rgnldo
Very Senior Member
It is recommended to listen on all interfaces. Unbound is very flexible about network interfaces. Just note that dnsmasq by default already listens for the loopback interface.
Unbound - Authoritative Recursive Caching DNS Server
- Thread starter rgnldo
- Start date
- Status
SomeWhereOverTheRainBow
Part of the Furniture
yes but that lookback is on a specific port with only specific interfaces so it has its own stipulations, so it is possible to still use the loopback address as long as you are specifying a port not in use. the concept of using 0.0.0.0 is that you are marrying it to multiple addresses, but that is not necessarily the case since it still has to pass through dnsmasq to clients.
rgnldo
Very Senior Member
Yes. In the case of embedded devices dependent on dnsmasq, it is necessary to organize other forms of listening. Most convenient is to use all interfaces 0.0.0.0. As for the control of a server, depending on the configuration, then it is possible to choose the interface.
SomeWhereOverTheRainBow
Part of the Furniture
don't forget ::
Hanston Dsouza
Occasional Visitor
will diversion work with this installer ,adblock dosent seems to work for me
rgnldo
Very Senior Member
In short, if you want a more supported and compatible solution, just use dnsmasq and standard FW Merlin features. Diversion is an excellent adblock solution exclusively developed for dnsmasq. It works in conjunction with unbound, but I don't recommend it. That's why I made your own adblock, with more privacy dns answer features.
SomeWhereOverTheRainBow
Part of the Furniture
note the main difference in unbound nxdomain blocking technique vs pixelserv-tls is that there is a nxdomain splash image where ever the ad would have been vs with pixelserv-tls it gets replaced and pixelserv-tls supports https blocking i don't know if unbound does as far as https goes, but that can be forced with firewall rules if it doesn't.
rgnldo
Very Senior Member
Like all query requests, there is a blocked query response. With Unbound you can customize this answer. For our joy. Not to mention that the possibilities are numerous.
Hanston Dsouza
Occasional Visitor
i got unbound to work but cannot get the adblock solution to work
i used
chown nobody /opt/var/lib/unbound
/opt/sbin/unbound-anchor -a /opt/var/lib/unbound/root.key
to get over error
i used
chown nobody /opt/var/lib/unbound
/opt/sbin/unbound-anchor -a /opt/var/lib/unbound/root.key
to get over error
rgnldo
Very Senior Member
Relace the script and launch update installation
Well I don't know why but I get this Error (Diversion removed and DNSCrypt also ... my sig is outdated):
Code:
***ERROR unbound went AWOL after 1 seconds.....
***ERROR Unsuccessful installation of unbound detected
Dec 27 12:17:19 **: Failed to start unbound from .
Dec 27 12:17:19 S61unbound: Waiting for NTP to sync before starting...
Dec 27 12:17:20 **: Failed to start unbound from .
Dec 27 12:17:20 S61unbound: Waiting for NTP to sync before starting...
Dec 27 12:17:21 **: Failed to start unbound from .
[1577441842] unbound[20072:0] error: can't bind socket: Address already in use for 0.0.0.0 port 53535
[1577441842] unbound[20072:0] fatal error: could not open portsStarting Unbound still fails. if I change the interface to 127.0.0.1 everything works
rgnldo
Very Senior Member
@Martineau on file gen_adblock.sh distinct folder paths.
I created a folder on github. Think better to organize the files in the folder rather than leaving it compressed. This makes it easy to fix or better something.
Code:
echo "Removing possible temporary files.."
[ -f /opt/var/lib/unbound/adblock/adlist.tmp ] && rm -f /jffs/adblock/adlist.tmp
[ -f /opt/var/lib/unbound/adblock/tmp.host ] && rm -f /jffs/adblock/tmp.host
[ -f /opt/var/lib/unbound/adblock/tmp.finalhost ] && rm -f /jffs/adblock/tmp.finalhostrgnldo
Very Senior Member
We will launch the update
Martineau
Part of the Furniture
Unbound_installer.sh v1.10 available.
1. Fix duplicate directives inserted in dnsmasq.postconf
2. Fix missing 'chown nobody /opt/var/lib/unbound'
3. Add IPv6 (if ENABLED) directives in 'unbound.conf'
4. @rgnldo has renamed S60stubby to S62stubby
I've also implemented function 'Smart_LineInsert()' to try and be smarter about updating the files 'firewall-start,services-start, dnsmasq.postconf' ….. - don't assume a line can simply be appended after the last line in the target script.
e.g. blindly appending lines may probably always work unless the last line of the target script contains 'exit'
Incorrect:
Correct:
However, the target script may contain multiple 'exit' statements because the script may logically terminate in the middle of the script
e.g.
So the script will now also look for the tag '##@Insert##' and will insert the new lines at the point designated by the user
e.g.
1. Fix duplicate directives inserted in dnsmasq.postconf
2. Fix missing 'chown nobody /opt/var/lib/unbound'
3. Add IPv6 (if ENABLED) directives in 'unbound.conf'
4. @rgnldo has renamed S60stubby to S62stubby
I've also implemented function 'Smart_LineInsert()' to try and be smarter about updating the files 'firewall-start,services-start, dnsmasq.postconf' ….. - don't assume a line can simply be appended after the last line in the target script.
e.g. blindly appending lines may probably always work unless the last line of the target script contains 'exit'
Incorrect:
Code:
<snip>
exit 0
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh # unbound
Code:
<snip>
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh # unbound
exit 0e.g.
Code:
<snip>
sh /jffs/scripts/good_script.sh
exit 0 # Logical end of script pending testing of the following section
sh /jffs/scripts/bad_script.sh
exit 0
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh # unbounde.g.
Code:
<snip>
##@Insert##
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh # unbound
exit 0 # Logical end of script pending testing of the following
sh /jffs/scripts/bad_script.sh
exit 0
Last edited:
rgnldo
Very Senior Member
Excellent corrections. The script is working a lot more fluid. Almost finished.
This file is not generated by the package maintainer. The file organized to launch stubby has logging options. But this was not being done. S60 * S62 * S88 * are launch order instances in rc.unslung. Connectivity script always comes first. I was testing this start order.
A few minor fixes needed.
No reboot on finish script
Code:
The router will now REBOOT to finalize the removal of unbound
After the REBOOT, review the DNS settings on the WAN GUI and adjust if necessary
Press Y to REBOOT or press ENTER to ABORT
y
Reboot ABORTEDFile S61unbound is no my github repo
File unbound.conf only IPV4. Stubby forwarder with enable IPV6
Code:
#########################################
# Options for integration with TCP/TLS Stubby
# udp-upstream-without-downstream: yes
#########################################
Code:
#########################################
forward-zone:
name: "."
forward-addr: 127.0.0.1@5453
forward-addr: 0::1@5453 # integration IPV6
########################################
Code:
#########################################
# Options for integration with TCP/TLS Stubby
udp-upstream-without-downstream: yes
#########################################
Code:
#########################################
forward-zone:
name: "."
forward-addr: 127.0.0.1@5453
# forward-addr: 0::1@5453 # integration IPV6
########################################Martineau
Part of the Furniture
The script doesn't create any '/jffs/adblock' files?
It is easier for the script to deal with a single compressed feature file rather than have to manage individual files.
As per the prompt, if you look closely, it states you need to explicitly type uppercase 'Y' to consciously initiate the disruptive REBOOT.
No idea what this is supposed to mean
I suggest you host a working IPv4 compatible 'dnsmasq.conf', then include a marker so that if IPv6 is ENABLED, the script can simply uncomment the IPv6 directives.
Last edited:
rgnldo
Very Senior Member
Ok. I thought about the possibility of fixing the files gen_adblock.sh
Code:
echo "Removing possible temporary files.."
[ -f /opt/var/lib/unbound/adblock/adlist.tmp ] && rm -f /jffs/adblock/adlist.tmp
[ -f /opt/var/lib/unbound/adblock/tmp.host ] && rm -f /jffs/adblock/tmp.host
[ -f /opt/var/lib/unbound/adblock/tmp.finalhost ] && rm -f /jffs/adblock/tmp.finalhostThe only will make the check if IPV6 is enabled. If IPV6 is not enabled, unbound.conf is generated only with IPV4 options.
There is no need for custom dnsmasq.conf. If IPV6 is disabled in FW Merlin, there will be no option written in dnsmasq.conf. By default, IPV6 on FW Merlin is disabled, but the user enables it if desired.
Martineau
Part of the Furniture
New script still doesn't fix my issue with interface: 0.0.0.0 (I changed it to 127.0.0.1 anyway)
BTW if you want to add nice statistics which shows nice summery on syslog every half an hour, you can add this (without a path to a log file):
verbosity: 1
statistics-interval: 1800 #every 1/2 hour
statistics-cumulative: yes
BTW if you want to add nice statistics which shows nice summery on syslog every half an hour, you can add this (without a path to a log file):
verbosity: 1
statistics-interval: 1800 #every 1/2 hour
statistics-cumulative: yes
- Status
Similar threads
Similar threads
-
Can't connect to DYNDNS when Unbound is enabled !
- Started by ComputerSteve
- Replies: 10
-
-
Unbound + Wireguard: is this combination possible at all?
- Started by louisschneider
- Replies: 6
Latest threads
-
Finally upgraded to AX86u Pro- Started by DarkKnight75
- Replies: 0
-
-
-
Diversion Diversion failed to update. Check the Diversion-web-update.log with sf in the SSH UI.
- Started by mikefrommanchester
- Replies: 4
-
OVPN HMAC authentication switching from SHA1 to SHA256
- Started by maxbraketorque
- Replies: 3
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!