Unbound Installer
v1.16 available.
Addresses the following as proposed by
@dave14305
My current position is that to keep the Unbound cache fresh, you don't want dnsmasq caching in front of it, so I delete the dnssec options to allow zero cache.
Since there is no one else to trust in between dnsmasq and unbound, I am fine to proxy-dnssec the Unbound responses.
OK, so the
dnsmasq error I experienced/reported
Code:
dnsmasq[15203]: cannot reduce cache size from default when DNSSEC enabled" >> /jffs/scripts/unbound.postconf
dnsmasq[15203]: FAILED to start up"
is actually by design as described in the dnsmasq man page.
So
v1.16 now removes the
dnsmasq 'dnssec' directive to allow disabling
dnsmasq caching (
cache-size=0)
N.B. My unbounddisable function assumes that the dnsmasq.postconf is checking to verify unbound is running before making the modifications. This allows it to safely revert to GUI DNS settings by restarting dnsmasq after Unbound is stopped.
With the current script, those checks are not yet implemented in the Check_dnsmasq_postconf function (present but commented out).
v1.16 now uncomments the
'if' clause in '
unbound.postconf', however, I could not get
unbound to work when it attempts to use the dynamiclly retrieved
$UNBOUNDLISTENADDR rather than the static
"127.0.0.1#53535"
Another helpful set of logging commands I've made for easy switching of logging on/off, or switching Unbound on/off (these go in /jffs/configs/profile.add):
Another useful unbound.conf configuration setting for log reading:
I am reluctant to mess with external files, and would prefer to keep the features within the unbound installer script.
v1.16 now incorporates your suggestion and allows (human-friendly timestamped) unbound logging to be
dynamically ENABLED/DISABLED see menu below.
Since the logging is dynamic (using unbound-control), being lazy I do not modify the ACTIVE '
unbound.conf' but instead have added the ability to dynamically Query/Set any of the unbound options from the menu.
This does mean that the
'v' option to view the ACTIVE '
unbound.conf' may not reflect the current state of the
unbound options.
However, this does mean that if an
unbound option is incorrectly set, using the
'rl' option should back-out the damage together with the
'rs' command.
Code:
unbound (pid 8516) is running... uptime: 0 Days, 01:50:26 version: 1.9.3
1 = Update ('/opt/var/lib/unbound/') unbound Configuration l = Show unbound LIVE log entries (lx=Disable Logging)
2 = Remove Existing unbound Installation v = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit)
rl = Reload unbound Configuration (Doesn't interrupt/halt unbound)
oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
rs = Restart (or Start) unbound s = Display unbound statistics (s=Summary Totals; sa=All)
e = Exit Script