dave14305
Part of the Furniture
https://github.com/MartineauUK/Unbound-Asuswrt-MerlinHow do I find script 2.03 for unbound installation?
https://github.com/MartineauUK/Unbound-Asuswrt-MerlinHow do I find script 2.03 for unbound installation?
Thanks...so page 1 allows for manual installation only correct?
It's a long story...Thanks...so page 1 allows for manual installation only correct?
Sorry, my unbound.conf is generated by a script. is by mega. adjustedCan you elaborate on these settings?
key-cache-size: 4
msg-cache-size: 4
rrset-cache-size: 8
Ok...so dumb question...what's the difference from the doing the manual install on pg. 1 and/or using the script version from link provided above? Can the link provided be posted on pg. 1 as well or this goes back to the "long story"? Reason I'm asking is because I started to re-install unbound using the instructions from pg. 1 but then got stuck on one of the steps so I continued installing from the 2.03 script which helped a lot for me. Then I was getting similar errors that L&LD was getting i.e. syntax errors so I've removed unbound again.
Can page 1 have instructions on how to manually uninstall unbound as well?
DNSSEC needs to be disabled so that dnsmasq cache can be turned off. This allows Unbound to keep its own cache very fresh.Also, on @Martineaus github, why is DNSSEC and Rebind required to be OFF?
I'll continue to promote a minimalist unbound.conf that uses most defaults where appropriate for a small router like my AC68U.With that, what flavour of the .conf file are people defaulting to?
server:
username: "nobody"
chroot: "/opt/var/lib/unbound"
directory: "/opt/var/lib/unbound"
pidfile: "unbound.pid"
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
root-hints: "root.hints"
auto-trust-anchor-file: "root.key"
logfile: "unbound.log"
log-time-ascii: yes
log-servfail: yes
extended-statistics: yes
interface: 127.0.0.1@53535
do-ip6: no
private-address: 127.0.0.0/8
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
prefetch: yes
prefetch-key: yes
minimal-responses: yes
edns-buffer-size: 1472
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
qname-minimisation: yes
rrset-roundrobin: yes
harden-glue: yes
harden-referral-path: no
harden-below-nxdomain: yes
harden-algo-downgrade: yes
remote-control:
control-enable: yes
control-use-cert: no
Being wrong never stopped me from posting.but I may be wrong and don't want to speak for @dave14305
Being wrong never stopped me from posting.
DNSSEC needs to be disabled so that dnsmasq cache can be turned off. This allows Unbound to keep its own cache very fresh.
DNS Rebind really only needs to be disabled if you're going to to use Unbound ad-blocking, which personally I don't recommend. dnsmasq with rebind protection would reject any responses from Unbound like 192.168.1.2 or 127.0.0.1.
I'll continue to promote a minimalist unbound.conf that uses most defaults where appropriate for a small router like my AC68U.
Code:server: username: "nobody" chroot: "/opt/var/lib/unbound" directory: "/opt/var/lib/unbound" pidfile: "unbound.pid" tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt" root-hints: "root.hints" auto-trust-anchor-file: "root.key" logfile: "unbound.log" log-time-ascii: yes log-servfail: yes extended-statistics: yes edns-buffer-size: 1472 interface: 127.0.0.1@53535 private-address: 127.0.0.0/8 private-address: 192.168.1.0/24 do-ip6: no private-address: 127.0.0.0/8 private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 prefetch: yes prefetch-key: yes minimal-responses: yes edns-buffer-size: 1472 hide-identity: yes hide-version: yes do-not-query-localhost: no qname-minimisation: yes rrset-roundrobin: yes harden-glue: yes harden-referral-path: no harden-below-nxdomain: yes harden-algo-downgrade: yes remote-control: control-enable: yes control-use-cert: no
Yes, each cache (key, msg, rrset) defaults to 4 MB. I've never seen it reach those limits in my small network.So in the minimal conf file Dave, what is the default unbound cache amount set? Is it caching at all?
unbound Manager/Installer script for ASUS Router running RMerlin firmware.
Script-installer as an easy option for installing Unbound written and maintained by @Martineau. All credits reserved.
For more details and installation:
https://github.com/MartineauUK/Unbound-Asuswrt-Merlin
For a complete newb to Unbound, out of the instructions you have after installation, what should I run/edit to use Unbound effectively?
List of installed Entware packages (59)
ca-bundle - 20190110-2 libopenssl-conf - 1.1.1d-2
ca-certificates - 20190110-2 libpcre - 8.43-2
column - 2.34-2 libpopt - 1.16-2
diffutils - 3.7-2 libpthread - 2.27-9
entware-opt - 227000-3 librt - 2.27-9
entware-release - 1.0-2 libsmartcols - 2.34-2
entware-upgrade - 1.0-1 libssp - 8.3.0-9
findutils - 4.7.0-1 libstdcpp - 8.3.0-9
getdns - 1.5.2-2 libunbound - 1.9.6-1
glib2 - 2.58.3-4 libuuid - 2.34-2
grep - 3.3-1 libyaml - 0.2.2-1
haveged - 1.9.8-2 locales - 2.27-8
htop - 2.2.0-2 logrotate - 3.15.0-2
libattr - 2.4.48-2 ntp-utils - 4.2.8p13-4
libc - 2.27-9 ntpd - 4.2.8p13-4
libcap - 2.27-3 openssl-util - 1.1.1d-2
libcurl - 7.67.0-2 opkg - 2019-06-14-dcbc142e-2
libdbi - 0.9.0-4 pixelserv-tls - 2.3.1-1
libevent2-core - 2.1.11-2 stubby - 0.2.6-2
libevent2-pthreads - 2.1.11-2 syslog-ng - 3.25.1-1
libexpat - 2.2.9-1 terminfo - 6.1-5
libffi - 3.2.1-3 unbound-anchor - 1.9.6-1
libgcc - 8.3.0-9 unbound-checkconf - 1.9.6-1
libhavege - 1.9.8-2 unbound-control - 1.9.6-1
libiconv-full - 1.11.1-4 unbound-control-setup - 1.9.6-1
libintl-full - 0.19.8.1-2 unbound-daemon - 1.9.6-1
libjson-c - 0.13.1-1 zlib - 1.2.11-3
libncurses - 6.1-5 zoneinfo-asia - 2019c-1
libncursesw - 6.1-5 zoneinfo-europe - 2019c-1
libopenssl - 1.1.1d-2
Entware Apps installed in /opt/bin/ (25)
ash grep persist-tool
channelhog htop pixelserv-tls
cmp islebe sdiff
column locale.new sh
diff localedef.new unbound_manager
diff3 loggen update-patterndb
diversion netstat xargs
dqtool openssl
find pdbtool
Non-Entware Scripts installed in /opt/bin/ (9)
YazFi firewall (Skynet) scribe
connmon ntpmerlin uiDivStats
diversion scmerlin uiScribe
Entware Apps installed in /opt/sbin/ (19)
getdns_query ntpq unbound
haveged ntptime unbound-anchor
ifconfig route unbound-checkconf
logread stubby unbound-control
logrotate syslog-ng unbound-control-setup
ntpd syslog-ng-ctl
ntpdc syslog-ng-debun
Press Enter to return to menu
curl -o /opt/var/lib/unbound/root.zone https://www.internic.net/domain/root.zone
echo 3 > /proc/sys/net/ipv4/tcp_fastopen
# Enable TCP Fast Open
echo 3 > /proc/sys/net/ipv4/tcp_fastopen
# perform a query against AAAA record exists
module-config: "dns64 validator iterator"
dns64-prefix: 64:FF9B::/96
auth-zone:
name: "."
url: "https://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: root.zone
Regarding the earlier syntax error, you must ensure that new parameters go under the correct section of the conf file. module-config and dns64-prefix must appear under the server: section before another section starts (e.g. remote-control, auth-zone, etc.).@Kingp1n please see my edited post above (give it a minute or two). I have added my unbound.conf file that I'm using right now.
Do you have screenshots?On pfSense, there are 3 screens available to tweek settings
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!