What's new

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
I've uploaded v2.06 and unbound.conf v1.03

Fix: If IPv6 detected, Do NOT auto ENABLE 'dns64-prefix:' and include 'module-config: "dns64 ..."'. (Ill-advised tweak added in unbound_manager v2.04)
Change:
To better manage disk space, delete any temporary pre-update backup files '/opt/share/unbound/configs/YYYY*.conf'
Add:
Allow optional use of Github 'dev' branch rather than 'master' to facilitate end-user testing of experimental features.

@L&LD, @Treadler - thanks for the IPv6 feed-back. Not being able to test IPv6, it is vital that you and others continue to keep unbound_manager honest when tweaking ill-advised (IPv6) directives.
 
the option:
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
It depends:
forward-tls-upstream: yes

It is used in TLS connections
 
the option:
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
It depends:
forward-tls-upstream: yes

It is used in TLS connections
forward-tls-upstream depends on tls-cert-bundle. tls-cert-bundle does not depend on forward-tls-upstream.
 
@Martineau I am finding many issues with the new IPv6 defaults

The issues are not just a slower connecting OpenVPN connection because it is trying IPv6 addresses first as previously posted above. At least the OpenVPN connection eventually goes live and usable.

Here is what I have seen so far:
  • Outlook, Spotify, OneDrive, Dropbox, Skype, and many other such services either do not load at all or load even slower than the OpenVPN client example above (sometimes half an hour and still not connected).
  • The 'Your Phone' program in Windows 10 doesn't connect at all, even with a computer left on overnight.
  • The 'Fitbit' connections fail from watch to phone (Android) app. The watch cannot connect at all.
So I'm correct in presuming IPv6 takes precedence over IPv4? which caused issues with VPN Selective Routing as it is IPv4 only.

I vaguely recall that (ironically :eek:) dnsmasq was/is used to drop the IPv6 lookup for the target? so only the IPv4 address is used? - not sure if this could alleviate the OpenVPN connection issue, but clearly it would be tedious for 'Outlook, Spotify, OneDrive, Dropbox, Skype, and many other such services etc.'
Code:
 #module-config: "validator iterator"[/COLOR][/FONT][/LEFT][/COLOR][/FONT][/LEFT]
[FONT=Georgia][COLOR=rgb(20, 20, 20)]
[LEFT][FONT=Georgia][COLOR=rgb(20, 20, 20)]
[LEFT]    module-config: "dns64 validator iterator"  # v1.01 perform a query against AAAA record exists
    dns64-prefix: 64:FF9B::/96


I would like to suggest that the 'dns64-prefix: 64:FF9B::/96' option be selectable in the 'i' command instead of being automatically applied if that makes sense of course.
v2.06 has reverted the contentious(v2.04) feature, but I don't think it warrants inclusion as an Install/Update option, but as a compromise the directives are left in 'unbound.conf' in case anyone wants to quickly retry a simple cut'n'paste using the dynamic 'ox' command.
Edit: This is kind of funny. Another issue is that websites will randomly switch language with the 'dns64-prefix: 64:FF9B::/96' option set, while browsing from one link to another within the same site. Funny at first. Gets old real fast. :)
I am fortunate not to have to deal with IPv6 (yet), but my 'flabber' is truly 'gasted' by the amusing language switch! :p

IT is such fun - imagine working on a help-desk when an irate user raises a problem ticket!. ;)
 
what is the purpose for root server´s recursion? For root server´s queries, just key anchors.
If people use the auth-zone for ".", then tls-cert-bundle is required to download via https.
 
I organize according to my needs (disregard). The script installer is enough for the others here.

Thanks for the clarification!
 
required to download
but the download always took place without this option. When I found the auth-zone solution, I thought there would be a need for manual download. But just like unbound-anchor, auth-zone also updates automatically. There are numerous unbound news that I will discover at the time if I do not stay within their unbound forum.
 
Reinstalled Unbound (2.05) from the beginning.

Pressed ‘enter’ (no) on every option offered.
Tip: To save time when dealing with the options, if you are sure you don't need any options you can use
Code:
e  = Exit Script

A:Option ==> i none
NOTE: The following should also work (if it ever makes it to amtm :rolleyes:, I'm still undecided to start unbound_manger in 'Easy' mode, or leave it in 'Advanced' mode as everyone appears to be comfortable with the script running in the default 'Advanced' mode?)
Code:
e  = Exit Script

A:Option ==> easy
Code:
e  = Exit Script

A:Option ==> 1
 
but the download always took place without this option. When I found the auth-zone solution, I thought there would be a need for manual download. But just like unbound-anchor, auth-zone also updates automatically. There are numerous unbound news that I will discover at the time if I do not stay within their unbound forum.
I don’t understand your point. Are you saying your auth-zone suggestion for “.” was a bad idea?
Code:
       tls-cert-bundle: <file>
              If  null or "", no file is used.  Set it to the certificate bun-
              dle file, for example "/etc/pki/tls/certs/ca-bundle.crt".  These
              certificates  are  used  for  authenticating connections made to
              outside peers.  For example auth-zone urls, and  also  DNS  over
              TLS connections.
 
Tip: To save time when dealing with the options, if you are sure you don't need any options you can use
Code:
e  = Exit Script

A:Option ==> i none
NOTE: The following should also work (if it ever makes it to amtm :rolleyes:, I'm still undecided to start unbound_manger in 'Easy' mode, or leave it in 'Advanced' mode as everyone appears to be comfortable with the script running in the default 'Advanced' mode?)
Code:
e  = Exit Script

A:Option ==> easy
Code:
e  = Exit Script

A:Option ==> 1


“i none” scenario was a one off, to try & isolate what the issue/s may have been that I was seeing.

‘Advanced’ mode suits me FWIW. :)
 
@Martineau, I would suggest you start your own thread for unbound_manager so that you have the ability to manage the first post with updates. It's getting hard to separate the wheat from the chaff in this thread now.
I mentioned that the post belongs to everyone. Disagreements or agreements are normal. But it seems that the disagreements are selective. All suggestions were accepted, including yours (correct or not) with all the credits. I have no problem with creating another thread exclusive to unbound_manager. I think I am normal and positive.
 
I mentioned that the post belongs to everyone. Disagreements or agreements are normal. But it seems that the disagreements are selective. All suggestions were accepted, including yours (correct or not) with all the credits. I have no problem with creating another thread exclusive to unbound_manager.
Sure, but it is customary for the developer to manage the thread and keep post #1 updated with the latest info.
I think I am normal and positive.
I've been afraid of your scary clown avatar since the beginning. :eek:
 
I've been afraid of your scary clown avatar since the beginning. :eek:
I thought I was the only one....I like clowns (who remembers BoZo?) but that avatar is something else....:eek:;)
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top