Yes, by default I configure unbound to always report SERVFAILs (blame @dave14305 ) so there is an issue with 'ctldl.windowsupdate.com' but not sure what it meansYes.
And here are the lines:
I don't have scribe.Code:######################################### # integration LOG's # #verbosity: 1 # v1.02 '1' is adequate to prove unbound is processing domains logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config log-time-ascii: yes # v1.01 as per @dave14305 minimal config #log-tag-queryreply: yes # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply' #log-queries: yes #log-replies: yes #use-syslog: yes # v1.02 @Martineau Let scribe/syslog-ng handle the log as it gets erased daily if Ad Block enabled :-( #log-local-actions: yes # v1.02 @Martineau log-servfail: yes # v1.01 as per @dave14305 minimal config #########################################
Edit:
Now, when I use "l" again, this shows up
I'm runningCode:E:Option ==> l /opt/var/lib/unbound/unbound.log Press CTRL-C to stop Feb 13 16:14:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au. Feb 13 16:14:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au. Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au. Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au. Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au. Feb 13 16:15:22 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at au. Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7. Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7. Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7. Feb 13 16:20:23 unbound[1218:0] error: SERVFAIL <ctldl.windowsupdate.com. A IN>: request has exceeded the maximum number restarts (eg. indirections) stop at a7.
AsusWRT Merlin 384.15
Diversion
Skynet
unbound
unbound_manager
uiDivStats
Use the 'lo'/lx' commands ?How can I disable dynamic logging and logging?
E:Option ==> l
/opt/var/lib/unbound/unbound.log Press CTRL-C to stop
Feb 13 16:43:17 unbound[1001:0] info: 0.065536 0.131072 12
Feb 13 16:43:17 unbound[1001:0] info: 0.131072 0.262144 19
Feb 13 16:43:17 unbound[1001:0] info: 0.262144 0.524288 2
Feb 13 16:43:17 unbound[1001:0] info: 0.524288 1.000000 1
Feb 13 16:43:17 unbound[1001:0] info: 1.000000 2.000000 5
Feb 13 16:44:54 unbound[1098:0] notice: init module 0: validator
Feb 13 16:44:54 unbound[1098:0] notice: init module 1: iterator
Feb 13 16:44:54 unbound[1098:0] info: start of service (unbound 1.9.6).
Feb 13 16:45:44 unbound[1098:0] info: generate keytag query _ta-4f66. NULL IN
Feb 13 16:59:04 unbound[1098:0] notice: ip_ratelimit exceeded 127.0.0.1 100 e947ey1x7uhwejzhguf212csah1aek7w9fw7fduk.ipleak.net. IN A
It's due to ip-ratelimit being defined in the unbound.conf file. The default is disabled, but at some point, it was added to the installer config with 100 as a limit. You can remove that line from the file and restart unbound if you are comfortable doing that.There is another strange line in the log, see the last line here:
Is this normal?Code:E:Option ==> l /opt/var/lib/unbound/unbound.log Press CTRL-C to stop Feb 13 16:43:17 unbound[1001:0] info: 0.065536 0.131072 12 Feb 13 16:43:17 unbound[1001:0] info: 0.131072 0.262144 19 Feb 13 16:43:17 unbound[1001:0] info: 0.262144 0.524288 2 Feb 13 16:43:17 unbound[1001:0] info: 0.524288 1.000000 1 Feb 13 16:43:17 unbound[1001:0] info: 1.000000 2.000000 5 Feb 13 16:44:54 unbound[1098:0] notice: init module 0: validator Feb 13 16:44:54 unbound[1098:0] notice: init module 1: iterator Feb 13 16:44:54 unbound[1098:0] info: start of service (unbound 1.9.6). Feb 13 16:45:44 unbound[1098:0] info: generate keytag query _ta-4f66. NULL IN Feb 13 16:59:04 unbound[1098:0] notice: ip_ratelimit exceeded 127.0.0.1 100 e947ey1x7uhwejzhguf212csah1aek7w9fw7fduk.ipleak.net. IN A
I did a dnsleak test.
ip-ratelimit: 100
echo -e "# Example custom 'unbound.conf.add' for inclusion in the 'server:' section\nprivate-domain: \"plex.direct\"" > /opt/share/unbound/configs/unbound.conf.add
echo -e "#!/bin/sh\n\nCONFIG=\$1\\n\\nsource /usr/sbin/helper.sh\n\npc_replace \"server:\" \"server: # unbound.postconf was here! $(date)\" \"\$CONFIG\"\n" > /opt/share/unbound/configs/unbound.postconf
##################################################################################################################################################################################### 100.0%
Retrieving Custom unbound configuration
unbound.conf downloaded successfully
Checking IPv6.....
Customising unbound IPv6 configuration.....
Customising unbound configuration Options:
Option Auto Reply 'y' unbound Logging enabled - 'verbosity: 1'
Adding 'include: "/opt/share/unbound/configs/unbound.conf.add" '/opt/var/lib/unbound/unbound.conf)'
Executing '/opt/share/unbound/configs/unbound.postconf'
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
Restarting dnsmasq.....
Done.
Shutting down unbound... done.
Starting unbound... done.
Auto install unbound Customisation complete 0 minutes and 8 seconds elapsed - Please wait for up to 10 seconds for status.....
head -n 12 /opt/var/lib/unbound/unbound.conf
Nice! I am concerned that we're using the same filename for /jffs/addons/unbound/unbound.postconf and /opt/share/unbound/configs/unbound.postconf.NEW: Similar to the RMerlin firmware add 'unbound.conf.add' and 'unbound.postconf' capability. post #428 @RacerRon @dave14305
I'm notNice! I am concerned that we're using the same filename for /jffs/addons/unbound/unbound.postconf and /opt/share/unbound/configs/unbound.postconf.
I'll speak slowly...I used the ‘i’ option to update but it was still showing v2.09.
I did it twice with the same result. However, when I used the ‘u’ command, the update went OK.
I speak even slower.
Note says ‘Use of the ‘i = Update unbound installation’ **REQUIRED**
That’s what I did.
After being informed there is a new 'unbound_manager.sh' script available (either via amtm or because the 'u' message appears on screen), then the only way to update the script (or not) is to use the 'u' command.I speak even slower.
Note says ‘Use of the ‘i = Update unbound installation’ **REQUIRED**
That’s what I did.
This is an update to the previous post about optimizing unbound.conf. Please read at the link below for further information.
https://www.snbforums.com/threads/r...recursive-dns-server.61669/page-3#post-548469
.....
For the RT-AC86U? Someone else (who has the router in use) needs to test the limits and report back to us.
For anything below the two HND models (RT-AX88U and the RT-AC86U)? Who wants to be a pioneer?
Opening up a shortcut folder (Open all) of 25 or 40 links in Edge Chromium has never happened so quickly before.
Metrics on these kinds of improvements? Like driving a fine car and trying to explain it to someone who only drives a horse and buggy.
You just have to get behind the wheel to find out.
# no threads and no memory slabs for threads
num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
# tiny memory cache
key-cache-size: 16m
msg-cache-size: 16m
rrset-cache-size: 32m
cache-max-ttl: 21600
cache-min-ttl: 0
prefetch: yes
prefetch-key: yes
serve-expired: yes
serve-expired-ttl: 3600
incoming-num-tcp: 1024
outgoing-num-tcp: 128
ip-ratelimit: 0
edns-buffer-size: 4096
As explained here after running the 'i' command (since v2.06) you have been askedJust wish we didn't lose these conf settings and trash the cache to start all over again every time it is necessary to run "u" followed by "i" .
We are barely a week into this new script, some adjustments have to be expected. Losing the conf settings is really not a big deal.These tweaked settings have been working really well on my RT-AC86U - no crashes and impressive speeds.
RAM consumption runs up to 95% and stays there with small use of Swap file.
Just wish we didn't lose these conf settings and trash the cache to start all over again every time it is necessary to run "u" followed by "i" .
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!