What's new

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
I remember we used 127.0.0.1 in the past .

Can you change it back to 127.0.0.1?
It is recommended to listen on all interfaces. Unbound is very flexible about network interfaces. Just note that dnsmasq by default already listens for the loopback interface.
 
It is recommended to listen on all interfaces. Unbound is very flexible about network interfaces. Just note that dnsmasq by default already listens for the loopback interface.
yes but that lookback is on a specific port with only specific interfaces so it has its own stipulations, so it is possible to still use the loopback address as long as you are specifying a port not in use. the concept of using 0.0.0.0 is that you are marrying it to multiple addresses, but that is not necessarily the case since it still has to pass through dnsmasq to clients.
 
the concept of using 0.0.0.0 is that you are marrying it to multiple addresses, but that is not necessarily the case since it still has to pass through dnsmasq to clients.
Yes. In the case of embedded devices dependent on dnsmasq, it is necessary to organize other forms of listening. Most convenient is to use all interfaces 0.0.0.0. As for the control of a server, depending on the configuration, then it is possible to choose the interface.
 
Yes. In the case of embedded devices dependent on dnsmasq, it is necessary to organize other forms of listening. Most convenient is to use all interfaces 0.0.0.0. As for the control of a server, depending on the configuration, then it is possible to choose the interface.
don't forget ::
 
will diversion work with this installer ,adblock dosent seems to work for me
In short, if you want a more supported and compatible solution, just use dnsmasq and standard FW Merlin features. Diversion is an excellent adblock solution exclusively developed for dnsmasq. It works in conjunction with unbound, but I don't recommend it. That's why I made your own adblock, with more privacy dns answer features.
 
will diversion work with this installer ,adblock dosent seems to work for me

In short, if you want a more supported and compatible solution, just use dnsmasq and standard FW Merlin features. Diversion is an excellent adblock solution exclusively developed for dnsmasq. It works in conjunction with unbound, but I don't recommend it. That's why I made your own adblock, with more privacy dns answer features.
note the main difference in unbound nxdomain blocking technique vs pixelserv-tls is that there is a nxdomain splash image where ever the ad would have been vs with pixelserv-tls it gets replaced and pixelserv-tls supports https blocking i don't know if unbound does as far as https goes, but that can be forced with firewall rules if it doesn't.
 
i got unbound to work but cannot get the adblock solution to work

i used

chown nobody /opt/var/lib/unbound
/opt/sbin/unbound-anchor -a /opt/var/lib/unbound/root.key

to get over error
 
i got unbound to work but cannot get the adblock solution to work

i used

chown nobody /opt/var/lib/unbound
/opt/sbin/unbound-anchor -a /opt/var/lib/unbound/root.key

to get over error
Relace the script and launch update installation
 
It is recommended to listen on all interfaces. Unbound is very flexible about network interfaces. Just note that dnsmasq by default already listens for the loopback interface.

Well I don't know why but I get this Error (Diversion removed and DNSCrypt also ... my sig is outdated):
Code:
        ***ERROR unbound went AWOL after 1 seconds.....


        ***ERROR Unsuccessful installation of unbound detected

Dec 27 12:17:19 **: Failed to start unbound from .
Dec 27 12:17:19 S61unbound: Waiting for NTP to sync before starting...
Dec 27 12:17:20 **: Failed to start unbound from .
Dec 27 12:17:20 S61unbound: Waiting for NTP to sync before starting...
Dec 27 12:17:21 **: Failed to start unbound from .
[1577441842] unbound[20072:0] error: can't bind socket: Address already in use for 0.0.0.0 port 53535
[1577441842] unbound[20072:0] fatal error: could not open ports

Starting Unbound still fails. if I change the interface to 127.0.0.1 everything works
 
@Martineau on file gen_adblock.sh distinct folder paths.
Code:
echo "Removing possible temporary files.."
[ -f /opt/var/lib/unbound/adblock/adlist.tmp ] && rm -f /jffs/adblock/adlist.tmp
[ -f /opt/var/lib/unbound/adblock/tmp.host ] && rm -f /jffs/adblock/tmp.host
[ -f /opt/var/lib/unbound/adblock/tmp.finalhost ] && rm -f /jffs/adblock/tmp.finalhost
I created a folder on github. Think better to organize the files in the folder rather than leaving it compressed. This makes it easy to fix or better something.
 
Well I don't know why but I get this Error (Diversion removed and DNSCrypt also ... my sig is outdated):
Code:
        ***ERROR unbound went AWOL after 1 seconds.....


        ***ERROR Unsuccessful installation of unbound detected

Dec 27 12:17:19 **: Failed to start unbound from .
Dec 27 12:17:19 S61unbound: Waiting for NTP to sync before starting...
Dec 27 12:17:20 **: Failed to start unbound from .
Dec 27 12:17:20 S61unbound: Waiting for NTP to sync before starting...
Dec 27 12:17:21 **: Failed to start unbound from .
[1577441842] unbound[20072:0] error: can't bind socket: Address already in use for 0.0.0.0 port 53535
[1577441842] unbound[20072:0] fatal error: could not open ports

Starting Unbound still fails. if I change the interface to 127.0.0.1 everything works
We will launch the update
 
Unbound_installer.sh v1.10 available.

1. Fix duplicate directives inserted in dnsmasq.postconf
2. Fix missing 'chown nobody /opt/var/lib/unbound'
3. Add IPv6 (if ENABLED) directives in 'unbound.conf'
4. @rgnldo has renamed S60stubby to S62stubby

I've also implemented function 'Smart_LineInsert()' to try and be smarter about updating the files 'firewall-start,services-start, dnsmasq.postconf' ….. - don't assume a line can simply be appended after the last line in the target script.

e.g. blindly appending lines may probably always work unless the last line of the target script contains 'exit'
Incorrect:
Code:
<snip>
exit 0
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh   # unbound
Correct:
Code:
<snip>
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh   # unbound
exit 0
However, the target script may contain multiple 'exit' statements because the script may logically terminate in the middle of the script

e.g.
Code:
<snip>
sh /jffs/scripts/good_script.sh
exit 0  # Logical end of script pending testing of the following section

sh /jffs/scripts/bad_script.sh
exit 0
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh   # unbound
So the script will now also look for the tag '##@Insert##' and will insert the new lines at the point designated by the user
e.g.
Code:
<snip>
##@Insert##
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh   # unbound
exit 0  # Logical end of script pending testing of the following

sh /jffs/scripts/bad_script.sh
exit 0
 
Last edited:
Unbound_installer.sh v1.10 available.
Excellent corrections. The script is working a lot more fluid. Almost finished.

4. @rgnldo has renamed S60stubby to S62stubby
This file is not generated by the package maintainer. The file organized to launch stubby has logging options. But this was not being done. S60 * S62 * S88 * are launch order instances in rc.unslung. Connectivity script always comes first. I was testing this start order.

A few minor fixes needed.

No reboot on finish script
Code:
The router will now REBOOT to finalize the removal of unbound
After the REBOOT, review the DNS settings on the WAN GUI and adjust if necessary

Press Y to REBOOT  or press ENTER to ABORT
y
        Reboot ABORTED

File S61unbound is no my github repo

File unbound.conf only IPV4. Stubby forwarder with enable IPV6
Code:
#########################################
# Options for integration with TCP/TLS Stubby
# udp-upstream-without-downstream: yes
#########################################
Code:
#########################################
forward-zone:
   name: "."
   forward-addr: 127.0.0.1@5453
   forward-addr: 0::1@5453 # integration IPV6
########################################
Fixed
Code:
#########################################
# Options for integration with TCP/TLS Stubby
 udp-upstream-without-downstream: yes
#########################################
Code:
#########################################
forward-zone:
   name: "."
   forward-addr: 127.0.0.1@5453
# forward-addr: 0::1@5453 # integration IPV6
########################################
 
gen_adblock.sh distinct folder paths.
Code:
echo "Removing possible temporary files.."
[ -f /opt/var/lib/unbound/adblock/adlist.tmp ] && rm -f /jffs/adblock/adlist.tmp
[ -f /opt/var/lib/unbound/adblock/tmp.host ] && rm -f /jffs/adblock/tmp.host
[ -f /opt/var/lib/unbound/adblock/tmp.finalhost ] && rm -f /jffs/adblock/tmp.finalhost
The script doesn't create any '/jffs/adblock' files? o_O
I created a folder on github.
Think better to organize the files in the folder rather than leaving it compressed.
This makes it easy to fix or better something.
It is easier for the script to deal with a single compressed feature file rather than have to manage individual files.
A few minor fixes needed.
No reboot on finish script
Code:
The router will now REBOOT to finalize the removal of unbound
After the REBOOT, review the DNS settings on the WAN GUI and adjust if necessary
Press Y to REBOOT  or press ENTER to ABORT
y
        Reboot ABORTED
As per the prompt, if you look closely, it states you need to explicitly type uppercase 'Y' to consciously initiate the disruptive REBOOT.
File S61unbound is no my github repo
No idea what this is supposed to mean:confused:
File unbound.conf only IPV4. Stubby forwarder with enable IPV6
Code:
#########################################
# Options for integration with TCP/TLS Stubby
# udp-upstream-without-downstream: yes
#########################################
Code:
#########################################
forward-zone:
   name: "."
   forward-addr: 127.0.0.1@5453
   forward-addr: 0::1@5453 # integration IPV6
########################################
Fixed
Code:
#########################################
# Options for integration with TCP/TLS Stubby
 udp-upstream-without-downstream: yes
#########################################
Code:
#########################################
forward-zone:
   name: "."
   forward-addr: 127.0.0.1@5453
# forward-addr: 0::1@5453 # integration IPV6
########################################
I suggest you host a working IPv4 compatible 'dnsmasq.conf', then include a marker so that if IPv6 is ENABLED, the script can simply uncomment the IPv6 directives.
 
Last edited:
It is easier for the script to deal with a single compressed files rather than have to manage individual files.
Ok. I thought about the possibility of fixing the files gen_adblock.sh
The script doesn't create any /jffs/adblock files?
Code:
echo "Removing possible temporary files.."
[ -f /opt/var/lib/unbound/adblock/adlist.tmp ] && rm -f /jffs/adblock/adlist.tmp
[ -f /opt/var/lib/unbound/adblock/tmp.host ] && rm -f /jffs/adblock/tmp.host
[ -f /opt/var/lib/unbound/adblock/tmp.finalhost ] && rm -f /jffs/adblock/tmp.finalhost
The idea is to remove temporary files from completion or interruption of the script.
No idea what this is supposed to mean
The only will make the check if IPV6 is enabled. If IPV6 is not enabled, unbound.conf is generated only with IPV4 options.
I suggest you host a working IPv4 compatible 'dnsmasq.conf', then include a marker so that if IPv6 is ENABLED, the script can simply uncomment the IPv6 directives.
There is no need for custom dnsmasq.conf. If IPV6 is disabled in FW Merlin, there will be no option written in dnsmasq.conf. By default, IPV6 on FW Merlin is disabled, but the user enables it if desired.
 
Check IPV6
Code:
nvram get ipv6_service
 
New script still doesn't fix my issue with interface: 0.0.0.0 (I changed it to 127.0.0.1 anyway)
BTW if you want to add nice statistics which shows nice summery on syslog every half an hour, you can add this (without a path to a log file):

verbosity: 1
statistics-interval: 1800 #every 1/2 hour
statistics-cumulative: yes
 
Status
Not open for further replies.

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top