Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[elnash]

Hello, good, how the replies logging is activated.

 

[gmt]

Hi, I seem to get this error when trying to install/start it, any suggestions how to fix it? Thank you.

1 = Update unbound files and configuration
2 = Remove unbound/unbound_manager
3 = Start unbound
4 = n/a Show unbound statistics
5 = Install Ad and Tracker blocker (Ad Block)
6 = n/a Install Graphical Statistics GUI Add-on TAB
7 = n/a Enable DNS Firewall

? = About Configuration
v = View ('/opt/var/lib/unbound/'unbound.conf)

e = Exit Script [?]

E:Option ==> 1

Router Configuration recommended pre-reqs status:

[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO

Options:

[✔] unbound Logging
[✔] unbound-control FAST response ENABLED

UPDATEing unbound
Entware package list successfully updated
Package unbound-checkconf (1.10.0-2) installed in root is up to date.
Installing unbound-control-setup (1.10.0-2) to root...
Downloading http://bin.entware.net/aarch64-k3.10/unbound-control-setup_1.10.0-2_aarch64-3.10.ipk
Installing openssl-util (1.1.1d-2) to root...
Downloading http://bin.entware.net/aarch64-k3.10/openssl-util_1.1.1d-2_aarch64-3.10.ipk
Package unbound-control (1.10.0-2) installed in root is up to date.
Package unbound-anchor (1.10.0-2) installed in root is up to date.
Package unbound-daemon (1.10.0-2) installed in root is up to date.
Configuring openssl-util.
Configuring unbound-control-setup.
unbound Entware packages 'unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon' successfully installed
Initialising 'unbound-control-setup' to generate SSL Keys
setup in directory /opt/var/lib/unbound
unbound_server.key exists
unbound_control.key exists
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
Removing package unbound-control-setup from root...
Removing package openssl-util from root...
Package column (2.35.1-1) installed in root is up to date.
Entware package 'column' successfully installed
Package diffutils (3.7-2) installed in root is up to date.
Entware package 'diffutils' successfully installed
Package bind-dig (9.14.8-1) installed in root is up to date.
Entware package 'bind-dig' successfully installed
Package haveged (1.9.8-2) installed in root is up to date.
Entware package 'haveged' successfully installed
Updating S02haveged
S02haveged downloaded successfully
Shutting down haveged... done.
Starting haveged... done.
Customising 'dnsmasq.postconf' (aka '/jffs/addons/unbound/unbound.postconf')
Updating S61unbound
S61unbound downloaded successfully
Generating unbound-anchor 'root.key'.....
/opt/sbin/unbound-anchor: error while loading shared libraries: /opt/lib/libcrypto.so.1.1: invalid ELF header
Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
################################################################################################################################################################################################## 100.0%
Retrieving Custom unbound configuration
unbound.conf downloaded successfully
doc/example.conf.in downloaded successfully
Checking IPv6.....
Customising unbound configuration Options:

Do you want to ENABLE unbound logging? (NO recommended)

Reply 'y' or press ENTER to skip
y
unbound Logging enabled - 'verbosity: 1'
unbound-checkconf: error while loading shared libraries: /opt/lib/libcrypto.so.1.1: invalid ELF header
Restarting dnsmasq.....
Done.

 

[tomsk]

Generating unbound-anchor 'root.key'.....
/opt/sbin/unbound-anchor: error while loading shared libraries: /opt/lib/libcrypto.so.1.1: invalid ELF header

this is part of the libopenssl entware package i think... maybe you can try and reinstall that

tOmsK@RT-AC68U-4690:/tmp/home/root# opkg files libopenssl
Package libopenssl (1.1.1d-2) is installed on root and has the following files:
/opt/lib/libcrypto.so.1.1
/opt/lib/libssl.so.1.1

opkg --force-reinstall install libopenssl

 

[Martineau]

I've uploaded v3.07

Version=3.07
Github md5=24bb61c37d65f575969c0ad64c3013a6​

use 'u' to update when prompted on screen

Use of the 'i = Update unbound Installation' **Not required**

FIX:      Checking 'unbound.conf' for duplicate statements reports false-positives i.e. 'blank' lines not ignored similar to 'empty' lines
FIX:      'vpn debug show' now filters out irrelevant inbound DNS requests from the unbound related Syslog scan report
ADD:      'bind'/'vpn' command descriptions to '3 Advanced Tools' menu.
ADD:      'bind [debug [show]]' options (same as 'vpn debug show' command)

CHANGE:   '?' now reports cache used percentages

                e  = Exit Script [?]

                A:Option ==> ?

                    <snip>

                            unbound Memory/Cache:
                   
                     key-cache-size:'   8388608 (8.00 MB)
                     msg-cache-size:'   8388608 (8.00 MB)   5% used 479691  (468.45 KB)
                     rrset-cache-size:' 16777216 (16.00 MB) 8% used 1439632 (1.37 MB)

 

[Torson]

@dave14305

Sounds right to me. Send dns queries out the VPN tunnel and they get received at the authoritative server from the VPN provider’s IP range. Mission accomplished.

Would the setting 'Accept DNS Configuration' of the VPN client (used by unbound) have any weight in the 'mission accomplished' statement?

 

[Safemode]

@juched and @Martineau , I tried enabling DNS firewall twice now and i get a fatal error and unbound stops working. Don't know what i'm doing wrong.

unbound[6269:0] fatal error: Could not read config file: /unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf

 

[Martineau]

@juched and @Martineau , I tried enabling DNS firewall twice now and i get a fatal error and unbound stops working. Don't know what i'm doing wrong.

unbound[6269:0] fatal error: Could not read config file: /unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf

Can you read the file? or did you try the 'debug' command?

You could try refreshing just 'unbound.conf'

e.g. in 'Advanced' menu mode

e  = Exit Script [?]

A:Option ==> i config

then reapply your options.

 

[Safemode]

Can you read the file? or did you try the 'debug' command?

You could try refreshing just 'unbound.conf'

e.g. in 'Advanced' menu mode

e  = Exit Script [?]

A:Option ==> i config

then reapply your options.

Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui"  '/opt/var/lib/unbound/unbound.conf'

/opt/var/lib/unbound/unbound.conf:202: error: cannot open include file '/opt/share/unbound/configs/unbound.conf.addgui': No such file or directory
read /opt/var/lib/unbound/unbound.conf failed: 1 errors in configuration file

***ERROR requested re(Start) of unbound ABORTed! - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

 

[L&LD]

I think I am getting the same error as @Safemode

I also tried

A:Option ==> i config

but the same error came up.

I will try a reboot next.

RT-AX88U on 384.17_0 with fully updated scripts (please see my signature for details).

Edit: Rebooted, min update available.

All good!

Thank you @Martineau!

 

[Martineau]

Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui"  '/opt/var/lib/unbound/unbound.conf'

/opt/var/lib/unbound/unbound.conf:202: error: cannot open include file '/opt/share/unbound/configs/unbound.conf.addgui': No such file or directory
read /opt/var/lib/unbound/unbound.conf failed: 1 errors in configuration file

***ERROR requested re(Start) of unbound ABORTed! - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

Sorry, can you update to the Hotfix

A:Option ==> uf

Forced Update

    unbound_manager.sh downloaded successfully

unbound Manager UPDATE Complete! 24bb61c37d65f575969c0ad64c3013a6

then retry

e  = Exit Script [?]

A:Option ==> i config

 

[Safemode]

So, i added the unbound.conf.addgui in /opt/share/unbound/configs/, then i get this:

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

Removing 'include: "/opt/share/unbound/configs/unbound.conf.add"  '/opt/var/lib/unbound/unbound.conf'
sed: invalid option -- 1
BusyBox v1.25.1 (2020-04-25 22:25:48 EDT) multi-call binary.

Usage: sed [-inrE] [-f FILE]... [-e CMD]... [FILE]...
or: sed [-inrE] CMD [FILE]...

        -e CMD  Add CMD to sed commands to be executed
        -f FILE Add FILE contents to sed commands to be executed
        -i[SFX] Edit files in-place (otherwise sends to stdout)
                Optionally back files up, appending SFX
        -n      Suppress automatic printing of pattern space
        -r,-E   Use extended regex syntax

If no -e or -f, the first non-option argument is the sed command string.
Remaining arguments are input files (stdin if none).
Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui"  '/opt/var/lib/unbound/unbound.conf'
 Starting unbound...              done.

Checking status, please wait..... unbound OK

 

[Safemode]

Sorry, can you update to the Hotfix

A:Option ==> uf

Forced Update

    unbound_manager.sh downloaded successfully

unbound Manager UPDATE Complete! 24bb61c37d65f575969c0ad64c3013a6

then retry

e  = Exit Script [?]

A:Option ==> i config

Bingo. That forced update made it work. Thanks Martineau...
Not sure if it was the forced update or the fact i added the unbound.conf.addgui

 

[Torson]

Same error as @L&LD - I added an empty unbound.conf.addgui file and unbound restarted without errors - what's the real solution?

 

[L&LD]

See my edited post above.

 

[Martineau]

Same error as @L&LD - I added an empty unbound.conf.addgui file and unbound restarted without errors - what's the real solution?

Apply Hotfix

 

[dave14305]

@dave14305

Would the setting 'Accept DNS Configuration' of the VPN client (used by unbound) have any weight in the 'mission accomplished' statement?

Not for Unbound, since we’re just telling it what interface to use on the router. Probably matters for LAN clients to make sure they send their requests to the router. I don’t use a VPN Client so I don’t have any first-hand experience.

 

[Martineau]

Bingo. That forced update made it work. Thanks Martineau...
Not sure if it was the forced update or the fact i added the unbound.conf.addgui

So the DNS Firewall is now ENABLED?

 

[Safemode]

So the DNS Firewall is now ENABLED?

It's enabled just making sure it sticks.
Edit: So far all is working as expected. Thanks again.

 

[Martineau]

@dave14305

Would the setting 'Accept DNS Configuration' of the VPN client (used by unbound) have any weight in the 'mission accomplished' statement?

If you use Selective Routing, then if you use these rules
e.g. assuming your LAN subnet is the default

LAN        192.168.1.0/24   0.0.0.0   vpn
Router     192.168.1.1      0.0.0.0   wan

then any application running on the router e.g. unbound/Transmission/Aria2 etc. will bypass the VPN,

However, if this is not appropriate, you need to explicitly configure the Application to send its traffic via the VPN.

 

[Safemode]

It's enabled just making sure it sticks.
Edit: So far all is working as expected. Thanks again.

Edit#2: just got the error again

Apr 26 13:58:42 unbound[3620:0] fatal error: Could not read config file: /unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf

then i run rl and i get these two messages:

A:Option ==> rl safemoderpz.conf

unbound-checkconf: no errors in /opt/share/unbound/configs/safemoderpz.conf

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

 Starting unbound...              done.

Checking status, please wait..... unbound OK

If i do just " rs " then i get the error again.