What's new

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
@Martineau thank you. I removed that temp fix. :)

Would you have any thoughts on why I need this option on 'Yes' and also if it will come back to haunt me if I leave it this way?

I am also using the Auth-zone (root zone, AXFR speedup) option too.

https://www.snbforums.com/threads/u...-caching-dns-server.58967/page-36#post-542322

However, I do use the Wan: Use local caching DNS server as system resolver (default: No) set to Yes. Otherwise, amtm and unbound (and any other script I try) seems to be slow as molasses.
 
Would you have any thoughts on why I need this option on 'Yes' and also if it will come back to haunt me if I leave it this way?
It would depend on what you are using for WAN DNS servers. If those are slow or one is not responding, it could make things look slow.
 
@dave14305 thank you. Right now I have Connect to DNS servers Automatically set to Yes.

I'm also not using DoT right now.

If I do enable DoT, do I need to change the 'Wan: Use local caching DNS server as system resolver (default: No)' back to the default 'No'? Or not?

Particularly with Auth-zone configured too?
 
Updated to 2.01, everything seems to be working !!
 
Martineau
found another small issue with 2.01 and previous version 1.97 - when entering x to stop unbound

Code:
Invalid Option "x" Please enter a valid option
 
Right now I have Connect to DNS servers Automatically set to Yes.
You should test them at the router command line to see if either seems slow or times out.
Code:
for i in $(nvram get wan_dns); do time nslookup raw.githubusercontent.com $i; done
If I do enable DoT, do I need to change the 'Wan: Use local caching DNS server as system resolver (default: No)' back to the default 'No'? Or not?
I would have it set to No in almost every situation. You just need reliable WAN DNS servers. When you have the router requiring dnsmasq, unbound AND Stubby to be available so it can resolve its own lookups (e.g. for NTP, script updates, etc.), you’re eventually asking for trouble.

All these DNS extras (e.g. unbound, NextDNS) are at a disadvantage because the firmware is not designed around them. There is no watchdog to ensure they stay running, for example. So keep the router healthy by not requiring it to use its own DNS service to startup its DNS service. :rolleyes:
 
Last edited:
@dave14305 thank you so much. :)

Would you have any idea why the scripts run like molasses when it is set to 'No'?
 
@Smokey


FWIW, I don’t have the issue.
(I don’t have stubby integrated, & I’m using the Unbound ad blocker.)

Speed wise I see no difference between yes/no.

no issue here either - using Diversion and no integration to Stubby
 
My guess is one of your WAN DNS servers times out when a script tries to resolve a name. Did you run the command to test them and time them?

Sorry, I haven't had time yet to do that. I will be home later (much...). :)
 
Martineau
found another small issue with 2.01 and previous version 1.97 - when entering x to stop unbound

Code:
Invalid Option "x" Please enter a valid option
Whoops. :oops:

You can type 'stop' as this was always a hidden menu option, I decided that 'x' would look better in the menu, and forgot to add 'x' as an alias for 'stop'

I'll push a hotfix in due course, pending any other bugs/issues coming to light with v2.01

NOTE: Simply stopping unbound will more than likely impact Internet access, and as documented on GitHub or using the script's help function
Code:
unbound_manager   -h
(i.e. having stopped unbound), exiting unbound_manager and attempting to rerun unbound_manager will seemingly fail to initialise/display the menu options, so the stop option should be used with caution. ;)
 
Last edited:
Added support adblock whitelist for x3mRouting using the IPSET Shell Scripts Method. Excellent solution with IPSET. Available on AMTM.
 
Added support adblock whitelist for x3mRouting using the IPSET Shell Scripts Method. Excellent solution with IPSET. Available on AMTM.

As asked/requested before, as per post post #784 it is good practice to include a 'Version Header' particularly when updating 'unbound.conf' on your GitHub so users can see what features have been added/removed.

Fix it.
 
You should test them at the router command line to see if either seems slow or times out.
Code:
for i in $(nvram get wan_dns); do time nslookup raw.githubusercontent.com $i; done

I would have it set to No in almost every situation. You just need reliable WAN DNS servers. When you have the router requiring dnsmasq, unbound AND Stubby to be available so it can resolve its own lookups (e.g. for NTP, script updates, etc.), you’re eventually asking for trouble.

All these DNS extras (e.g. unbound, NextDNS) are at a disadvantage because the firmware is not designed around them. There is no watchdog to ensure they stay running, for example. So keep the router healthy by not requiring it to use its own DNS service to startup its DNS service. :rolleyes:

Finally had a chance to track down why scripts were so slow when 'Wan: Use local caching DNS server as system resolver (default: No) was set to 'No' (default).

When 'Connect to DNS Servers Automatically' was set to 'Yes' on the WAN page, the nslookup command above was giving a time of over 5 seconds!

When I set to connect to DNS servers to 'No' and used Cloudflare servers (1.1.1.1 and 1.0.0.1), the times went to 0.01 seconds. :)

Now, I have the local WAN caching set to 'No' and everything is fast. :)

Thank you @dave14305 for giving me the tools to track this down.
 
I installed the utility last night. I first ran the "?" option and made the config changes recommended before running the install option. I then ran the install option "i". One of my OpenVPN Clients was not able to connect due to a DNS error that it was unable to resolve the domain name of the VPN server. The other three OpenVPN Clients were able to connect. All but one of the OpenVPN Clients have Accept DNS Configuration set to Disabled. The other one is set to Exclusive.

In my attempt to debug, I noticed that all of my DNS settings on the WAN page were unchanged. I have "Connect to DNS Server automatically" set to No and specify the Cloudflare servers so the router has DNS during the boot process until DoT can kick in. DoT is enabled using Cloudflare. It was getting late so I backed out the changes and plan to try again over the weekend.

What are the recommended DNS settings on the WAN page if one wants to use Unbound?
 
What are the recommended DNS settings on the WAN page if one wants to use Unbound?
I performed all possible scenarios with VPN or Streaming services. Fortunately, the FW Merlin team organized DNS/WAN resolution as "NO" to allow compatibility between the different services. By the way it is organized, unbound or FW Merlin does not interfere with connectivity.
 
Status
Not open for further replies.

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top