What's new

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Code:
stub-zone:
    name: "rgnldo.lan"
    stub-addr: 192.168.1.3
stub-zone:
    name: "1.168.192.in-addr.arp"
    stub-addr: 192.168.1.3
Goal here is to provide performance and latency reduction. A good experience High response and performance. :):D

Has this had any effect?

I may be wrong, but I thought stub zones were for unbound to forward sub-domains (in your case *.rgnldo.lan) to an upstream dns server,. And as pixelserv isnt a DNS server, doesn't it just timeout and fall back to unbound to resolve - hence taking longer (until cached)?
I think the "local-zone", "local-data" is the directive to spoof resolved DNS to pixelserv.

Sent from my Nokia 7 plus using Tapatalk
 
Has this had any effect?

I may be wrong, but I thought stub zones were for unbound to forward sub-domains (in your case *.rgnldo.lan) to an upstream dns server,. And as pixelserv isnt a DNS server, doesn't it just timeout and fall back to unbound to resolve - hence taking longer (until cached)?
I think the "local-zone", "local-data" is the directive to spoof resolved DNS to pixelserv.

Sent from my Nokia 7 plus using Tapatalk
Yes. Pixelserv-tls also has the function of speeding up responses as well as SNI. It is being used in conjunction with adblock. In the same logic, I am testing with NGINX and Lighttpd.
 
Has this had any effect?

I may be wrong, but I thought stub zones were for unbound to forward sub-domains (in your case *.rgnldo.lan) to an upstream dns server,. And as pixelserv isnt a DNS server, doesn't it just timeout and fall back to unbound to resolve - hence taking longer (until cached)?
I think the "local-zone", "local-data" is the directive to spoof resolved DNS to pixelserv.

Sent from my Nokia 7 plus using Tapatalk
Yea I would think it is simple as redirecting responses of blocked domains to pixelserv-tls, but stub zone may still be required for for proper caching of responses.

this may be able to be utilized, don't know if it is set right.
access-control-tag: 192.168.1.3/24 "tag2 tag1"
access-control-tag-data: 192.168.1.3/24 tag2 "A 127.0.0.1"
access-control-tag-action: 192.168.1.3/24 tag1 redirect
access-control-view: 192.168.1.3/24 viewname

local-zone: "adserver.example.com" redirect
local-data: "adserver.example.com A 127.0.0.1"

or

local-zone: "adserver.example.com" redirect
local-data: "adserver.example.com A 192.168.1.3"

should suffice.
 
Last edited:
Just noticed I'm getting an error parsing the cron job added in the most recent release:

Log output:
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*\/15
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*


cru l output:
0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#

EDIT: Upon investigation it looks like this is an issue with line #429 in v1.2.0 of unbound_installer.sh:
$(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )

The escape characters are mistakenly added into the services-start file:
Excerpt from services-start:
cru a root_servers "0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache" # unbound_installer
 
- Fixed. added unbound file performance and security improvements.
- Improved blocking of ads and tracker's (including youtube).
Enjoy!
If we want to try the unbound built in ad blocking, do we need to disable either Skynet or diversion?
 
- Fixed. added unbound file performance and security improvements.
- Improved blocking of ads and tracker's (including youtube).
Enjoy!
For the recent fixes do we have to wait for the script update or fo we simply update unbound to get them? Thanks for the assist.
 
For the recent fixes do we have to wait for the script update or fo we simply update unbound to get them? Thanks for the assist.
No. Launch the script and choose update setting. Return your feedback.
 
Just noticed I'm getting an error parsing the cron job added in the most recent release:

Log output:
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*\/15
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*


cru l output:
0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#

EDIT: Upon investigation it looks like this is an issue with line #429 in v1.2.0 of unbound_installer.sh:
$(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )

The escape characters are mistakenly added into the services-start file:
Excerpt from services-start:
cru a root_servers "0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache" # unbound_installer
It will be fixed. Add manual on /jffs/scripts/services.start
Code:
cru a root_servers  "0 2 */15 * * curl -o /opt/var/lib/unbound/root.hints https://www.internic.net/domain/named.cache"
 
Just noticed I'm getting an error parsing the cron job added in the most recent release:

Log output:
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*\/15
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*
Jan 13 09:01:00 RT-AC5300 crond[385]: user user1: parse error at \*


cru l output:
0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#

EDIT: Upon investigation it looks like this is an issue with line #429 in v1.2.0 of unbound_installer.sh:
$(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )

The escape characters are mistakenly added into the services-start file:
Excerpt from services-start:
cru a root_servers "0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache" # unbound_installer
Which version of the script are you running?
 
Which version of the script are you running?
1.20

Pretty sure line 429 is the culprit, as my services-start file contained the "\" escape character

428: echo -e $cBCYA"Creating Bi-weekly InterNIC Root DNS Servers cron job"$cRESET
429: $(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )
 
1.20

Pretty sure line 429 is the culprit, as my services-start file contained the "\" escape character

428: echo -e $cBCYA"Creating Bi-weekly InterNIC Root DNS Servers cron job"$cRESET
429: $(Smart_LineInsert "/jffs/scripts/services-start" "$(echo -e "cru a root_servers \"0 2 \*\/15 \* \* curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache\"\t# unbound_installer")" )
Whoops, apologies.... :oops: (I haven't rebooted so the ACTIVE cru #root_servers# job is fine.)

I may release v1.21, but I doubt it is critical, to retrieve the file every two weeks (it was originally retrieved every day :rolleyes:) and according to the HDR is a month old anyway?
Code:
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     December 05, 2019
;       related version of root zone:     2019120501
 
I may release v1.21, but I doubt it is critical, to retrieve the file every two weeks (it was originally retrieved every day :rolleyes:) and according to the HDR is a month old anyway?
Ideally check for the update. If daily resolves, that's fine. We removed from the script because of the option to install adblock or not.
 
[Will not go to script] in tests, stub-zone and auth-zone with interNIC and dns.opennic.glue. A security layer with root.zone.
https://www.nlnetlabs.nl/downloads/presentations/unbound_privacy_apricot2019.pdf
Code:
# auth-zone
include: /opt/var/lib/unbound/root.zone
Code:
auth-zone:
    name: "."
    url: "https://www.internic.net/domain/root.zone"
    fallback-enabled: yes
    for-downstream: no
    for-upstream: yes
    zonefile: root.zone
Code:
curl -o /opt/var/lib/unbound/root.zone https://www.internic.net/domain/root.zone
Code:
# stub-zone
include: /opt/var/lib/unbound/stub.zone
Code:
stub-zone:
    name: "dns.opennic.glue"
    stub-addr: "127.0.0.1@552"   #  Authorative Slave DNS server
stub-zone:
    name: "bbs"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "bit"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "chan"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "cyb"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "dyn"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "free"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "fur"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "geek"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "gopher"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "indy"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "libre"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "neo"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "null"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "o"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "opennic.glue"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oss"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oz"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "parody"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "pirate"
    stub-addr: "127.0.0.1@552"
# OpenNIC Peers:
stub-zone:
    name: "baza"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "coin"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "emc"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "lib"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "ku"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ku
    stub-addr: "185.82.22.133"  # ns2.new-nations.ku
stub-zone:
    name: "te"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.te
    stub-addr: "185.82.22.133"  # ns2.new-nations.te
stub-zone:
    name: "ti"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ti
    stub-addr: "185.82.22.133"  # ns2.new-nations.ti
stub-zone:
    name: "uu"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.uu
    stub-addr: "185.82.22.133"  # ns2.new-nations.uu
 
Last edited:
[Will not go to script] in tests, stub-zone and auth-zone with interNIC and dns.opennic.glue. A security layer with root.zone.
https://www.nlnetlabs.nl/downloads/presentations/unbound_privacy_apricot2019.pdf
Code:
# auth-zone
include: /opt/var/lib/unbound/auth.zone
Code:
auth-zone:
    name: "."
    url: "https://www.internic.net/domain/root.zone"
    fallback-enabled: yes
    for-downstream: no
    for-upstream: yes
    zonefile: /run/root.zone
Code:
# stub-zone
include: /opt/var/lib/unbound/stub.zone
Code:
stub-zone:
    name: "dns.opennic.glue"
    stub-addr: "127.0.0.1@552"   #  Authorative Slave DNS server
stub-zone:
    name: "bbs"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "bit"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "chan"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "cyb"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "dyn"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "free"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "fur"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "geek"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "gopher"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "indy"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "libre"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "neo"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "null"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "o"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "opennic.glue"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oss"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "oz"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "parody"
    stub-addr: "127.0.0.1@552"
stub-zone:
    name: "pirate"
    stub-addr: "127.0.0.1@552"
# OpenNIC Peers:
stub-zone:
    name: "baza"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "coin"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "emc"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "lib"
    stub-host: "seed1.emercoin.com"
    stub-host: "seed2.emercoin.com"
stub-zone:
    name: "ku"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ku
    stub-addr: "185.82.22.133"  # ns2.new-nations.ku
stub-zone:
    name: "te"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.te
    stub-addr: "185.82.22.133"  # ns2.new-nations.te
stub-zone:
    name: "ti"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.ti
    stub-addr: "185.82.22.133"  # ns2.new-nations.ti
stub-zone:
    name: "uu"
    stub-addr: "127.0.0.1@552"
    stub-addr: "5.45.96.220"    # ns1.new-nations.uu
    stub-addr: "185.82.22.133"  # ns2.new-nations.uu
Is there reason why it wouldnt be added to the script?
 
Is there reason why it wouldnt be added to the script?
The user should organize on their own. The focus now is to try to add the script in AMTM and fixed's. We have enough for unbound. I'm waiting for monitoring with Zabbix, but it won't go to the script either.
 
I took the plunge and installed Unbound. Seems to be working. I did notice this error message in my log after rebooting the router that indicated a parsing error for cron. Any ideas?
 

Attachments

  • log-1.jpg
    log-1.jpg
    73.5 KB · Views: 222
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top