Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

[chongnt]

Hi @Martineau , a bit off topic. how do you get a udp of 8192 ; EDNS: version: 0, flags:; udp: 8192?
When I run dig github.com in unbound_manager, I get two replies. One from my WAN DNS, and another from unbound 127.0.0.1. The udp value from my WAN DNS is 512 and the udp value from unbound is 1472. Is this the same as the edns-buffer-size which is 1472 by default?
However, when I run dig outside of unbound manager in the router, dig @127.0.0.1 github.com, the udp is 1280. This udp value is the same at 1280 when I run dig @192.168.1.1 from my client machine. It seems the maximum I get from my client is 1280.
However, when I run dig +short rs.dns-oarc.net from pc to query different DNS server, I get different DNS reply size limit. I set DNSFilter to non-filtering when run the dig command.
I don't see any issue on normal usage. Just wondering if the udp value has any relation with edns-buffer-size. And if I need to lower the number as the reply size limit is lower than 1472.

C:\>dig github.com

; <<>> DiG 9.16.12 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57643
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;github.com.                    IN      A

;; ANSWER SECTION:
github.com.             2174    IN      A       20.205.243.166

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
...snipped...

C:\>dig +short rs.dns-oarc.net txt @192.168.1.1
rst.x1013.rs.dns-oarc.net.
rst.x1443.x1013.rs.dns-oarc.net.
rst.x1414.x1443.x1013.rs.dns-oarc.net.
"x.x.x.xDNS reply size limit is at least 1443"
"x.x.x.x sent EDNS buffer size 1472"

C:\>dig +short rs.dns-oarc.net txt @1.1.1.1
rst.x1431.rs.dns-oarc.net.
rst.x1441.x1431.rs.dns-oarc.net.
rst.x1400.x1441.x1431.rs.dns-oarc.net.
"2400:cb00:242:1024::ac45:134a DNS reply size limit is at least 1441"
"2400:cb00:242:1024::ac45:134a sent EDNS buffer size 1452"

C:\>dig +short rs.dns-oarc.net txt @9.9.9.9
rst.x1196.rs.dns-oarc.net.
rst.x1206.x1196.rs.dns-oarc.net.
rst.x1212.x1206.x1196.rs.dns-oarc.net.
"74.63.20.243 sent EDNS buffer size 1232"
"74.63.20.243 DNS reply size limit is at least 1212"

C:\>dig +short rs.dns-oarc.net txt @8.8.8.8
rst.x1363.rs.dns-oarc.net.
rst.x1373.x1363.rs.dns-oarc.net.
rst.x1344.x1373.x1363.rs.dns-oarc.net.
"74.125.190.20 DNS reply size limit is at least 1373"
"74.125.190.20 sent EDNS buffer size 1400"

C:\>dig +short rs.dns-oarc.net txt @8.8.4.4
rst.x1384.rs.dns-oarc.net.
rst.x1347.x1384.rs.dns-oarc.net.
rst.x1353.x1347.x1384.rs.dns-oarc.net.
"2404:6800:4003:c05::105 DNS reply size limit is at least 1384"
"2404:6800:4003:c05::105 sent EDNS buffer size 1400"

Edit: I try to change edns-buffer-size to 4096. In unbound-manager, when I run dig command, the udp is shown as 4096. But when I exit unbound and run dig from router, the udp size is back to 1280.

 

[Martineau]

Hi @Martineau , a bit off topic. how do you get a udp of 8192 ; EDNS: version: 0, flags:; udp: 8192?
When I run dig github.com in unbound_manager, I get two replies. One from my WAN DNS, and another from unbound 127.0.0.1. The udp value from my WAN DNS is 512 and the udp value from unbound is 1472. Is this the same as the edns-buffer-size which is 1472 by default?
However, when I run dig outside of unbound manager in the router, dig @127.0.0.1 github.com, the udp is 1280. This udp value is the same at 1280 when I run dig @192.168.1.1 from my client machine. It seems the maximum I get from my client is 1280.
However, when I run dig +short rs.dns-oarc.net from pc to query different DNS server, I get different DNS reply size limit. I set DNSFilter to non-filtering when run the dig command.
I don't see any issue on normal usage. Just wondering if the udp value has any relation with edns-buffer-size. And if I need to lower the number as the reply size limit is lower than 1472.

C:\>dig github.com

; <<>> DiG 9.16.12 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57643
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;github.com.                    IN      A

;; ANSWER SECTION:
github.com.             2174    IN      A       20.205.243.166

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
...snipped...

C:\>dig +short rs.dns-oarc.net txt @192.168.1.1
rst.x1013.rs.dns-oarc.net.
rst.x1443.x1013.rs.dns-oarc.net.
rst.x1414.x1443.x1013.rs.dns-oarc.net.
"x.x.x.xDNS reply size limit is at least 1443"
"x.x.x.x sent EDNS buffer size 1472"

C:\>dig +short rs.dns-oarc.net txt @1.1.1.1
rst.x1431.rs.dns-oarc.net.
rst.x1441.x1431.rs.dns-oarc.net.
rst.x1400.x1441.x1431.rs.dns-oarc.net.
"2400:cb00:242:1024::ac45:134a DNS reply size limit is at least 1441"
"2400:cb00:242:1024::ac45:134a sent EDNS buffer size 1452"

C:\>dig +short rs.dns-oarc.net txt @9.9.9.9
rst.x1196.rs.dns-oarc.net.
rst.x1206.x1196.rs.dns-oarc.net.
rst.x1212.x1206.x1196.rs.dns-oarc.net.
"74.63.20.243 sent EDNS buffer size 1232"
"74.63.20.243 DNS reply size limit is at least 1212"

C:\>dig +short rs.dns-oarc.net txt @8.8.8.8
rst.x1363.rs.dns-oarc.net.
rst.x1373.x1363.rs.dns-oarc.net.
rst.x1344.x1373.x1363.rs.dns-oarc.net.
"74.125.190.20 DNS reply size limit is at least 1373"
"74.125.190.20 sent EDNS buffer size 1400"

C:\>dig +short rs.dns-oarc.net txt @8.8.4.4
rst.x1384.rs.dns-oarc.net.
rst.x1347.x1384.rs.dns-oarc.net.
rst.x1353.x1347.x1384.rs.dns-oarc.net.
"2404:6800:4003:c05::105 DNS reply size limit is at least 1384"
"2404:6800:4003:c05::105 sent EDNS buffer size 1400"

Edit: I try to change edns-buffer-size to 4096. In unbound-manager, when I run dig command, the udp is shown as 4096. But when I exit unbound and run dig from router, the udp size is back to 1280.

Neither a dig nor a EDNS expert, and also do not have IPv6, but not sure if this is relevant?

Redirecting…

dnsflagday.net

I assume there is an RFC that describes the appropriate algorithm which should be used to determine the correct/optimum buffer size etc. dynamically.

 

[chongnt]

Neither a dig nor a EDNS expert, and also do not have IPv6, but not sure if this is relevant?

Redirecting…

dnsflagday.net

I assume there is an RFC that describes the appropriate algorithm which should be used to determine the correct/optimum buffer size etc. dynamically.

I don’t use ipv6. I have temporarily lower edns-buffer-size from 1472 to 1280. My WAN is PPPoE which has a MRU of 1492. So far I don’t feel any difference.

 

[Andrew-E]

I can't switch to advanced mode

I do it according to the instructions from github

Or in the latest versions there is no longer a division into easy and advanced?

Thanks!

 

[ColDen]

I can't switch to advanced mode

I do it according to the instructions from github

View attachment 37131

View attachment 37130

View attachment 37132

Or in the latest versions there is no longer a division into easy and advanced?

Thanks!

Hi, you must enter the command from Putty and not from the unbound option menu::

 

[Martineau]

I can't switch to advanced mode

I do it according to the instructions from github

View attachment 37131

View attachment 37130

FYI, for a better visual experience i.e. line-wrap is messy...see Github install instructions

Or in the latest versions there is no longer a division into easy and advanced?

To prevent novice users from being intimidated by the Advanced mode, the menu command requires a password (per router) to dynamically switch between modes without the need to tediously exit/reenter unbound_manager

e.g. switch from Easy mode to Advanced mode

e  = Exit Script [?]

E:Option ==> adv 6160

Advanced Menu mode ENABLED

or you can permanently override the amtm default Easy mode.

However if you only occasionally need to access the Advanced mode, you can create command aliases

e.g.

umm='unbound_manager'

um='unbound_manager advanced'

to quickly save time and start the menu in the desired mode.

 

[mister]

Dear all,
I have crashed my unbound installation and I don´t know, what I did changed in the past. I am not able to get it running anymore correctly.
I removed and reinstalled unbound but nothing works:

At the installation that error occurs which seems to me, that he is not able to manage IPV6 addresses:
[1635840435] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:503:c27::2:30 port 53
[1635840435] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
[1635840436] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:7fe::53 port 53
[1635840436] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:500:12::d0d port 53
[1635840436] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
[1635840436] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53
[1635840436] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:503:ba3e::2:30 port 53
[1635840436] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
[1635840436] libunbound[16108:0] error: udp connect failed: Cannot assign requested address for 2001:503:c27::2:30 port 53


If I type "unbound" in the terminal I got that result:
Nov 02 09:15:19 unbound[26312:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953
Nov 02 09:15:19 unbound[26312:0] error: cannot open control interface 127.0.0.1 953 Nov 02 09:15:19 unbound[26312:0] fatal error: could not open ports

dig sigok.verteiltesysteme.net @127.0.0.1 -p 53535 ; <<>> DiG 9.17.13 <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 53535 ;; global options: +cmd ;; connection timed out; no servers could be reached


I am very confused. What did I wrong ?

Hugo

 

[mister]

So I tried another way , but that didn´t work as well.
My idea was to use my raspberry pi, install there unbound and than force all traffic of the client raspberry pi through vpn1.
But I always got the result servfail :-(
But I don´t understand why ? If I route all the traffic from my pi through the VPN1 , even my unbound dns request should routed through this. But why unbound (pi) is not able to resolve the adresses ?


I tried to use VPN1 with the asus amtm unbound manager in different ways.
I added the scripts of post #3 no success. Then I tried the modified script of Martineau - it didn´t work as well....

So no success of routing unbound through vpn1 for me.....
The problem is, that I don´t know (from the IT part) what I am doing.
Is there a possibilty to make a step by step setup. x3mrouting is enabled and is working as well....

 

[Khadanja]

I'm unable to make any of my devices to use other DNS servers. Even after putting say 1.1.1.1 or 8.8.8.8 in device settings, tests always show the WAN IP suggesting it's still pointing to router for DNS.
Testing using this site - https://tenta.com/test/

 

[Ubimo]

Can unbound be configured in a way, that it looks up uncached DNS queries from Quad9 (with DoT or DNSSEC) and not from the authoritative name servers?

 

[Martineau]

Can unbound be configured in a way, that it looks up uncached DNS queries from Quad9 (with DoT or DNSSEC) and not from the authoritative name servers?

Yes

 

[Ubimo]

How to configure Unbound to use Quad9 instead of the authoritative name server?

Start unbound in advanced mode.
Enter: DoT
Edit the config with "vx" like this:

#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net

Save.

Is this the correct procedure?
Will Unbound then still cache DNS queries? Or is Unbound then just a "forwarder"?

 

[Ubimo]

Also, my IP-camera is spamming the logfile every second (nwsrv1.com) and is also falsifying the cache hit rate. How can I stop this?

I already added this domain to Diversion, Skynet and Asus URL-Filter.

 

[Ubimo]

And I'm seeing lots of these entries:

Spoiler

12:11:16 unbound[27256:0] reply: 127.0.0.1 137.12.242.46.in-addr.arpa. PTR IN NOERROR 0.000000 1 97
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 227.143.140.221.in-addr.arpa. PTR IN NXDOMAIN 0.813601 0 117
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 61.98.204.143.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 143.199.253.92.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 143.199.253.92.in-addr.arpa. PTR IN NXDOMAIN 0.000000 0 105
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 227.143.140.221.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 227.143.140.221.in-addr.arpa. PTR IN NXDOMAIN 0.000000 1 117
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 61.98.204.143.in-addr.arpa. PTR IN NOERROR 0.099334 0 101
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 145.210.43.114.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 145.210.43.114.in-addr.arpa. PTR IN NOERROR 0.000000 1 94
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 146.99.163.188.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 146.99.163.188.in-addr.arpa. PTR IN NOERROR 0.000000 1 96
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 232.183.164.5.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 232.183.164.5.in-addr.arpa. PTR IN NOERROR 0.000000 1 99
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 2.248.247.85.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 2.248.247.85.in-addr.arpa. PTR IN NOERROR 0.000000 1 82
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 189.200.100.79.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 146.153.67.60.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 146.153.67.60.in-addr.arpa. PTR IN NOERROR 0.000000 1 88
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 233.249.130.131.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 233.249.130.131.in-addr.arpa. PTR IN NOERROR 0.000000 1 233
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 46.108.224.43.in-addr.arpa. PTR IN NOERROR 0.931210 0 82
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 182.177.210.62.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 189.200.100.79.in-addr.arpa. PTR IN NOERROR 0.180401 0 87
Nov 06 12:11:16 unbound[27256:0] query: 127.0.0.1 46.108.224.43.in-addr.arpa. PTR IN
Nov 06 12:11:16 unbound[27256:0] reply: 127.0.0.1 46.108.224.43.in-addr.arpa. PTR IN NOERROR 0.000000 1 82
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 182.177.210.62.in-addr.arpa. PTR IN NOERROR 0.141524 0 93
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 123.133.99.92.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 123.133.99.92.in-addr.arpa. PTR IN NXDOMAIN 0.000000 1 116
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 129.15.106.118.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 129.15.106.118.in-addr.arpa. PTR IN NOERROR 0.000000 1 91
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 116.79.188.95.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 116.79.188.95.in-addr.arpa. PTR IN NXDOMAIN 0.000000 1 106
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 133.78.170.188.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 133.78.170.188.in-addr.arpa. PTR IN NXDOMAIN 0.000000 1 109
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 94.18.16.104.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 224.255.228.37.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 224.255.228.37.in-addr.arpa. PTR IN NXDOMAIN 0.000000 0 105
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 146.211.177.58.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 146.211.177.58.in-addr.arpa. PTR IN NOERROR 0.000000 1 83
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 150.100.76.89.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 150.100.76.89.in-addr.arpa. PTR IN NOERROR 0.000000 1 89
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 94.18.16.104.in-addr.arpa. PTR IN NXDOMAIN 0.098378 0 105
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 160.34.136.83.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 160.34.136.83.in-addr.arpa. PTR IN NOERROR 0.000000 1 74
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 141.88.230.76.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 141.88.230.76.in-addr.arpa. PTR IN NOERROR 0.000000 1 103
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 61.98.204.143.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 61.98.204.143.in-addr.arpa. PTR IN NOERROR 0.000000 1 101
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 227.143.140.221.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 227.143.140.221.in-addr.arpa. PTR IN NXDOMAIN 0.000000 1 117
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 143.8.174.14.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 143.8.174.14.in-addr.arpa. PTR IN NOERROR 0.000000 1 71
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 151.14.162.114.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 151.14.162.114.in-addr.arpa. PTR IN NOERROR 0.000000 1 104
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 157.31.19.151.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 157.31.19.151.in-addr.arpa. PTR IN NOERROR 0.000000 1 90
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 198.9.217.49.in-addr.arpa. PTR IN
Nov 06 12:11:17 unbound[27256:0] reply: 127.0.0.1 198.9.217.49.in-addr.arpa. PTR IN NXDOMAIN 0.000000 1 104
Nov 06 12:11:17 unbound[27256:0] query: 127.0.0.1 93.133.40.203.in-addr.arpa. PTR IN

Is that normal?

Edit:
Found out, this was due to torrent traffic.

 

[Martineau]

Also, my IP-camera is spamming the logfile every second (nwsrv1.com) and is also falsifying the cache hit rate.

So, in your opinion, are the 'falsified' unbound cache stats regarded as a negative or positive?

How can I stop this?

Old-skool using iptables to throttle 'request's may be possible, or there are experimental 'unbound.conf' directives which may assist with rate-limiting

e.g.

    # override the ratelimit for a specific domain name.
    # give this setting multiple times to have multiple overrides.
    # ratelimit-for-domain: example.com 1000
    # override the ratelimits for all domains below a domain name
    # can give this multiple times, the name closest to the zone is used.
    # ratelimit-below-domain: com 1000

etc.

 

[Martineau]

How to configure Unbound to use Quad9 instead of the authoritative name server?

Start unbound in advanced mode.
Enter: DoT
Edit the config with "vx" like this:

#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net

Save.

Is this the correct procedure?
Will Unbound then still cache DNS queries? Or is Unbound then just a "forwarder"?

As per the FAQ

"what’s the value of unbound then as just another forwarder? when dnsmasq+Stubby already do that well enough"

i.e. remove unbound then simply configure DoT in the GUI.

 

[Khadanja]

@Martineau Just want to make sure unbound is set up correctly. Why is traceroute to google.com showing my ISP DNS servers?

 

[dave14305]

@Martineau Just want to make sure unbound is set up correctly. Why is traceroute to google.com showing my ISP DNS servers?

The output from a traceroute has no relation to your DNS configuration. If your ISP is using its DNS server IPs to route traffic (or running DNS servers on their routers), that is a different type of question.

 

[JaimeZX]

So I just updated Unbound and the update failed...

Segmentation fault

Segmentation fault

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

                     or 'e' exit; then issue debug command

                        unbound -dv

Running unbound -dv at the command line gave me:

> notice: Start of unbound 1.13.2

...NINE YEARS LATER...
fatal error: malloc failure updating config settings

Uninstalled Unbound and rebooted. Back to AMTM, tried to reinstall:

 Getting from fwupdate.asuswrt-merlin.net
 ! Module unbound_manager.mod download failed
 ! using fallback server diversion.ch
 ! Module unbound_manager.mod download failed

What to do now?

 

[Martineau]

So I just updated Unbound and the update failed...

Segmentation fault

Segmentation fault

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

                     or 'e' exit; then issue debug command

                        unbound -dv

Running unbound -dv at the command line gave me:

> notice: Start of unbound 1.13.2

...NINE YEARS LATER...
fatal error: malloc failure updating config settings

Uninstalled Unbound and rebooted. Back to AMTM, tried to reinstall:

 Getting from fwupdate.asuswrt-merlin.net
! Module unbound_manager.mod download failed
! using fallback server diversion.ch
! Module unbound_manager.mod download failed

What to do now?

'Segmentation faults'/'malloc' issues are external to unbound_manager i.e. usually Entware related.

Ensure unbound_manager has been completely removed...then restart dnsmasq

service restart_dnsmasq

Ensure DNS is working

nslookup www.ibm.com

Update Entware modules

opkg update
opkg upgrade

then retry amtm or simply re-install unbound_manager directly from Github

If none of the above worked - Reset to factory default.