Yes, I read it wrong.
Unbound - Authoritative Recursive Caching DNS Server
- Thread starter rgnldo
- Start date
- Status
rgnldo
Very Senior Member
What services are you using on your router?
Chris0815
Regular Contributor
Nothing special - is this something that has to be installed separately?
Chris0815
Regular Contributor
unbound and skynet
rgnldo
Very Senior Member
I need to know which services are enabled on your router, amtm and entware.
rgnldo
Very Senior Member
I need to check your dnsmasq.
Chris0815
Regular Contributor
Router
Code:
- 1x VPN Client
- 2x VPN Serveramtm:
Code:
amtm 3.1.6 FW by thelonelycoder
RT-AC86U (aarch64) FW-384.16 @ 192.168.1.1
The Asuswrt-Merlin Terminal Menu
2 open Skynet v7.1.5
7 open unbound Manager v3.02
j3 open scMerlin v1.0.5
ep manage Entware packages
sw manage Swap file /mnt/Merlin 2.0G
i show all available scripts or tools
u check for script updates
amtm options
e exit t theme r reset a about
_____________________________________________
Enter optionentware:
Code:
List of installed Entware packages (85)
bind-dig - 9.14.8-1 opkg - 2019-06-14-dcbc142e-2
bind-libs - 9.14.8-1 procps-ng - 3.3.15-4
ca-bundle - 20190110-2 procps-ng-pgrep - 3.3.15-4
column - 2.35.1-1 python-pip-conf - 0.1-1
diffutils - 3.7-2 python3 - 3.8.1-2
entware-opt - 227000-3 python3-asyncio - 3.8.1-2
entware-release - 1.0-2 python3-base - 3.8.1-2
entware-upgrade - 1.0-1 python3-cgi - 3.8.1-2
findutils - 4.7.0-1 python3-cgitb - 3.8.1-2
git - 2.25.1-1 python3-codecs - 3.8.1-2
git-http - 2.25.1-1 python3-ctypes - 3.8.1-2
grep - 3.4-1 python3-dbm - 3.8.1-2
haveged - 1.9.8-2 python3-decimal - 3.8.1-2
htop - 2.2.0-2 python3-distutils - 3.8.1-2
iputils-ping - 20190709-1a python3-email - 3.8.1-2
libatomic - 8.3.0-9 python3-gdbm - 3.8.1-2
libbz2 - 1.0.8-1 python3-light - 3.8.1-2
libc - 2.27-9 python3-logging - 3.8.1-2
libcurl - 7.69.0-1 python3-lzma - 3.8.1-2
libdb47 - 4.7.25.4.NC-5 python3-multiprocessing - 3.8.1-2
libedit - 20191025-3.1-1 python3-ncurses - 3.8.1-2
libexpat - 2.2.9-1 python3-openssl - 3.8.1-2
libffi - 3.2.1-4 python3-pip - 19.2.3-1
libgcc - 8.3.0-9 python3-pkg-resources - 41.2.0-1
libgdbm - 1.18.1-1 python3-pydoc - 3.8.1-2
libhavege - 1.9.8-2 python3-setuptools - 41.2.0-1
liblzma - 5.2.4-5 python3-sqlite3 - 3.8.1-2
libncurses - 6.2-1 python3-unittest - 3.8.1-2
libncursesw - 6.2-1 python3-urllib - 3.8.1-2
libopenssl - 1.1.1d-2 python3-xml - 3.8.1-2
libopenssl-conf - 1.1.1d-2 sqlite3-cli - 3310100-1
libpcre - 8.43-2 sudo - 1.8.31-1
libpthread - 2.27-9 terminfo - 6.2-1
librt - 2.27-9 unbound-anchor - 1.10.0-2
libsmartcols - 2.35.1-1 unbound-checkconf - 1.10.0-2
libsqlite3 - 3310100-1 unbound-control - 1.10.0-2
libssp - 8.3.0-9 unbound-daemon - 1.10.0-2
libstdcpp - 8.3.0-9 unzip - 6.0-8
libtirpc - 1.2.5-2 wget - 1.20.3-3
libunbound-light - 1.10.0-2 zlib - 1.2.11-3
libuuid - 2.35.1-1 zoneinfo-asia - 2019c-1
libxml2 - 2.9.10-1 zoneinfo-europe - 2019c-1
locales - 2.27-9
Entware Apps installed in /opt/bin/ (50)
ash git-shell pip3.8
chardetect git-upload-archive procps-ng-pgrep
cmp git-upload-pack python3
coloredlogs grep python3.8
column htop sdiff
diff humanfriendly sh
diff3 locale.new sqlite3
dig localedef.new sudo
easy_install netstat unbound_manager
easy_install-3 openpyn unzip
easy_install-3.8 openpyn-management unzipsfx
egrep pgrep wget
fgrep ping wget-ssl
find ping4 xargs
funzip ping6 zipgrep
git pip zipinfo
git-receive-pack pip3
Non-Entware Scripts installed in /opt/bin/ (1)
firewall (Skynet)
Entware Apps installed in /opt/sbin/ (8)
haveged unbound unbound-control
ifconfig unbound-anchor visudo
route unbound-checkconfrgnldo
Very Senior Member
Very well. Excellent feedback. I found your problem: VPN. I found that it uses the unbound_manager script. I recommend looking for support in the script topic. unbound_manager
Chris0815
Regular Contributor
Thank you rgnido for you advice. I still don't understand how you came to this conclusion but I will try to dig in this direction. I plan to setup the router and all the installed stuff completely from Zero again. Just to avoid too much effort based on a bad configuration. Thanks again!
What response do you get if you lookup router.asus.com from the Mac? That would answer straight from dnsmasq without forwarding to unbound.
rgnldo
Very Senior Member
Notice that we had discussed in another post.
The dns resolver must communicate with the VPN provider's dns in order for the local query cache to exist.
If you use a VPN client, you must inform the unbound credentials. Your unbound is communicating with root servers only.
In a sinulation without unbound, only with dnsmasq:
the VPN dns will be read by the file /tmp/resolv.dnsmasq and will be cached with the option cache-size=1500.
Chris0815
Regular Contributor
It shows directly the Login-Screen of the router (http://router.asus.com/Main_Login.asp), so I assume the dnsmasq is working properly?
Chris0815
Regular Contributor
I deactivated the VPN (told the IP 192.168.1.15 to choose WAN instead if VPN within the GUI). My real IP was shown in IP-leak test and DNS leak test. But I still get the same query time at about 95-100msec.
Chris0815
Regular Contributor
Code:
Christians-MacBook-Pro:~ chris$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.275 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.492 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.391 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.555 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.516 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.397 ms
^C
--- 192.168.1.1 ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.275/0.438/0.555/0.094 msChris0815
Regular Contributor
Hello all,
thank you for your help so far!
Tonight I did a nuclear reset of the router as mentioned by L&LD. I also formatted the JFFS partition.
without any addition software I executed the dig command in the terminal again:
I still get the same query time at about 95-100msec. Even without unbound installed!
Stating this its clear now that unbound is not causing this problem. Sorry for posting in this forum!
Ping command to the router leads to about 0,3msec - so I have to search the problem somewhere else... Thank you again for your advices so far!
thank you for your help so far!
Tonight I did a nuclear reset of the router as mentioned by L&LD. I also formatted the JFFS partition.
without any addition software I executed the dig command in the terminal again:
Code:
; <<>> DiG 9.10.6 <<>> www.google.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36921
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.google.de. IN A
;; ANSWER SECTION:
www.google.de. 236 IN A 216.58.207.35
;; Query time: 101 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 11:50:07 CEST 2020
;; MSG SIZE rcvd: 71I still get the same query time at about 95-100msec. Even without unbound installed!
Stating this its clear now that unbound is not causing this problem. Sorry for posting in this forum!
Ping command to the router leads to about 0,3msec - so I have to search the problem somewhere else... Thank you again for your advices so far!
I’m interested in the dig response time.
rgnldo
Very Senior Member
There is really something wrong. In an environment of correct confirmation the return is this:
On terminal LAN:
Code:
~ % dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32057
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 60 IN A 18.228.67.229
;; Query time: 554 msec
;; SERVER: 2804:4474:201:bf00::1#53(2804:4474:201:bf00::1)
;; WHEN: Tue Apr 14 08:24:10 -03 2020
;; MSG SIZE rcvd: 55
Code:
~ % dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35729
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 57 IN A 18.228.67.229
;; Query time: 4 msec
;; SERVER: 2804:4474:201:bf00::1#53(2804:4474:201:bf00::1)
;; WHEN: Tue Apr 14 08:24:13 -03 2020
;; MSG SIZE rcvd: 55
Code:
~ % dig github.com ANY
; <<>> DiG 9.10.6 <<>> github.com ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14132
;; flags: qr rd ra; QUERY: 1, ANSWER: 20, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN ANY
;; ANSWER SECTION:
github.com. 51 IN A 18.231.5.6
github.com. 891 IN NS ns-1707.awsdns-21.co.uk.
github.com. 891 IN NS ns-421.awsdns-52.com.
github.com. 891 IN NS ns-520.awsdns-01.net.
github.com. 891 IN NS ns1.p16.dynect.net.
github.com. 891 IN NS ns2.p16.dynect.net.
github.com. 891 IN NS ns3.p16.dynect.net.
github.com. 891 IN NS ns4.p16.dynect.net.
github.com. 891 IN NS ns-1283.awsdns-32.org.
github.com. 891 IN SOA ns-1707.awsdns-21.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
github.com. 3591 IN MX 1 aspmx.l.google.com.
github.com. 3591 IN MX 10 alt3.aspmx.l.google.com.
github.com. 3591 IN MX 10 alt4.aspmx.l.google.com.
github.com. 3591 IN MX 5 alt1.aspmx.l.google.com.
github.com. 3591 IN MX 5 alt2.aspmx.l.google.com.
github.com. 3591 IN TXT "MS=6BF03E6AF5CB689E315FB6199603BABF2C88D805"
github.com. 3591 IN TXT "MS=ms44452932"
github.com. 3591 IN TXT "MS=ms58704441"
github.com. 3591 IN TXT "docusign=087098e3-3d46-47b7-9b4e-8a23028154cd"
github.com. 3591 IN TXT "v=spf1 ip4:192.30.252.0/22 ip4:208.74.204.0/22 ip4:46.19.168.0/23 include:_spf.google.com include:esp.github.com include:_spf.createsend.com include:servers.mcsv.net ~all"
;; Query time: 4 msec
;; SERVER: 2804:4474:201:bf00::1#53(2804:4474:201:bf00::1)
;; WHEN: Tue Apr 14 08:26:13 -03 2020
;; MSG SIZE rcvd: 800Chris0815
Regular Contributor
executed "router.asus.com" directly in the terminal of my MAC:
Code:
Christians-MacBook-Pro:~ chris$ dig router.asus.com
; <<>> DiG 9.10.6 <<>> router.asus.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23665
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;router.asus.com. IN A
;; ANSWER SECTION:
router.asus.com. 0 IN A 192.168.1.1
;; Query time: 105 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 13:40:52 CEST 2020
;; MSG SIZE rcvd: 60Does not make sense right? - its like my computer adding 105 msec query time on top...
Last edited:
Chris0815
Regular Contributor
This is what I get executing the command in Terminal LAN:
Code:
Christians-MacBook-Pro:~ chris$ dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36462
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 738 IN A 140.82.118.3
;; Query time: 93 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 13:52:06 CEST 2020
;; MSG SIZE rcvd: 55I am not able to execute this command.
- Status
Similar threads
Similar threads
-
Can't connect to DYNDNS when Unbound is enabled !
- Started by ComputerSteve
- Replies: 10
-
-
Unbound + Wireguard: is this combination possible at all?
- Started by louisschneider
- Replies: 6