing issue?

 

[dave14305]

1 0 * * * /opt/bin/find /opt/var/lib/unbound/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

Does the unbound.log work after being forcefully removed? unbound-control log_reopen should probably be run after such a removal. But I suppose it’s not common to let unbound.log grow beyond 10MB if you leave things alone.

 

[tomsk]

Does the unbound.log work after being forcefully removed? unbound-control log_reopen should probably be run after such a removal. But I suppose it’s not common to let unbound.log grow beyond 10MB if you leave things alone.

Im using scribe so i'm guessing the unbound log would be rotated long before this cron job would kick in to know for sure.

EDIT:
Talking about two different logs here...
Syslog-Ng creating a log at /opt/var/log/unbound log ... and this is being taken care of by log rotate.
unbound is creating a log at /opt/var/lib/unbound/unbound.log which is being taken care of by the cron job. ( nothing been written to it in a while it would seem)

With dnsmasq you can chose to log to syslog OR to a separate log file ... seems you can have both here?

MORE EDIT:

seems you can't have both..... i guess the syslog is set yes in the conf file when you enable scribe

logfile: <filename>
If "" is given, logging goes to stderr, or nowhere once daemo-
nized. The logfile is appended to, in the following format:
[seconds since 1970] unbound[pid:tid]: type: message.
If this option is given, the use-syslog is option is set to
"no". The logfile is reopened (for append) when the config file
is reread, on SIGHUP.

use-syslog: <yes or no>
Sets unbound to send log messages to the syslogd, using sys-
log(3). The log facility LOG_DAEMON is used, with identity
"unbound". The logfile setting is overridden when use-syslog is
turned on. The default is to log to syslog.

 

[Slawek P]

I just ran the whole install routine over again from the command line

/jffs/addons/unbound/unbound_stats.sh install

Just a mystery why it all went missing..... i tried a couple of disable/enable dnsmasq cycles and the cron jobs survive ok.....

I am getting a weird thing going on when i enable dnsmasq as the primary dns.... i get a warning every time

    ***ERROR Unable to verify Github version...check DNS/Internet access!

but i don't see this error after making unbound primary...
i did add a couple of guest networks to test the interfaces conversion...could that be making dnsmasq a bit slow to come up?...timing issue?

There could be timing issue at reboot, I also suspected it is attributed to dnsmasq slow start of guest networks, but did not manage to investigate yet. This error must be new from 3.16 (guessing by the change log), I rebooted this morning before upgrade.