Menu
What's new
By:
Filters Better Search

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
rgnldo said:
Code: 
stub-zone:
    name: "rgnldo.lan"
    stub-addr: 192.168.1.3
stub-zone:
    name: "1.168.192.in-addr.arp"
    stub-addr: 192.168.1.3
Goal here is to provide performance and latency reduction. A good experience High response and performance. :):D
Click to expand...

Has this had any effect?

I may be wrong, but I thought stub zones were for unbound to forward sub-domains (in your case *.rgnldo.lan) to an upstream dns server,. And as pixelserv isnt a DNS server, doesn't it just timeout and fall back to unbound to resolve - hence taking longer (until cached)?
I think the "local-zone", "local-data" is the directive to spoof resolved DNS to pixelserv.

Sent from my Nokia 7 plus using Tapatalk
 
Cam said:
Has this had any effect?

I may be wrong, but I thought stub zones were for unbound to forward sub-domains (in your case *.rgnldo.lan) to an upstream dns server,. And as pixelserv isnt a DNS server, doesn't it just timeout and fall back to unbound to resolve - hence taking longer (until cached)?
I think the "local-zone", "local-data" is the directive to spoof resolved DNS to pixelserv.

Sent from my Nokia 7 plus using Tapatalk
Click to expand...
Yes. Pixelserv-tls also has the function of speeding up responses as well as SNI. It is being used in conjunction with adblock. In the same logic, I am testing with NGINX and Lighttpd.
 
Cam said:
Has this had any effect?

I may be wrong, but I thought stub zones were for unbound to forward sub-domains (in your case *.rgnldo.lan) to an upstream dns server,. And as pixelserv isnt a DNS server, doesn't it just timeout and fall back to unbound to resolve - hence taking longer (until cached)?
I think the "local-zone", "local-data" is the directive to spoof resolved DNS to pixelserv.

Sent from my Nokia 7 plus using Tapatalk
Click to expand...
Yea I would think it is simple as redirecting responses of blocked domains to pixelserv-tls, but stub zone may still be required for for proper caching of responses.

this may be able to be utilized, don't know if it is set right.
access-control-tag: 192.168.1.3/24 "tag2 tag1"
access-control-tag-data: 192.168.1.3/24 tag2 "A 127.0.0.1"
access-control-tag-action: 192.168.1.3/24 tag1 redirect
access-control-view: 192.168.1.3/24 viewname

local-zone: "adserver.example.com" redirect
local-data: "adserver.example.com A 127.0.0.1"

or

local-zone: "adserver.example.com" redirect
local-data: "adserver.example.com A 192.168.1.3"

should suffice.
 
Last edited:
Just noticed I'm getting an error parsing the cron job added in the most recent release:

Log output:
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*\/15
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*


cru l output:
0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#

EDIT: Upon investigation it looks like this is an issue with line #429 in v1.2.0 of unbound_installer.sh:
$(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )

The escape characters are mistakenly added into the services-start file:
Excerpt from services-start:
cru a root_servers "0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache" # unbound_installer
 
rgnldo said:
- Fixed. added unbound file performance and security improvements.
- Improved blocking of ads and tracker's (including youtube).
Enjoy!
Click to expand...
If we want to try the unbound built in ad blocking, do we need to disable either Skynet or diversion?
 
rgnldo said:
- Fixed. added unbound file performance and security improvements.
- Improved blocking of ads and tracker's (including youtube).
Enjoy!
Click to expand...
For the recent fixes do we have to wait for the script update or fo we simply update unbound to get them? Thanks for the assist.
 
Kingp1n said:
For the recent fixes do we have to wait for the script update or fo we simply update unbound to get them? Thanks for the assist.
Click to expand...
No. Launch the script and choose update setting. Return your feedback.
 
Seij said:
Just noticed I'm getting an error parsing the cron job added in the most recent release:

Log output:
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*\/15
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*


cru l output:
0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#

EDIT: Upon investigation it looks like this is an issue with line #429 in v1.2.0 of unbound_installer.sh:
$(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )

The escape characters are mistakenly added into the services-start file:
Excerpt from services-start:
cru a root_servers "0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache" # unbound_installer
Click to expand...
It will be fixed. Add manual on /jffs/scripts/services.start
Code: 
cru a root_servers  "0 2 */15 * * curl -o /opt/var/lib/unbound/root.hints https://www.internic.net/domain/named.cache"
 
Seij said:
Just noticed I'm getting an error parsing the cron job added in the most recent release:

Log output:
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*\/15
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*


cru l output:
0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#

EDIT: Upon investigation it looks like this is an issue with line #429 in v1.2.0 of unbound_installer.sh:
$(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )

The escape characters are mistakenly added into the services-start file:
Excerpt from services-start:
cru a root_servers "0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache" # unbound_installer
Click to expand...
Which version of the script are you running?
 
Martineau said:
Which version of the script are you running?
Click to expand...
1.20

Pretty sure line 429 is the culprit, as my services-start file contained the "\" escape character

428: echo -e $cBCYA"Creating Bi-weekly InterNIC Root DNS Servers cron job"$cRESET
429: $(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )
 
Seij said:
1.20

Pretty sure line 429 is the culprit, as my services-start file contained the "\" escape character

428: echo -e $cBCYA"Creating Bi-weekly InterNIC Root DNS Servers cron job"$cRESET
429: $(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )
Click to expand...
Whoops, apologies.... :oops: (I haven't rebooted so the ACTIVE cru #root_servers# job is fine.)

I may release v1.21, but I doubt it is critical, to retrieve the file every two weeks (it was originally retrieved every day :rolleyes:) and according to the HDR is a month old anyway?
Code: 
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     December 05, 2019
;       related version of root zone:     2019120501
 
Martineau said:
I may release v1.21, but I doubt it is critical, to retrieve the file every two weeks (it was originally retrieved every day :rolleyes:) and according to the HDR is a month old anyway?
Click to expand...
Ideally check for the update. If daily resolves, that's fine. We removed from the script because of the option to install adblock or not.
 
[Will not go to script] in tests, stub-zone and auth-zone with interNIC and dns.opennic.glue. A security layer with root.zone.
https://www.nlnetlabs.nl/downloads/presentations/unbound_privacy_apricot2019.pdf
Code: 
# auth-zone
include: /opt/var/lib/unbound/root.zone
Code: 
auth-zone:
    name: "."
    url: "https://www.internic.net/domain/root.zone"
    fallback-enabled: yes
    for-downstream: no
    for-upstream: yes
    zonefile: root.zone
Code: 
curl -o /opt/var/lib/unbound/root.zone https://www.internic.net/domain/root.zone
Code: 
# stub-zone
include: /opt/var/lib/unbound/stub.zone
Code: 
stub-zone:
    name: "dns.opennic.glue"
    stub-addr: "127.0.0.1@552"   #  Authorative Slave DNS server
stub-zone:
    name: "bbs"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "bit"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "chan"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "cyb"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "dyn"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "free"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "fur"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "geek"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "gopher"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "indy"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "libre"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "neo"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "null"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "o"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "opennic.glue"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oss"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oz"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "parody"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "pirate"
    stub-addr: "127.0.0.1@552"
# OpenNIC Peers:
stub-zone:
    name: "baza"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "coin"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "emc"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "lib"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "ku"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ku
    stub-addr: "185.82.22.133"  # ns2.new-nations.ku
stub-zone:
    name: "te"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.te
    stub-addr: "185.82.22.133"  # ns2.new-nations.te
stub-zone:
    name: "ti"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ti
    stub-addr: "185.82.22.133"  # ns2.new-nations.ti
stub-zone:
    name: "uu"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.uu
    stub-addr: "185.82.22.133"  # ns2.new-nations.uu
 
Last edited:
rgnldo said:
[Will not go to script] in tests, stub-zone and auth-zone with interNIC and dns.opennic.glue. A security layer with root.zone.
https://www.nlnetlabs.nl/downloads/presentations/unbound_privacy_apricot2019.pdf
Code: 
# auth-zone
include: /opt/var/lib/unbound/auth.zone
Code: 
auth-zone:
    name: "."
    url: "https://www.internic.net/domain/root.zone"
    fallback-enabled: yes
    for-downstream: no
    for-upstream: yes
    zonefile: /run/root.zone
Code: 
# stub-zone
include: /opt/var/lib/unbound/stub.zone
Code: 
stub-zone:
    name: "dns.opennic.glue"
    stub-addr: "127.0.0.1@552"   #  Authorative Slave DNS server
stub-zone:
    name: "bbs"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "bit"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "chan"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "cyb"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "dyn"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "free"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "fur"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "geek"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "gopher"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "indy"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "libre"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "neo"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "null"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "o"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "opennic.glue"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oss"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oz"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "parody"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "pirate"
    stub-addr: "127.0.0.1@552"
# OpenNIC Peers:
stub-zone:
    name: "baza"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "coin"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "emc"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "lib"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "ku"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ku
    stub-addr: "185.82.22.133"  # ns2.new-nations.ku
stub-zone:
    name: "te"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.te
    stub-addr: "185.82.22.133"  # ns2.new-nations.te
stub-zone:
    name: "ti"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ti
    stub-addr: "185.82.22.133"  # ns2.new-nations.ti
stub-zone:
    name: "uu"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.uu
    stub-addr: "185.82.22.133"  # ns2.new-nations.uu
Click to expand...
Is there reason why it wouldnt be added to the script?
 
Kingp1n said:
Is there reason why it wouldnt be added to the script?
Click to expand...
The user should organize on their own. The focus now is to try to add the script in AMTM and fixed's. We have enough for unbound. I'm waiting for monitoring with Zabbix, but it won't go to the script either.
 
I took the plunge and installed Unbound. Seems to be working. I did notice this error message in my log after rebooting the router that indicated a parsing error for cron. Any ideas?
 

Attachments

  • log-1.jpg
    log-1.jpg
    73.5 KB · Views: 222
Status
Not open for further replies.

Similar threads

J
Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2
23 24 25
Replies
499
Views
81K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
Similar threads
Thread starter Title Forum Replies Date
C Can't connect to DYNDNS when Unbound is enabled ! Asuswrt-Merlin 10
L "Maximum number of concurrent DNS queries" with strange lb._dns-sd._udp. ... .in-addr.arpa reverse DNS queries (has Pi running Adguard Home + Unbound) Asuswrt-Merlin 2
O PI hole + unbound + domain vpn routing Asuswrt-Merlin 10
L Unbound + Wireguard: is this combination possible at all? Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 819 (members: 41, guests: 778)
Top