Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Treadler]

What does the option "Customise the CPU/Memory" exactly do?

Some good reading here......

https://www.snbforums.com/threads/r...bound-recursive-dns-server.61669/#post-548285

 

[Chris_J]

+1 on this...I've been running the tweaks provided by L&LD with the above setup for RT-AC86U as 0s. Once I restart unbound, I noticed my internet slows down/GUI feels really slow/sluggish so I'm running these 2 at defaults as well. I'll continue to monitor for any slow downs/other issues.

Update...still noticing slows down,adjusting buffer size and outgoing#g TCP back to defaults.

I've had a similar experience as you with my AC86U. I've set everything to the default "Customize the CPU/Memory" option enabled at install and I'm going to test it for a few days. If it's stable, I'll bump the threads to 2 and see what happens.

 

[Ubimo]

I just read that the latest version of unbound_manager breaks diversion?
I have a huge list (800.000 domains blocked) in diversion. Can I use the same list with unbound_manager ad-blocking?

 

[dave14305]

I just read that the latest version of unbound_manager breaks diversion?
I have a huge list (800.000 domains blocked) in diversion. Can I use the same list with unbound_manager ad-blocking?

It doesn’t break Diversion ad-blocking. The previous versions of the script would create a conflict with Diversion decrypting your SMTP password if you had email enabled.

 

[Skeptical.me]

Unbound manager in amtm makes everything so simple. Up and running in seconds without issue. Cheers.

 

[Martineau]

What does the option "Customise the CPU/Memory" exactly do?

It installs and executes this stuning.sh script, and in addition, if you have a HND router it will add the following

# Enable TCP Fast Open on HND routers - unbound_manager
echo 3 > /proc/sys/net/ipv4/tcp_fastopen

to allow unbound to take advantage of TCP Fast open

 

[dave14305]

to allow unbound to take advantage of TCP Fast open

Curious for those who have a router that supports TCP Fast Open:

If you enable extended statistics in unbound.conf (s+) and after some time, check the number of incoming/outgoing tcp requests, are there many? Most of my DNS queries go out over udp, so I'm not missing anything with a non-HND router, but it's a good way to determine if it's actually going to help anything.

# unbound-control stats_noreset | grep "num\.query\.tcp"
num.query.tcp=2  <<-- incoming to Unbound from LAN
num.query.tcpout=9  <<-- outgoing from Unbound to WAN

 

[Ubimo]

I just installed unbound via unbound_manager.
When I run https://www.dnsleaktest.com/ I still see that I'm using my ISP DNS server. Is that normal?

 

[dave14305]

I just installed unbound via unbound_manager.
When I run https://www.dnsleaktest.com/ I still see that I'm using my ISP DNS server. Is that normal?

If you look more carefully at the results, is it really your ISP DNS server, or is it YOUR WAN IP?

 

[Chris_J]

I just installed unbound via unbound_manager.
When I run https://www.dnsleaktest.com/ I still see that I'm using my ISP DNS server. Is that normal?

It should be your external IP address, because you are now the DNS server

 

[Ubimo]

WOW, you are right! Thanks! (me is blind)

Edit:
So, can anyone outside now use my WAN IP as a DNS?

Edit2:
Another thing, I rebooted the router and startet unbound_manager via amtm.
Then I entered 3->Advanced tools and entered "l" for Show unbound log entries.
Here is the log, it stopped at "NULL IN". Is that normal?

Spoiler

unbound (pid 1218) is running... uptime: 0 Days, 00:22:48 version: 1.9.6 # rgnldo Github Version=v1.03 Martineau update (Date Loaded by unbound_manager Thu Feb)

z = Remove unbound/unbound_manager Installation l = Show unbound log entries (lo=Enable Logging)
? = About Configuration v = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit)
x = Stop unbound vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use ')
oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-querie'
sd = Show dnsmasq Statistics/Cache Size s = Show unbound statistics (s=Summary Totals; sa=All; s+=Enable Extended Stats)

scribe = Enable scribe (syslog-ng) unbound logging ad = Analyse Diversion White/Black lists ([ file_name [type=adblock] ])
ca = Cache Size Optimisation ([ 'reset' ])

dig = {domain} Show dig info e.g. dig qnamemintest.internet.nl
dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com

dnsinfo = {dns} Show DNS Server e.g. dnsinfo

links = Show list of external links URLs


e = Exit Script

[Enter] Leave Advanced Tools Menu

E:Option ==> l

/opt/var/lib/unbound/unbound.log Press CTRL-C to stop

Feb 13 15:23:01 unbound[31971:0] info: 0.032768 0.065536 88
Feb 13 15:23:01 unbound[31971:0] info: 0.065536 0.131072 22
Feb 13 15:23:01 unbound[31971:0] info: 0.131072 0.262144 10
Feb 13 15:23:01 unbound[31971:0] info: 0.262144 0.524288 19
Feb 13 15:23:01 unbound[31971:0] info: 0.524288 1.000000 2
Feb 13 15:23:01 unbound[31971:0] info: 1.000000 2.000000 6
Feb 13 15:24:47 unbound[1218:0] notice: init module 0: validator
Feb 13 15:24:47 unbound[1218:0] notice: init module 1: iterator
Feb 13 15:24:47 unbound[1218:0] info: start of service (unbound 1.9.6).
Feb 13 15:25:23 unbound[1218:0] info: generate keytag query _ta-4f66. NULL IN

Edit3:
Now, when I run the GRC DNS Nameserver Performance Benchmark tool (DNSBench.exe), the results are weird. Is that normal?

 

[Clark Griswald]

Tonight I'm going to try this logic on my wife:
"Honey, if we buy an AX88U @L&LD has a script that will make your internet go faster!"

FYI Current setup (hardware), RMerlin FW, and scripts working great!

 

[dave14305]

So, can anyone now use my WAN IP as a DNS?

No, it's outbound Unbound only. Firewall prevents any incoming queries.

Another thing, I rebooted the router and startet unbound_manager via amtm.
Then I entered 3->Advanced tools and entered "l" for Show unbound log entries.
Here is the log, it stopped at "NULL IN". Is that normal?

Yes, it's normal with the default log "verbosity" level of 1. You can enable more verbose logging in the menus, but it will create a large file if left on permanently.

 

[Chris_J]

Tonight I'm going to try this logic on my wife:
"Honey, if we buy an AX88U @L&LD has a script that will make your internet go faster!"

FYI Current setup (hardware) and scripts working great!

Often a conversation in my house:
Wife: "Are you upgrading that bl***y firmware again!?"
Me (whilst being impressed that she knew the word 'firmware'): Nooop. L&LD told me to do something.

 

[dave14305]

Often a conversation in my house:
Wife: "Are you upgrading that bl***y firmware again!?"
Me (whilst being impressed that she knew the word 'firmware'): Nooop. L&LD told me to do something.

Wife: "What the hell is an L&LD?"

 

[Martineau]

# unbound-control stats_noreset | grep "num\.query\.tcp"
num.query.tcp=2  <<-- incoming to Unbound from LAN
num.query.tcpout=9  <<-- outgoing from Unbound to WAN

or even easier using unbound_manager

e  = Exit Script

A:Option ==> s tcp

total.num.queries=24                total.num.zero_ttl=0                total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0  total.num.recursivereplies=21       total.requestlist.current.all=0         msg.cache.count=208
total.num.cachehits=3               total.requestlist.avg=8.09524       total.requestlist.current.user=0        rrset.cache.count=570
total.num.cachemiss=21              total.requestlist.max=33            total.recursion.time.avg=0.233764       infra.cache.count=359
total.num.prefetch=0                total.requestlist.overwritten=0     total.recursion.time.median=0.215333    key.cache.count=16

Summary: Cache Hits success=12.00%

thread0.tcpusage=0  total.tcpusage=0    num.query.tcp=0     num.query.tcpout=0

P.S. Just restarted unbound hence the low Cache Hits etc. for v2.10 release/testing.

 

[Martineau]

I rebooted the router and startet unbound_manager via amtm.
Then I entered 3->Advanced tools and entered "l" for Show unbound log entries.
Here is the log, it stopped at "NULL IN". Is that normal?

During the install, did you install unbound logging?

if you issue

e  = Exit Script

A:Option ==> v

you should immediately see the logging options applied after a REBOOT.
Can you post the group of lines starting/ending with

#########################################
# integration LOG's

these lines....


#########################################

 

[Martineau]

Yes, it's normal with the default log "verbosity" level of 1. You can enable more verbose logging in the menus, but it will create a large file if left on permanently.

If the user has syslog-ng/scribe installed, then I recommend they enable unbound scribe logging

e  = Exit Script

A:Option ==> scribe

to hopefully keep the unbound.log disk usage in check.

 

[Ubimo]

During the install, did you install unbound logging?

Yes.
And here are the lines:

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
#log-tag-queryreply: yes                    # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
#log-queries: yes
#log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Let scribe/syslog-ng handle the log as it gets erased daily if Ad Block enabled :-(
#log-local-actions: yes                     # v1.02 @Martineau
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

I don't have scribe.

Edit:
Now, when I use "l" again, this shows up

E:Option ==> l

/opt/var/lib/unbound/unbound.log                Press CTRL-C to stop

Feb 13 16:14:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au.
Feb 13 16:14:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au.
Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au.
Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au.
Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au.
Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au.
Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7.
Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7.
Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7.
Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7.

I'm running
AsusWRT Merlin 384.15
Diversion
Skynet
unbound
unbound_manager
uiDivStats

 

[Martineau]

Yes.
And here are the lines:

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
#log-tag-queryreply: yes                    # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
#log-queries: yes
#log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Let scribe/syslog-ng handle the log as it gets erased daily if Ad Block enabled :-(
#log-local-actions: yes                     # v1.02 @Martineau
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

I don't have scribe.

Ok, then you may be able to dynamically enable logging, by using command

e  = Exit Script

A:Option ==> lo

but as (recommended by @dave14305) remember to disable logging once you have seen the 'query/reply' pair to show what domains unbound is processing, to prevent the 'unbound.log' file growing too large.