What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes, because when Unbound is off, you're using a WAN DNS server that isn't residing in a banned country. It's the authoritative DNS server that's banned, not the website.
Thank you, that makes total sense. Now I have figure out why hulu stopped working.
 
I uninstalled unbound with unbound_manager and rebooted.
I redownloaded the script with amtm and installed unbound_manager with all defaults.
I enabled logging.
I enabled scribe
I set verbosity to 4.

With Chrome, I navigated to usaa.com. It loaded fine.
I refreshed the page, and got the blank page: A brief flash of the top of the blue banner and then all white.

With Firefox, I navigated to usaa.com and it loaded fine. I reloaded the page several times. I closed Firefox and then reloaded the page fine; Chrome still blank. I closed Firefox again, reloaded the page, and got a blank: same flash and white.

I ran a diff between my log file and yours, and they are completely different from the get-go but it doesn't seem to be a fail:
Code:
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 usaa.com. A IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 usaa.com. A IN NOERROR 0.000000 1 42
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 usaa.com. A IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 usaa.com. A IN NOERROR 0.000000 1 42
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 usaa.com. A IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 usaa.com. A IN NOERROR 0.000000 1 42
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 usaa.com. AAAA IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 usaa.com. AAAA IN NOERROR 0.000000 1 79
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 www.usaa.com. A IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 www.usaa.com. A IN NOERROR 0.000000 1 119
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 www.usaa.com. A IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 www.usaa.com. A IN NOERROR 0.000000 1 119
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e6962.b.akamaiedge.net. A IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e6962.b.akamaiedge.net. A IN NOERROR 0.008633 0 56
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e6962.b.akamaiedge.net. AAAA IN
Feb 11 16:49:00 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e6962.b.akamaiedge.net. AAAA IN NOERROR 0.000000 1 101
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 content.usaa.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 content.usaa.com. A IN NOERROR 0.000000 1 123
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 s.go-mpulse.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 s.go-mpulse.net. AAAA IN NOERROR 0.000000 1 172
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 mboxedge17.tt.omtrdc.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 mboxedge17.tt.omtrdc.net. AAAA IN NOERROR 0.000000 1 111
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 api.usaa.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 api.usaa.com. A IN NOERROR 0.000000 1 119
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 api.usaa.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 api.usaa.com. A IN NOERROR 0.000000 1 119
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e6968.b.akamaiedge.net. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e6968.b.akamaiedge.net. A IN NOERROR 0.011016 0 56
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e6968.b.akamaiedge.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e6968.b.akamaiedge.net. AAAA IN NOERROR 0.000000 1 101
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 c.go-mpulse.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 c.go-mpulse.net. AAAA IN NOERROR 0.000000 1 200
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 tms.usaa.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 tms.usaa.com. A IN NOERROR 0.000000 1 119
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 tms.usaa.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 tms.usaa.com. A IN NOERROR 0.000000 1 119
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e7059.x.akamaiedge.net. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 tags.tiqcdn.com. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 tags.tiqcdn.com. AAAA IN NOERROR 0.000000 1 123
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e7059.x.akamaiedge.net. A IN NOERROR 0.011858 0 56
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e7059.x.akamaiedge.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e7059.x.akamaiedge.net. AAAA IN NOERROR 0.000000 1 101
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 dpm.demdex.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 dpm.demdex.net. AAAA IN NOERROR 0.000000 1 222
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 www.everestjs.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 www.everestjs.net. AAAA IN NOERROR 0.000000 1 169

Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 da.usaa.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 da.usaa.com. A IN NOERROR 0.000000 1 118
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 dcs-edge-va6-802167536.us-east-1.elb.amazonaws.com. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 dcs-edge-va6-802167536.us-east-1.elb.amazonaws.com. AAAA IN NOERROR 0.000000 0 150
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 scontent.xx.fbcdn.net. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 scontent.xx.fbcdn.net. A IN NOERROR 0.025262 0 55
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 scontent.xx.fbcdn.net. A IN NOERROR 0.051173 0 55
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 scontent.xx.fbcdn.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 scontent.xx.fbcdn.net. AAAA IN NOERROR 0.000000 1 67
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 gb.usaa360.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 gb.usaa360.com. A IN NOERROR 0.000000 1 121
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 gb.usaa360.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 gb.usaa360.com. A IN NOERROR 0.000000 1 121
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e8561.x.akamaiedge.net. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e8561.x.akamaiedge.net. A IN NOERROR 0.013634 0 56
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e8561.x.akamaiedge.net. AAAA IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e8561.x.akamaiedge.net. AAAA IN NOERROR 0.000000 1 101
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] query: 127.0.0.1 gb.usaa360.com. A IN
Feb 11 16:49:01 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 gb.usaa360.com. A IN NOERROR 0.000000 1 121

Feb 11 16:49:04 RT-AC86U unbound: [32101:0] query: 127.0.0.1 localhost. SSHFP IN
Feb 11 16:49:04 RT-AC86U unbound: [32101:0] info: localhost. redirect 127.0.0.1@46630 localhost. SSHFP IN
Feb 11 16:49:04 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 localhost. SSHFP IN NOERROR 0.000000 1 88
Feb 11 16:49:04 RT-AC86U unbound: [32101:0] query: 127.0.0.1 localhost. SSHFP IN
Feb 11 16:49:04 RT-AC86U unbound: [32101:0] info: localhost. redirect 127.0.0.1@55083 localhost. SSHFP IN
Feb 11 16:49:04 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 localhost. SSHFP IN NOERROR 0.000000 1 88
Feb 11 16:49:11 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e8561.x.akamaiedge.net. AAAA IN
Feb 11 16:49:11 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e8561.x.akamaiedge.net. AAAA IN NOERROR 0.000000 1 101
Feb 11 16:49:11 RT-AC86U unbound: [32101:0] query: 127.0.0.1 l.usaa.com. A IN
Feb 11 16:49:11 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 l.usaa.com. A IN NOERROR 0.000000 1 117
Feb 11 16:49:11 RT-AC86U unbound: [32101:0] query: 127.0.0.1 e6962.b.akamaiedge.net. AAAA IN
Feb 11 16:49:11 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 e6962.b.akamaiedge.net. AAAA IN NOERROR 0.000000 1 101
Feb 11 16:49:12 RT-AC86U unbound: [32101:0] query: 127.0.0.1 mtalk.google.com. A IN
Feb 11 16:49:12 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 mtalk.google.com. A IN NOERROR 0.000000 1 79
Feb 11 16:49:18 RT-AC86U unbound: [32101:0] query: 127.0.0.1 17.client-channel.google.com. A IN
Feb 11 16:49:18 RT-AC86U unbound: [32101:0] reply: 127.0.0.1 17.client-channel.google.com. A IN NOERROR 0.000000 1 62
Before I got quite this far, I uninstalled Unbound, rebooted and still have no USAA access...I'm looking into other things.

(Solved). Purge your pixelserv-tls certs and re-issue them. Flush browser cache if needed and then re-install Unbound. I know that I used the "use pixelserv for the webui" function in AMTM on Sunday to see if it worked. But, purging the certificate and doing it over solved this issue for me.

More data: in Diversion select EP, then opt 3 and purge the TLS domain cert.
 
Last edited:
A few things:

1. Thanks, @Martineau, for this script. I've installed and uninstalled unbound a few times today, exploring, and I would never have waded in without the script.
2. The problem with USAA is, I think, unrelated to unbound or pixelserv. I've uninstalled unbound and purged the pixelserv domain certs (but NOT the ca.crt, oy what a headache that would be), rebooted everything and I still have the problem.
3. Using the old school :) Diversion log follow, I see going to usaa.com produces a lot of blocked domains:
Code:
20:10:43 blocked by blockinglist usaa.tt.omtrdc.net
 20:10:43 blocked by blockinglist s.go-mpulse.net
 20:10:44 blocked by blockinglist tags.tiqcdn.com
 20:10:44 blocked by blockinglist dpm.demdex.net
 20:10:44 blocked by blockinglist www.everestjs.net
 20:10:44 blocked by blockinglist www.google-analytics.com
 20:10:44 blocked by blockinglist www.googletagmanager.com
 20:10:44 blocked by blockinglist datacloud.tealiumiq.com
 20:10:44 blocked by blockinglist d.agkn.com
 20:10:44 blocked by blockinglist sp.analytics.yahoo.com
 20:10:44 blocked by blockinglist browser.pipe.aria.microsoft.com
If I unblock the first one, the pages load fine. So, sorry for the detour, nothing to see here.
Except USAA and I will have a few words after googling tt.omtrdc.net:
Code:
Adobe Target is the Adobe Experience Cloud solution that provides everything you need to tailor and personalize your customers' experience so you can maximize revenue on your web and mobile sites, apps, social media, and other digital channels.

Also, since I will be away from this mission-critical location for 2 months, I've left things as they were before (as to which, see #1) and will explore this further on a 56U and 87U.
 
Last edited:
If I uninstall unbound, what's the process to remove unbound.logs thru the GUI under system logs? Thanks

I installed unbound but the logs tab is still showing up.
 
A few things:

1. Thanks, @Martineau, for this script. I've installed and uninstalled unbound a few times today, exploring, and I would never have waded in without the script.
2. The problem with USAA is, I think, unrelated to unbound or pixelserv. I've uninstalled unbound and purged the pixelserv domain certs (but NOT the ca.crt, oy what a headache that would be), rebooted everything and I still have the problem.
3. Using the old school :) Diversion log follow, I see going to usaa.com produces a lot of blocked domains:
Code:
20:10:43 blocked by blockinglist usaa.tt.omtrdc.net
 20:10:43 blocked by blockinglist s.go-mpulse.net
 20:10:44 blocked by blockinglist tags.tiqcdn.com
 20:10:44 blocked by blockinglist dpm.demdex.net
 20:10:44 blocked by blockinglist www.everestjs.net
 20:10:44 blocked by blockinglist www.google-analytics.com
 20:10:44 blocked by blockinglist www.googletagmanager.com
 20:10:44 blocked by blockinglist datacloud.tealiumiq.com
 20:10:44 blocked by blockinglist d.agkn.com
 20:10:44 blocked by blockinglist sp.analytics.yahoo.com
 20:10:44 blocked by blockinglist browser.pipe.aria.microsoft.com
If I unblock the first one, the pages load fine. So, sorry for the detour, nothing to see here.
Except USAA and I will have a few words about googling tt.omtrdc.net:
Code:
Adobe Target is the Adobe Experience Cloud solution that provides everything you need to tailor and personalize your customers' experience so you can maximize revenue on your web and mobile sites, apps, social media, and other digital channels.

Also, since I will be away from this mission-critical location for 2 months, I've left things as they were before (as to which, see #1) and will explore this further on a 56U and 87U.
Hmmph. It worked when I checked it after purging the TLS domain cert, but I saw your post, rechecked and not working again.o_O So, I checked and the tt.omtrdc is being blocked and whitelisting it in diversion solved it.

But now, I cannot uninstall Unbound either. Opt Z, then Y and it says Uninstall cancelled. No difference after a reboot either :confused:
 
[✖] ***Warning Entware NTP Server installed but not running?

I already reinstall unbound and reboot the router, but still getting this error.

Anyone facing this problem?
 
@smkk, what router? What firmware version? What scripts do you have installed?
 
If I uninstall unbound, what's the process to remove unbound.logs thru the GUI under system logs? Thanks

I installed unbound but the logs tab is still showing up.
Not sure - I don't use the GUI.

Originally I wasn't sure if I should remove the scribe logs in case they were supposed to be retained or simply because unbound_manager hadn't actually configured scribe.

However, I can alter option 'z' which will execute the following
Code:
rm /opt/etc/syslog-ng.d/unbound /opt/var/log/unbound.log
and also restart scribe.

Not sure if this will resolve your scribe GUI issue?, but you can manually try the process and report back.
 
Last edited:
Those who have the 86U, have you tried the config tweaks with success? Everything is running great with the defaults, but I am far too tempted to break things.
 
[✖] ***Warning Entware NTP Server installed but not running?

I already reinstall unbound and reboot the router, but still getting this error.
I assume that the Entware NTP Server was manually installed to explicitly override the native firmware NTP Server.

Subsequently the script presumes that the presence of the Entware NTP Server should take priority, but seemingly doesn't detect it running.

I suppose it could be that my assumption logic is currently flawed, and you may have previously installed the Entware NTP Server, didn't like it, so reverted to the native firmware NTP Server option, but forgot to uninstall the Entware NTP version.

However, could you please run the following two commands and post the results.
Code:
which ntpd

/opt/etc/init.d/S77ntpd check
 
Last edited:
Those who have the 86U, have you tried the config tweaks with success? Everything is running great with the defaults, but I am far too tempted to break things.
If you are referring to these performance tweaks post #50 then I recall that at least one user has posted that they were a little too unstable so were backed out.

I personally don't use the 'unbound_config' performance tweaks, but welcome any proven settings to be added as defaults for a first install..

For the script option
Code:
o4. Customise CPU/Memory usage (Advanced Users)
I need to ensure that any performance tweaks provided by the script remain conservative/safe for a fuss free install.

Consequently, as shown at the top of post #1 this is now implemented when using '2. Advanced Install' in 'Easy' mode', as I have deemed that it is a safe decision.

P.S. Not had any negative feedback, but could it be that everyone elects for an 'Advanced' install to explicitly ignore that option. ? o_O
 
Last edited:
Checking ntpd... dead.
So are you wanting/expecting to use the 'dead' Entware NTP Server?

If not, then I suggest that you uninstall it, or you should identify why it is 'dead' and fix it.
 
Last edited:
If you are referring to these performance tweaks post #50 then I recall that at least one user has posted that they were a little too unstable so were backed out.

I personally don't use the 'unbound_config' performance tweaks, but welcome any proven settings to be added as defaults for a first install..

For the script option
Code:
o4. Customise CPU/Memory usage (Advanced Users)
I need to ensure that any performance tweaks provided by the script remain conservative/safe for a fuss free install.

Consequently, as shown at the top of post #1 this is now implemented when using '2. Advanced Install' in 'Easy' mode', as I have deemed that it is a safe decision.

P.S. Not had any negative feedback, but it could be that everyone elects for an 'Advanced' install to explicitly ignore that option.

Thanks, I will test out the alpha version of the config and see how it goes.
 
Is that why I didn’t receive my weekly email stats from Diversion, I wonder?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top