Unbound - Authoritative Recursive Caching DNS Server

[Smokey613]

Thanks @SomeWhereOverTheRainBow for the offer.

I'm still undecided if I should take down the script and walk way, given I'm saddened and disappointed to have been accused of having an 'ego' by @kernol (as unofficial spokesperson for the community?), when I became an unfortunate whistle-blower by simply diligently reiterating that the integrity of users' routers be held paramount

i.e. version control and accountability is mandatory when silently uploading experimental configuration files to the users' environment.

I hope you continue with the project. I personally do not care about the “add ons” ie. ADBlock or Firefox stuff, I just want a good high performance recursive dns server. Having been an alpha/beta tester for several projects in years past, I agree on precise documentation on any changes. If this is not done then you cannot determine which changes provided an improvement and which did not. You wind up doing a lot of guessing and eventually wind up with a big mess. This documentation is even more important when there are several collaborators. One would have to question the reason for any opposition to precise change control documentation. Without such documentation, it quickly becomes an exercise in futility.

 

[L&LD]

@rgnldo I appreciate you still contributing here, along with everyone else. Thank you.

Could you please elaborate on the settings that have changed 'slightly'? It would be very appreciated.

 

[SolluxCaptor]

@rgnldo I appreciate you still contributing here, along with everyone else. Thank you.

Could you please elaborate on the settings that have changed 'slightly'? It would be very appreciated.

Hopefully we hear from him shortly, but I believe he means with Unbound 1.9.6 the default .conf file is different than we had prior to the Entware update - we were stuck with 1.9.3 before which had a different base config. I noticed that as well - but not sure if that is what he meant. Apologies by the way, I do not mean to reply where I don't belong - but that is my understanding of the phrasing / what I saw in .conf with 1.9.6 update (before re-running script).

 

[L&LD]

@SolluxCaptor no need for apologies! Thank you for your input and insight! Hopefully, @rgnldo will be able to reply soon.

A note though, I was on the 2.01 version but if I remember correctly, it was the 1.93 .conf version. I don't remember a 1.94 version at least on my install.

 

[SolluxCaptor]

@SolluxCaptor no need for apologies! Thank you for your input and insight! Hopefully, @rgnldo will be able to reply soon.

A note though, I was on the 2.01 version but if I remember correctly, it was the 1.93 .conf version. I don't remember a 1.94 version at least on my install.

DOH. Meant 1.9.3 corrected

 

[Martineau]

Strange how you keep saying the matter is closed, yet continue to revive with it with misleading bias.

So I will have my final say...

I see no reason to find the culprits.

This speaks volumes.

The forum is acutely aware that an apology will never be received.

If you look, there is no repository under my responsibility on Github before the installer script.

You created your Github repository on your own initiative when you requested that I write the script - I believe another forum member then uploaded my example beta script to your Github.

Citing 'you didn't understand the script's logic' to be able to adapt the beta script to your needs, consequently I was told to use your repository for the tedious rewrite - but rather than keep submitting pull requests, I decided to take formal ownership of the script on my Github, as I could provide quicker fixes/features whilst maintaining far better transparency, version control and documentation for the script.

So there is no question as the incumbent unbound SME, you knowingly enforced the use of your Github to host files that my script should retrieve.

i.e.

1. I was told to retrieve the Ad Block 'unbound_adblock.tar.bz2' package

Later you told me to retrieve the individual files e.g. gen_adblock.sh, that surprise surprise conveniently allowed you to silently extract/modify the original package without version control.​

2. I was also then told to retrieve the stuning.sh script file that you found.
3. You formally agreed to maintain/provide the custom 'unbound.conf' that the script would retrieve.​

So you exploited the convenience of hosting a Github, but turned defensive/nasty when you were exposed.

Now consider the matter closed.

 

[SomeWhereOverTheRainBow]

Thanks @SomeWhereOverTheRainBow for the offer.

I'm still undecided if I should take down the script and walk way, given I'm saddened and disappointed to have been accused of having an 'ego' by @kernol (as unofficial spokesperson for the community?), when I became an unfortunate whistle-blower by simply diligently reiterating that the integrity of users' routers be held paramount

i.e. version control and accountability is mandatory when silently uploading experimental configuration files to the users' environment.

I see your point made, the point of the project originally was to test among several users and see what was "stable" across multiple routers as a "basic" .conf. As a developer this is critical. Sometime too much is too much and the developer needs to rely more on the user feedback, v.s. "putting their hands deeper in the honey pot". so to say. I concur with your assessment of that situation @Martineau . If changes are made for testing they should be done on a separate branch first for the intensive purposes of "testing". and not commit to directly to the public until it is determined to be needed for the "whole" or consensus has been made by users that is a necessary evil?.

 

[dave14305]

I've been looking through the OpenWRT script for configuring unbound.conf and it's very interesting (to me). I was imagining a way to dynamically generate the unbound.conf based on user prefs. It also is an alternative viewpoint on what is a good baseline configuration for a router.

https://github.com/openwrt/packages/blob/master/net/unbound/files/unbound.sh

Just a source of ideas for future development/customization.

 

[Treadler]

FWIW, the ‘current’ Unbound is working well here.
+ Diversion.
No Stubby integration (or native Adblock).
Surfing seems very ‘snappy’, router not working any harder than it normally would with the current config minus Unbound.

 

[L&LD]

@Treadler +1

Very 'snappy' indeed. Even with my 1Gbps up/down symmetrical ISP connection, much 'snappier' than without it.

 

[dave14305]

Surfing seems very ‘snappy’, router not working any harder than it normally would with the current config minus Unbound.

Very 'snappy' indeed. Even with my 1Gbps up/down symmetrical ISP connection, much 'snappier' than without it.

This must mean your previous DNS servers were very slow, and/or returning IPs that were not geographically optimal for your locations.

 

[Treadler]

This must mean your previous DNS servers were very slow, and/or returning IPs that were not geographically optimal for your locations.

My ‘preferred’ public resolver is 1400km away, so yes!

(There is a local Cloudflare, plenty fast, but some sites just will not resolve, dunno why......)

 

[L&LD]

@dave14305, yes. About 5 seconds vs. 0.01 seconds ISP DNS vs. Cloudflare 1.1.1.1 and 1.0.0.1 servers.

 

[joe scian]

I've been looking through the OpenWRT script for configuring unbound.conf and it's very interesting (to me). I was imagining a way to dynamically generate the unbound.conf based on user prefs. It also is an alternative viewpoint on what is a good baseline configuration for a router.

https://github.com/openwrt/packages/blob/master/net/unbound/files/unbound.sh

Just a source of ideas for future development/customization.

Hi dave
Does this mean we can run unbound.sh and it will automatically update our existing unbound.conf to one that uses all the algorithms and parameters that are contained within the script? Have you tried it - if so has this resulted in a net perceived performance increase?

 

[dave14305]

Hi dave
Does this mean we can run unbound.sh and it will automatically update our existing unbound.conf to one that uses all the algorithms and parameters that are contained within the script? Have you tried it - if so has this resulted in a net perceived performance increase?

No, it’s not written for Merlin or our Entware config. And there is no source of user preferences (although I could imagine someone writing a custom GUI page now). Just planting a seed for further thoughts.

 

[Jack Yaz]

No, it’s not written for Merlin or our Entware config. And there is no source of user preferences (although I could imagine someone writing a custom GUI page now). Just planting a seed for further thoughts.

You should see my list of to-dos once 384.15 goes stable

 

[SomeWhereOverTheRainBow]

You should see my list of to-dos once 384.15 goes stable

All I know is when you are done it shall be dubbed
**Something Awesome Just Happen**

 

[Xentrk]

No, it’s not written for Merlin or our Entware config. And there is no source of user preferences (although I could imagine someone writing a custom GUI page now). Just planting a seed for further thoughts.

I have been pondering that too. On pfSense, there are 3 screens available to tweek settings. I learned a lot about the firmware pages with the OpenVPN client screen updates @Martineau shared with me for the x3mRouting project. But I am still on the lower end of the learning curve when it comes to the asp pages.

 

[Martineau]

I've uploaded v2.03

unbound v1.9.6 now includes 'unbound-checkconf' which was apparently removed/omitted in unbound v1.9.3.
(Thanks @dave14305 for the heads-up)

So the utility is now invoked during the 'i = Install/Update' and when requesting the 'rs' or 'rl' commands, so the script should now be able to confidently safe-guard against a corrupt download or mangled configuration file disrupting/impacting a current valid running configuration.

e.g. attempt to load an unbound configuration that contains syntax errors:

e  = Exit Script

A:Option ==> rl bad

/opt/share/unbound/configs/bad.conf:123: error: syntax error
read /opt/share/unbound/configs/bad.conf failed: 1 errors in configuration file

***ERROR requested config '/opt/share/unbound/configs/bad.conf' NOT loaded

or when requesting unbound_manager having externally incorrectly edited

'/opt/var/lib/unbound/unbound.conf'

unbound_manager

Creating 'unbound_manager' alias

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 2.03 by Martineau                       |
|                                                                      |
| Requirements: USB drive with Entware installed                       |
|                                                                      |
|   i = Install unbound DNS Server - Advanced Mode                     |
|       o1. Enable unbound Logging                                     |
|       o2. Integrate with Stubby                                      |
|       o3. Install Ad and Tracker Blocking                            |
|       o4. Customise CPU/Memory usage (Advanced Users)                |
|       o5. Disable Firefox DNS-over-HTTPS (DoH) (USA users)           |
|                                                                      |
|   z  = Remove Existing unbound Installation                          |
|   ?  = About Configuration                                           |
|                                                                      |
|     See SNBForums thread https://tinyurl.com/s89z3mm for helpful     |
|         user tips on unbound usage/configuration.                    |
+======================================================================+

/opt/var/lib/unbound/unbound.conf:60: error: unknown keyword 'rset-cache-size'
/opt/var/lib/unbound/unbound.conf:60: error: stray ':'
/opt/var/lib/unbound/unbound.conf:60: error: unknown keyword '16m'
read /opt/var/lib/unbound/unbound.conf failed: 3 errors in configuration file

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

u = Push to Github PENDING for (Major) unbound_manager v2.03 update >>>> v2.02

i  = Update unbound Installation ('/opt/var/lib/unbound/')
z  = Remove Existing unbound Installation    v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit; vh=View Example Configuration)
3  = Advanced Tools                          rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration 
 
rs = Restart (or Start) unbound  

e  = Exit Script

A:Option ==>

 

[Treadler]

I've uploaded v2.03

unbound v1.9.6 now includes 'unbound-checkconf' which was apparently removed/omitted in unbound v1.9.3. (Thanks @dave14305 for the heads-up)

So the utility is now invoked during the 'i = Install/Update' and when requesting the 'rs' or 'rl' commands, so the script should now be able to confidently safe-guard against a corrupt download or mangled configuration file without disrupting/impacting a running configuration.

e.g. attempt to load an unbound configuration that contains syntax errors:

e  = Exit Script

A:Option ==> rl bad

/opt/share/unbound/configs/bad.conf:123: error: syntax error
read /opt/share/unbound/configs/bad.conf failed: 1 errors in configuration file

***ERROR requested config '/opt/share/unbound/configs/bad.conf' NOT loaded

or when requesting unbound_manager having externally incorrectly edited

'/opt/var/lib/unbound/unbound.conf'

unbound_manager

Creating 'unbound_manager' alias

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 2.03 by Martineau                       |
|                                                                      |
| Requirements: USB drive with Entware installed                       |
|                                                                      |
|   i = Install unbound DNS Server - Advanced Mode                     |
|       o1. Enable unbound Logging                                     |
|       o2. Integrate with Stubby                                      |
|       o3. Install Ad and Tracker Blocking                            |
|       o4. Customise CPU/Memory usage (Advanced Users)                |
|       o5. Disable Firefox DNS-over-HTTPS (DoH) (USA users)           |
|                                                                      |
|   z  = Remove Existing unbound Installation                          |
|   ?  = About Configuration                                           |
|                                                                      |
|     See SNBForums thread https://tinyurl.com/s89z3mm for helpful     |
|         user tips on unbound usage/configuration.                    |
+======================================================================+

/opt/var/lib/unbound/unbound.conf:60: error: unknown keyword 'rset-cache-size'
/opt/var/lib/unbound/unbound.conf:60: error: stray ':'
/opt/var/lib/unbound/unbound.conf:60: error: unknown keyword '16m'
read /opt/var/lib/unbound/unbound.conf failed: 3 errors in configuration file

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

u = Push to Github PENDING for (Major) unbound_manager v2.03 update >>>> v2.02

i  = Update unbound Installation ('/opt/var/lib/unbound/')
z  = Remove Existing unbound Installation    v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit; vh=View Example Configuration)
3  = Advanced Tools                          rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration   
 
rs = Restart (or Start) unbound    

e  = Exit Script

A:Option ==>

Appreciated, thanks for that!