Hanston Dsouza
Occasional Visitor
new script also dosent fix adblock but unbound works good
option selected
all yes except for studdy i selected no
option selected
all yes except for studdy i selected no
Manual change is appropriate.New script still doesn't fix my issue with interface: 0.0.0.0 (I changed it to 127.0.0.1 anyway)
Excellent contribution. We hope more will come.verbosity: 1
statistics-interval: 1800 #every 1/2 hour
statistics-cumulative: yes
The script is in the final stages. Ideally, there are more collaborators with shell script knowledge and connectivity at FW Merlin to give an opinion. I want to contribute, but my knowledge is focused on infrastructure and connectivity. I think it contributes enough to the RMerlin project.
I'll give it a check.new script also dosent fix adblock but unbound works good
option selected
all yes except for studdy i selected no
run unbound_installer.new script also dosent fix adblock
The adblock feature has worked since v1.07, as your original 'unbound.conf' appeared to use the conventionrun unbound_installer.
Choose option 1. Update the installation. Edit /opt/var/lib/unbound/unbound.conf and uncomment the adblock path. Run /opt/etc/init.d/rc.unslung restart. Let's fix the script.
# include:......adblock/adservers
#include:...….adblock/adservers
This thread and script when in a different direction than I anticipated or feel I could contribute to. I use unbound only as an upstream resolver for dnsmasq, relying on Diversion for adblocking and using no DoT whatsoever.
I want the hook between dnsmasq and Unbound to be failsafe, meaning if unbound isn't running, dnsmasq reverts to the normal WAN DNS servers. I do this through the dnsmasq.postconf script I've posted before in this thread. I also created a cron job to check unbound every 5 minutes and if it isn't running, restart dnsmasq so that the WAN DNS servers will take over, to minimize chances of a DNS-related outage in my home.
I don't understand where some of these requirements are coming from to use Entware Stubby, or use another adblock solution, or to try to force all requests to Unbound. To integrate with the firmware, it needs to have clean edges and integration points IMHO.
To gain widespread adoption, this script should do one thing very well: install Unbound as a recursive, validating resolver. All the extras might distract from other users understanding what it is doing and wanting to install it.
@Martineau will be canonized once his work here is done, or he walks away, whichever comes first.
dig DNSKEY cyberciti.biz +short
256 3 13 oJMRESz5E4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8 KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA==
257 3 13 mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+ KkxLbxILfDLUT0rAK9iUzy1L53eKGQ==
dig txt qnamemintest.internet.nl
; <<>> DiG 9.10.6 <<>> txt qnamemintest.internet.nl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13054
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qnamemintest.internet.nl. IN TXT
;; ANSWER SECTION:
qnamemintest.internet.nl. 3579 IN CNAME a.b.qnamemin-test.internet.nl.
a.b.qnamemin-test.internet.nl. 3581 IN TXT "HOORAY - QNAME minimisation is enabled on your resolver :)!"
;; Query time: 5 msec
;; SERVER: 10.0.30.1#53(10.0.30.1)
;; WHEN: Fri Dec 27 14:51:33 -03 2019
;; MSG SIZE rcvd: 157
dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44523
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 44 IN A 192.30.253.112
;; Query time: 4 msec
;; SERVER: 10.0.30.1#53(10.0.30.1)
;; WHEN: Fri Dec 27 14:51:25 -03 2019
;; MSG SIZE rcvd: 55
#!/bin/sh
CONFIG=$1
pc_delete "servers-file" $CONFIG # unbound_installer
pc_delete "no-negcache" $CONFIG # unbound_installer
pc_delete "domain-needed" $CONFIG # unbound_installer
pc_delete "bogus-priv" $CONFIG # unbound_installer
pc_replace "cache-size=1500" "cache-size=0" $CONFIG # unbound_installer
source /usr/sbin/helper.sh
#!/bin/sh
source /usr/sbin/helper.sh[
CONFIG=$1
pc_delete "servers-file" $CONFIG # unbound_installer
pc_delete "no-negcache" $CONFIG # unbound_installer
pc_delete "domain-needed" $CONFIG # unbound_installer
pc_delete "bogus-priv" $CONFIG # unbound_installer
pc_replace "cache-size=1500" "cache-size=0" $CONFIG # unbound_installer
Maybe it’s time to do like Diversion and just add a single line to dnsmasq.postconf that invokes a specific script created by the installer to contain all the dnsmasq changes, instead of guessing what might or might not already be present.@Martineau The dnsmasq.postconf file is generated in incorrect formatting and without write permission.
Must is in this formatCode:#!/bin/sh CONFIG=$1 pc_delete "servers-file" $CONFIG # unbound_installer pc_delete "no-negcache" $CONFIG # unbound_installer pc_delete "domain-needed" $CONFIG # unbound_installer pc_delete "bogus-priv" $CONFIG # unbound_installer pc_replace "cache-size=1500" "cache-size=0" $CONFIG # unbound_installer source /usr/sbin/helper.sh
Code:#!/bin/sh source /usr/sbin/helper.sh[ CONFIG=$1 pc_delete "servers-file" $CONFIG # unbound_installer pc_delete "no-negcache" $CONFIG # unbound_installer pc_delete "domain-needed" $CONFIG # unbound_installer pc_delete "bogus-priv" $CONFIG # unbound_installer pc_replace "cache-size=1500" "cache-size=0" $CONFIG # unbound_installer
. /jffs/scripts/unbound.postconf “$1”
Of course it is possible. My suggestion is that if you want to minimize the problems integrating with existing dnsmasq.postconf files, then consider calling the unbound specific script from dnsmasq.postconf as a one-liner and ensure that line comes after any other modifications to /etc/dnsmasq.conf.@dave14305 Coexistence with dnsmasq-oriented solutions is perfectly possible. Diversion, No-Track, Pi-Hole (great software) coexist perfectly with the coupling. I speak daily in the forums of these projects. But specifically targeted solutions for unbound are preferable. Forums like PFsense and OPNsense greatly strengthen this reasoning.
. /jffs/scripts/unbound.postconf “$1”
My suggestion is that if you want to minimize the problems integrating with existing dnsmasq.postconf files, then consider calling the unbound specific script from dnsmasq.postconf as a one-liner and ensure that line comes after any other modifications to /etc/dnsmasq.conf.
cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh # unbound
cru a adblock "0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh" # unbound
@Martineau script generated without write permission and with incorrect adblock cron argument.
/jffs/scripts/services-start
Manually fixedCode:cru a adblock "0 5 * * *" /opt/var/lib/unbound/adblock/gen_adblock.sh # unbound
chmod +x /jffs/scripts/services-start
Code:cru a adblock "0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh" # unbound
Read previous postsI tried this
Changed Cru to new code but adblock still dosent work
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!