What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi, I seem to get this error when trying to install/start it, any suggestions how to fix it? Thank you.

1 = Update unbound files and configuration
2 = Remove unbound/unbound_manager
3 = Start unbound
4 = n/a Show unbound statistics
5 = Install Ad and Tracker blocker (Ad Block)
6 = n/a Install Graphical Statistics GUI Add-on TAB
7 = n/a Enable DNS Firewall

? = About Configuration
v = View ('/opt/var/lib/unbound/'unbound.conf)

e = Exit Script [?]

E:Option ==> 1

Router Configuration recommended pre-reqs status:

[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO

Options:

[✔] unbound Logging
[✔] unbound-control FAST response ENABLED

UPDATEing unbound
Entware package list successfully updated
Package unbound-checkconf (1.10.0-2) installed in root is up to date.
Installing unbound-control-setup (1.10.0-2) to root...
Downloading http://bin.entware.net/aarch64-k3.10/unbound-control-setup_1.10.0-2_aarch64-3.10.ipk
Installing openssl-util (1.1.1d-2) to root...
Downloading http://bin.entware.net/aarch64-k3.10/openssl-util_1.1.1d-2_aarch64-3.10.ipk
Package unbound-control (1.10.0-2) installed in root is up to date.
Package unbound-anchor (1.10.0-2) installed in root is up to date.
Package unbound-daemon (1.10.0-2) installed in root is up to date.
Configuring openssl-util.
Configuring unbound-control-setup.
unbound Entware packages 'unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon' successfully installed
Initialising 'unbound-control-setup' to generate SSL Keys
setup in directory /opt/var/lib/unbound
unbound_server.key exists
unbound_control.key exists
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
Removing package unbound-control-setup from root...
Removing package openssl-util from root...
Package column (2.35.1-1) installed in root is up to date.
Entware package 'column' successfully installed
Package diffutils (3.7-2) installed in root is up to date.
Entware package 'diffutils' successfully installed
Package bind-dig (9.14.8-1) installed in root is up to date.
Entware package 'bind-dig' successfully installed
Package haveged (1.9.8-2) installed in root is up to date.
Entware package 'haveged' successfully installed
Updating S02haveged
S02haveged downloaded successfully
Shutting down haveged... done.
Starting haveged... done.
Customising 'dnsmasq.postconf' (aka '/jffs/addons/unbound/unbound.postconf')
Updating S61unbound
S61unbound downloaded successfully
Generating unbound-anchor 'root.key'.....
/opt/sbin/unbound-anchor: error while loading shared libraries: /opt/lib/libcrypto.so.1.1: invalid ELF header
Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
################################################################################################################################################################################################## 100.0%
Retrieving Custom unbound configuration
unbound.conf downloaded successfully
doc/example.conf.in downloaded successfully
Checking IPv6.....
Customising unbound configuration Options:

Do you want to ENABLE unbound logging? (NO recommended)

Reply 'y' or press ENTER to skip
y
unbound Logging enabled - 'verbosity: 1'
unbound-checkconf: error while loading shared libraries: /opt/lib/libcrypto.so.1.1: invalid ELF header
Restarting dnsmasq.....
Done.
 
Last edited:
Code:
Generating unbound-anchor 'root.key'.....
/opt/sbin/unbound-anchor: error while loading shared libraries: /opt/lib/libcrypto.so.1.1: invalid ELF header
this is part of the libopenssl entware package i think... maybe you can try and reinstall that
Code:
tOmsK@RT-AC68U-4690:/tmp/home/root# opkg files libopenssl
Package libopenssl (1.1.1d-2) is installed on root and has the following files:
/opt/lib/libcrypto.so.1.1
/opt/lib/libssl.so.1.1

opkg --force-reinstall install libopenssl
 
Last edited:
I've uploaded v3.07

Version=3.07
Github md5=24bb61c37d65f575969c0ad64c3013a6

use 'u' to update when prompted on screen

Use of the 'i = Update unbound Installation' **Not required**

Code:
FIX:      Checking 'unbound.conf' for duplicate statements reports false-positives i.e. 'blank' lines not ignored similar to 'empty' lines
FIX:      'vpn debug show' now filters out irrelevant inbound DNS requests from the unbound related Syslog scan report
ADD:      'bind'/'vpn' command descriptions to '3 Advanced Tools' menu.
ADD:      'bind [debug [show]]' options (same as 'vpn debug show' command)

CHANGE:   '?' now reports cache used percentages

                e  = Exit Script [?]

                A:Option ==> ?

                    <snip>

                            unbound Memory/Cache:
                   
                     key-cache-size:'   8388608 (8.00 MB)
                     msg-cache-size:'   8388608 (8.00 MB)   5% used 479691  (468.45 KB)
                     rrset-cache-size:' 16777216 (16.00 MB) 8% used 1439632 (1.37 MB)
 
Last edited:
@dave14305
Sounds right to me. Send dns queries out the VPN tunnel and they get received at the authoritative server from the VPN provider’s IP range. Mission accomplished.
Would the setting 'Accept DNS Configuration' of the VPN client (used by unbound) have any weight in the 'mission accomplished' statement?
 
@juched and @Martineau , I tried enabling DNS firewall twice now and i get a fatal error and unbound stops working. Don't know what i'm doing wrong.
Code:
unbound[6269:0] fatal error: Could not read config file: /unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf
 
@juched and @Martineau , I tried enabling DNS firewall twice now and i get a fatal error and unbound stops working. Don't know what i'm doing wrong.
Code:
unbound[6269:0] fatal error: Could not read config file: /unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf
Can you read the file? or did you try the 'debug' command?

You could try refreshing just 'unbound.conf'

e.g. in 'Advanced' menu mode
Code:
e  = Exit Script [?]

A:Option ==> i config
then reapply your options.
 
Can you read the file? or did you try the 'debug' command?

You could try refreshing just 'unbound.conf'

e.g. in 'Advanced' menu mode
Code:
e  = Exit Script [?]

A:Option ==> i config
then reapply your options.
Code:
Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui"  '/opt/var/lib/unbound/unbound.conf'

/opt/var/lib/unbound/unbound.conf:202: error: cannot open include file '/opt/share/unbound/configs/unbound.conf.addgui': No such file or directory
read /opt/var/lib/unbound/unbound.conf failed: 1 errors in configuration file

***ERROR requested re(Start) of unbound ABORTed! - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file
 
I think I am getting the same error as @Safemode

UnboundErrorV307-2020-04-26.png


I also tried

A:Option ==> i config

but the same error came up.

I will try a reboot next.

RT-AX88U on 384.17_0 with fully updated scripts (please see my signature for details).

Edit: Rebooted, min update available.

All good!

Thank you @Martineau!
 
Last edited:
Code:
Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui"  '/opt/var/lib/unbound/unbound.conf'

/opt/var/lib/unbound/unbound.conf:202: error: cannot open include file '/opt/share/unbound/configs/unbound.conf.addgui': No such file or directory
read /opt/var/lib/unbound/unbound.conf failed: 1 errors in configuration file

***ERROR requested re(Start) of unbound ABORTed! - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file
Sorry, can you update to the Hotfix
Code:
A:Option ==> uf

Forced Update

    unbound_manager.sh downloaded successfully

unbound Manager UPDATE Complete! 24bb61c37d65f575969c0ad64c3013a6
then retry
Code:
e  = Exit Script [?]

A:Option ==> i config
 
So, i added the unbound.conf.addgui in /opt/share/unbound/configs/, then i get this:
Code:
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

Removing 'include: "/opt/share/unbound/configs/unbound.conf.add"  '/opt/var/lib/unbound/unbound.conf'
sed: invalid option -- 1
BusyBox v1.25.1 (2020-04-25 22:25:48 EDT) multi-call binary.

Usage: sed [-inrE] [-f FILE]... [-e CMD]... [FILE]...
or: sed [-inrE] CMD [FILE]...

        -e CMD  Add CMD to sed commands to be executed
        -f FILE Add FILE contents to sed commands to be executed
        -i[SFX] Edit files in-place (otherwise sends to stdout)
                Optionally back files up, appending SFX
        -n      Suppress automatic printing of pattern space
        -r,-E   Use extended regex syntax

If no -e or -f, the first non-option argument is the sed command string.
Remaining arguments are input files (stdin if none).
Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui"  '/opt/var/lib/unbound/unbound.conf'
 Starting unbound...              done.

Checking status, please wait..... unbound OK
 
Sorry, can you update to the Hotfix
Code:
A:Option ==> uf

Forced Update

    unbound_manager.sh downloaded successfully

unbound Manager UPDATE Complete! 24bb61c37d65f575969c0ad64c3013a6
then retry
Code:
e  = Exit Script [?]

A:Option ==> i config
Bingo. That forced update made it work. Thanks Martineau...
Not sure if it was the forced update or the fact i added the unbound.conf.addgui
 
Same error as @L&LD - I added an empty unbound.conf.addgui file and unbound restarted without errors - what's the real solution?
 
See my edited post above. :)
 
@dave14305

Would the setting 'Accept DNS Configuration' of the VPN client (used by unbound) have any weight in the 'mission accomplished' statement?
Not for Unbound, since we’re just telling it what interface to use on the router. Probably matters for LAN clients to make sure they send their requests to the router. I don’t use a VPN Client so I don’t have any first-hand experience.
 
Bingo. That forced update made it work. Thanks Martineau...
Not sure if it was the forced update or the fact i added the unbound.conf.addgui
So the DNS Firewall is now ENABLED?
 
@dave14305

Would the setting 'Accept DNS Configuration' of the VPN client (used by unbound) have any weight in the 'mission accomplished' statement?
If you use Selective Routing, then if you use these rules
e.g. assuming your LAN subnet is the default
Code:
LAN        192.168.1.0/24   0.0.0.0   vpn
Router     192.168.1.1      0.0.0.0   wan
then any application running on the router e.g. unbound/Transmission/Aria2 etc. will bypass the VPN,

However, if this is not appropriate, you need to explicitly configure the Application to send its traffic via the VPN.
 
Last edited:
It's enabled just making sure it sticks.
Edit: So far all is working as expected. Thanks again.
Edit#2: just got the error again
Code:
Apr 26 13:58:42 unbound[3620:0] fatal error: Could not read config file: /unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf
then i run rl and i get these two messages:
Code:
A:Option ==> rl safemoderpz.conf

unbound-checkconf: no errors in /opt/share/unbound/configs/safemoderpz.conf

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

 Starting unbound...              done.

Checking status, please wait..... unbound OK
If i do just " rs " then i get the error again.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top