What's new

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
@Jack Yaz if you're interested, this is a start
Code:
unbound-control -c /opt/var/lib/unbound/unbound.conf stats_noreset | grep total.num
 
Once the installer is validated, does the user need to install the pre-reqs (like ntp server) before installation?
 
Once the installer is validated, does the user need to install the pre-reqs (like ntp server) before installation?
This work our script will do for you if you wish.
 
For compatibility reasons, I'm testing these changes in ntp clock checking for entware services they need. I removed these arguments on...
/opt/etc/init.d/S*
Code:
#!/bin/sh

if [ "$1" = "start" ] || [ "$1" = "restart" ]; then
       # Wait for NTP before starting
       logger -st "S61unbound" "Waiting for NTP to sync before starting..."
       ntptimer=0
       while [ "$(nvram get ntp_ready)" = "0" ] && [ "$ntptimer" -lt "300" ]; do
               ntptimer=$((ntptimer+1))
               sleep 1
       done

       if [ "$ntptimer" -ge "300" ]; then
               logger -st "S61unbound" "NTP failed to sync after 5 minutes - please check immediately!"
               echo ""
               exit 1
       fi
fi

I added this...
/opt/etc/init.d/00netwait
Code:
#!/bin/sh

# Copyright (C) 2013-2016 Jeremy Chadwick. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

# Waits for ntpc/ntpdate to properly sync time before starting up any
# daemons past this point.  The way it works is by repeatedly calling
# /bin/date +%Y and seeing if the year returned is later than 1970.
# Most routers do not have battery-backed RTCs, so their clocks always
# start from the epoch (December 31st 1969).  A year later than 1970
# (i.e. 1971 or later) would indicate ntpc has finished.
#
# This is helpful for daemons which are time-sensitive, such as
# BIND/named, where a clock that is extremely skewed can cause errors
# like: checkhints: unable to get root NS rrset from cache: not found
#
# TODO: Implement stop/start/restart/reconfigure/check/kill argument
# support, per rc.unslung.  Right now this just runs blindly every
# time.  stop/reconfigure/check/kill should be no-ops, start/restart
# should actually do something.
#
NAME="netwait[$$]"
INTERVAL=7
MAXCOUNT=13

checkdate() {
  local year=$(/bin/date +%Y)
  if [ $year -gt 1970 ]
  then
    return 0
  fi
  return 1
}

# First thing we do is check the current date.  If the year is
# already compliant, then don't call logger or anything else; just
# exit cleanly immediately.

if checkdate; then
  exit 0
fi

# Otherwise use a loop to check things repeatedly and bail out if
# things look good -- or bail out at the very end with a nastygram
# indicating we're not responsible if daemons misbehave past this
# point.  :-)

i=1
while [ $i -le $MAXCOUNT ]
do
  logger -t $NAME "Waiting for ntpc (attempt ${i}/${MAXCOUNT})"
  sleep $INTERVAL

  if checkdate; then
    logger -t $NAME "Clock synced; good to go!"
    exit 0
  fi
  i=$((i+1))
done

logger -t $NAME "Clock remains unsynced; continuing anyway"
exit 1

Use the @Martineau script for WAN checking.
/jffs/scripts/init-start
Code:
sh /jffs/scripts/ChkWAN.sh &
 
For compatibility reasons, disregard. Remove the DNS redirect option.

Code:
iptables -t nat -A PREROUTING -d "$(nvram get lan_ipaddr)" -p tcp --dport 53 -j REDIRECT --to-port 53535;iptables -t nat -A PREROUTING -d "$(nvram get lan_ipaddr)" -p udp --dport 53 -j REDIRECT --to-port 53535
and firewall-start
Run
Code:
unbound_installer
and it should detect a new v1.09 is available, so the 'u' option should appear

Code:
u  = Update (Major) unbound_installer v1.08 -> v1.09
then to update the 'opt/etc/init.d/S*' scripts from @rgnldo's GitHub select
Code:
1
 
Last edited:
@Martineau We're getting there, almost. Adds only the option to check if IPV6 is enabled on the router to fit the unbound.conf file. There are commented lines that should not be commented as to whether IPV6 and Stubby are enabled. I uploaded to Github the startup files of Entware.
Does the memory and CPU performance option work?
 
Last edited:
After successfully installing unbound. I relaunch the installer and return this.
Code:
sh unbound_installer.sh
Code:
unbound: [*] Lock File Detected (firewall) (pid=2236) - Exiting (cpid=16277)
Code:
cat /jffs/scripts/firewall-start
#!/bin/sh
sh /jffs/scripts/unbound_installer.sh firewall # unbound Firewall Addition
 
After successfully installing unbound. I relaunch the installer and return this.
Code:
sh unbound_installer.sh
Code:
unbound: [*] Lock File Detected (firewall) (pid=2236) - Exiting (cpid=16277)
Code:
cat /jffs/scripts/firewall-start
#!/bin/sh
sh /jffs/scripts/unbound_installer.sh firewall # unbound Firewall Addition
Not experienced the Lock File issue....does it always happen during the reboot?

Option 2 should backout any updates to the files - although I noticed that 'dnsmasq.conf' has duplicates lines as the script never checked if the line already exists before inserting it.:oops:

I've already patched the v1.10 script, but I haven't pushed the patched version to GitHub pending your new functional requirements.

P.S To save typing, you can invoke the script (from anywhere) by simply using its alias
Code:
unbound_installer
 
Last edited:
@Martineau We're getting there, almost. Adds only the option to check if IPV6 is enabled on the router to fit the unbound.conf file. There are commented lines that should not be commented as to whether IPV6 and Stubby are enabled. I uploaded to Github the startup files of Entware.
Does the memory and CPU performance option work?
No idea what you mean :confused:.
 
No idea what you mean :confused:.
This is in unbound.conf because the script understands that the router has IPV6 disabled.
Code:
#########################################
# integration IPV6
#
# do-ip6: yes
# interface: ::0
# iaccess-control: ::0/0 refuse
# access-control: ::1 allow
# private-address: fd00::/8
# private-address: fe80::/10
#########################################

Code:
#########################################
# Options for integration with TCP/TLS Stubby
# udp-upstream-without-downstream: yes
#########################################
With IPV6 and Stubby enabled it will look like this:
Code:
#########################################
# integration IPV6
 do-ip6: yes
 interface: ::0
 iaccess-control: ::0/0 refuse
 access-control: ::1 allow
 private-address: fd00::/8
 private-address: fe80::/10
#########################################
Code:
#########################################
# Options for integration with TCP/TLS Stubby
 udp-upstream-without-downstream: yes
#########################################
 
unbound_installer - script v1.09
Code:
unbound-control -c /opt/var/lib/unbound/unbound.conf stats_noreset | grep total.num
total.num.queries=4242
total.num.queries_ip_ratelimited=0
total.num.cachehits=3433 -->> HIT, number of requests answered by cache.
total.num.cachemiss=809 -->> MISS, number of requests not available in cache
total.num.prefetch=39
total.num.zero_ttl=0
total.num.recursivereplies=809
 
how to get over this error
Connection refused for 127.0.0.1 port 953
using script
Try change directory ownership to nobody, in case you want to drop daemon privileges from root to nobody
chown nobody /opt/var/lib/unbound

/opt/sbin/unbound-anchor -a /opt/var/lib/unbound/root.key


Enviado do meu iPhone usando Tapatalk
 
/opt/etc/init.d/rc.unslung check

/opt/etc/init.d/rc.unslung restart



Enviado do meu iPhone usando Tapatalk
 
@rgnldo I have an issue when interface is set to 0.0.0.0 ( in unbound.conf) it is fine when interface is set to 127.0.0.1 . If I remember correctly, the error says that this (0.0.0.0) interface is in use or something like that.. I remember we used 127.0.0.1 in the past .

Can you change it back to 127.0.0.1?
 
0.0.0.0 couldn't be in use unless you have something running on the same specified port. 0.0.0.0 just means it listens on all addresses are you running two instances of unbound? try restarting it.


I think this is why the preferred method rgnldo recommends ipv6, but it would make more since to bind it to a specific address if this is what is causing this issue.
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top