dave14305
Part of the Furniture
The simplest approach might be to use DNSFilter as recommended on the Diversion FAQ: https://diversion.ch/faq-reader/how-to-exclude-a-client-from-ad-blocking.html
Unbound - Authoritative Recursive Caching DNS Server
- Thread starter rgnldo
- Start date
- Status
Smokey613
Very Senior Member
Well, option three will not work due to IPv6 still assigns my router as the DNS server
I had read that FAQ and my understanding that would allow any client to manually set their DNS to bypass my router on DNS lookups versus my current setting of “router” which forces queries through my router. Am I understanding this correctly? Also, how does IPv6 interact with this manual DNS setting?
dave14305
Part of the Furniture
You can leave Global mode = Router and just add her individual devices to send to your favorite DNS server. I’ve never really tested it with IPv6. We’ll leave that part to you.
Smokey613
Very Senior Member
You can leave Global mode = Router and just add her individual devices to send to your favorite DNS server. I’ve never really tested it with IPv6. We’ll leave that part to you.
I tested it on my iPhone and it did assign the 1.1.1.1 I was testing it with. Most of the time, the iPhone queried DNS via the router’s IPv6 address. Maybe I need to just turn off IPv6 on my network.
Treadler
Very Senior Member
Is CNAME now included (by default) in the native Unbound Adblock?
Last edited:
dave14305
Part of the Furniture
Try with Quad9 for her devices. It supports an IPv6 address behind the scenes in DNSFilter.I tested it on my iPhone and it did assign the 1.1.1.1 I was testing it with. Most of the time, the iPhone queried DNS via the router’s IPv6 address. Maybe I need to just turn off IPv6 on my network.
Smokey613
Very Senior Member
IPv6 is definitely the issue. If I use the router to push custom DNS and the router is set to Enable DNS-based Filtering ON and Global Filter Mode is set to Router, the device will always pick up the IPv6 address of the router for DNS lookups and Apple devices seem to prefer IPv6.
dave14305
Part of the Furniture
It looks like a bug in DNSFilter after additional options were added to the DNS choices.
@RMerlin I think in order for Quad9 and Cleanbrowsing IPv6 options to work, the upper limit of this loop needs to increase from 13 to 17?
https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/rc/dnsfilter.c#L259
Smokey613
Very Senior Member
Could Unbound be causing an issue in trying to implement this Custom DNS setup?
dave14305
Part of the Furniture
No, it’s just a different approach to DNSFilter with IPv6 than IPv4. If working properly, DNSFilter should tell dnsmasq dhcp to give your specified IPv6 client the Quad9 IPv6 IPs and refuse any DNS requests being sent to other servers.
It’s really now off-topic for Unbound, but still an interesting predicament.
Smokey613
Very Senior Member
Okay, last post on this subject. In my DNSFilter tab these are my settings. I actually did a forget network and reconnected and my iPhone no longer resolves DNS lookups. But I can ping out to the internet. Now back to your regularly scheduled topic.
Attachments
Safemode
Regular Contributor
Good day everyone, I'm getting some errors on the about section of unbound. I only use logging from the intial setup. Is it my configuration or something went wrong somewhere.I'm also getting an error when trying to run the l command ( unbound logging '/opt/var/lib/unbound/' NOT ENABLED?)
A:Option ==> ?
Version=1.28
Local md5=3d48043274ddc51416f6a4b419e0c951
Github md5=3d48043274ddc51416f6a4b419e0c951
/jffs/scripts/unbound_manager.md5 md5=128 3d48043274ddc51416f6a4b419e0c951
Router Configuration recommended pre-reqs status:
[✔] Swapfile=262140 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO
Options:
[✔] unbound Logging
[✔] Stubby Integration
/opt/bin/unbound_manager: line 2085: can't open /opt/var/lib/unbound/adblock/adservers: no such file
/opt/bin/unbound_manager: line 2085: can't open /opt/var/lib/unbound/adblock/blockhost: no such file
/opt/bin/unbound_manager: line 2085: can't open /opt/var/lib/unbound/adblock/permlist: no such file
[✔] Ad and Tracker Blocking (No. of Adblock domains=,Blocked Hosts=,Whitelist=, - Warning Diversion is also ACTIVE)
[✔] Firefox DNS-over-HTTPS (DoH) DISABLE/Blocker
A:Option ==> ?
Version=1.28
Local md5=3d48043274ddc51416f6a4b419e0c951
Github md5=3d48043274ddc51416f6a4b419e0c951
/jffs/scripts/unbound_manager.md5 md5=128 3d48043274ddc51416f6a4b419e0c951
Router Configuration recommended pre-reqs status:
[✔] Swapfile=262140 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO
Options:
[✔] unbound Logging
[✔] Stubby Integration
/opt/bin/unbound_manager: line 2085: can't open /opt/var/lib/unbound/adblock/adservers: no such file
/opt/bin/unbound_manager: line 2085: can't open /opt/var/lib/unbound/adblock/blockhost: no such file
/opt/bin/unbound_manager: line 2085: can't open /opt/var/lib/unbound/adblock/permlist: no such file
[✔] Ad and Tracker Blocking (No. of Adblock domains=,Blocked Hosts=,Whitelist=, - Warning Diversion is also ACTIVE)
[✔] Firefox DNS-over-HTTPS (DoH) DISABLE/Blocker
Last edited:
rgnldo
Very Senior Member
Notice this:
[✔] Ad and Tracker Blocking (No. of Adblock domains=,Blocked Hosts=,Whitelist=, - Warning Diversion is also ACTIVE)
Choose only one ad blocker. After choosing, uninstall unbound and reinstall again.
Safemode
Regular Contributor
i'm not using the unbound adblocker. I only select the first choice which is for logging the rest i skip. This is what i find weird.Notice this:
[✔] Ad and Tracker Blocking (No. of Adblock domains=,Blocked Hosts=,Whitelist=, - Warning Diversion is also ACTIVE)
Choose only one ad blocker. After choosing, uninstall unbound and reinstall again.
Safemode
Regular Contributor
i just ran a quick update besides the errors i mentioned above i'm also seeing this error (
Customising 'dnsmasq.postconf' (aka '/jffs/addons/unbound/unbound.postconf')
/opt/bin/unbound_manager: line 2177: can't create /jffs/saddons/unbound/unbound.postconf: nonexistent directory
)
SolluxCaptor
Regular Contributor
Same exact issue as above FWIW. Appears to work regardless, but seeing many repeated messages during update (same messages as described above).
- Status
Similar threads
Similar threads
-
Can't connect to DYNDNS when Unbound is enabled !
- Started by ComputerSteve
- Replies: 10
-
-
Unbound + Wireguard: is this combination possible at all?
- Started by louisschneider
- Replies: 6