What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I'm also running Skynet.
Do you recommend turning on DNS firewall in unbound_manager?
 
@Martineau - question for you... what would be the feasability of adding something like Diversion's "Follow DNSMasq" option so we can watch the queries process in real-time? It might aid in troubleshooting issues; or, what do you recommend in terms of observing the service?

Thanks!
 
I'm also running Skynet.
Do you recommend turning on DNS firewall in unbound_manager?
It doesn't have any detrimental effect if you do enable it.

There is a link in this post to URLHaus, as well as explaining briefly why they promote a DNS Firewall

So since they generate their list every 5 mins, and unbound retrieves it using (@juched's script) every 15 mins, the idea is that to combat immediate phishing attacks and eliminate DNS-hijacking, they provide a dynamic hit-list of current (almost real-time) bad-guys.

Now you could argue that if you configure Skynet to refresh its Blacklist every 15 mins would that have the same protection?
 
It doesn't have any detrimental effect if you do enable it.

There is a link in this post to URLHaus, as well as explaining briefly why they promote a DNS Firewall


So since they generate their list every 5 mins, and unbound retrieves it using (@juched's script) every 15 mins, the idea is that to combat immediate phishing attacks and eliminate DNS-hijacking, they provide a dynamic hit-list of current (almost real-time) bad-guys.

Now you could argue that if you configure Skynet to refresh its Blacklist every 15 mins would that have the same protection?

Skynet blocks IPs and Unbound blocks DNS lookups, together they are better than just one, in my opinion.
 
I am having an issue after uninstall and subsequent reboot

Tried re-install and get a segmentation fault on install after the question 'Do you want to ENABLE unbound logging? (NO recommended)'.

Anything I enter at this prompt gives the segmentation error

Tried uninstall but still seeing this error

Its now not showing on amtm,is there a potential directory/file(s) that could be left behind ?

HELP !!!
o_O
 
I am having an issue after uninstall and subsequent reboot

Tried re-install and get a segmentation fault on install after the question 'Do you want to ENABLE unbound logging? (NO recommended)'.

Anything I enter at this prompt gives the segmentation error

Tried uninstall but still seeing this error

Its now not showing on amtm,is there a potential directory/file(s) that could be left behind ?

HELP !!!
o_O
Shell scripts themselves rarely seg-fault (although not saying my scripts wouldn't), and usually it's the Entware stuff that is borked - lib version mismatch etc.

If you can get to the unbound_manager GUI then option '2 /z' should remove ALL traces.... even if it isn't showing as installed and it shouldn't seg-fault.

However, you can try the manual approach

Use the following to remove the Entware stuff
Code:
opkg --force-depends --force-removal-of-dependent-packages remove unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon
then delete the following directories
Code:
/opt/var/lib/unbound/adblock
/opt/var/lib/unbound 
/jffs/addons/unbound
Delete the Entware startup
Code:
/opt/etc/init.d/S61unbound
Check cron for any entries
Code:
cru l
then
Code:
sed -i '/[Uu]nbound_/d' /jffs/scripts/services-start
sed -i '/[Uu]nbound_/d' /jffs/scripts/service-event
sed -i '/[Uu]nbound_/d' /jffs/scripts/service-event-end
 
This is a strange one

For the manual uninstall nothing was there from your manual steps which is confirmed when I run amtm no. 7 unbound - missing

But again on the first question and selecting 1 to install on logging, i get Segmentation Error Fatal

But in amtm it shows its installed but upon entry I get the same error.

I have uninstalled and restarted
 
This is a strange one

For the manual uninstall nothing was there from your manual steps which is confirmed when I run amtm no. 7 unbound - missing

But again on the first question and selecting 1 to install on logging, i get Segmentation Error Fatal

But in amtm it shows its installed but upon entry I get the same error.

I have uninstalled and restarted
All I can suggest is that you nuke Entware, reinstall Entware and retry unbound_manager.
 
I feel a rebuild tomorrow afternoon
 
My Unbound tab went missing on a restart on the router. I decided to uninstall and reinstall but now I'm having issues reinstalling unbound. Anyone can assist on how I can get unbound back, I get this error:

Code:
Segmentation fault

Segmentation fault

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

                     or 'e' exit; then issue debug command

                        unbound -dv



dmin@RT-AX88U-0D80:/tmp/home/root# unbound -dv
unbound: symbol lookup error: unbound: undefined symbol: edns_strings_delete

Update: Just saw your previous post today and noticed I'm not the only having issues. I'll follow the manual removal and hope it works!!

Update 2: it's working, I followed the manual removal, updated entware packages and reinstall unbound! Thanks @Martineau for those manual removal of unbound!
 
Last edited:
Entware updates released today. Get ready for the problems! Suggest everyone stop Unbound before updating Entware packages.
Thanks for the tip! I stopped Unbound, updated Entware, and then updated/re-started Unbound. Everything looks good so far.
 
Entware updates released today. Get ready for the problems! Suggest everyone stop Unbound before updating Entware packages.
Well I guess someone has to be first

Code:
Upgrading unbound-host on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-host_1.13.1-1_armv7-2.6.ipk
Upgrading unbound-checkconf on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-checkconf_1.13.1-1_armv7-2.6.ipk
Upgrading unbound-daemon on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-daemon_1.13.1-1_armv7-2.6.ipk
Upgrading unbound-control on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control_1.13.1-1_armv7-2.6.ipk
Upgrading libunbound on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/libunbound_1.13.1-1_armv7-2.6.ipk
Removing obsolete file /opt/lib/libunbound.so.8.1.10.
Upgrading unbound-anchor on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-anchor_1.13.1-1_armv7-2.6.ipk
Configuring libunbound.
Configuring unbound-host.

unbound_manager won't restart unbound....

Code:
+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23b8 by Martineau                     |
|                                                                      |
+======================================================================+[1616535066] unbound-control[9998:0] error: connect: Connection refused for 127.0.0.1 port 953

    ***ERROR unbound-control - failed'?

unbound is stopped # Version=v1.12b Martineau update (Date Loaded by unbound_manager Tue Mar 23 21:30:21 GMT 2021)

[1616535077] unbound-control[11809:0] error: connect: Connection refused for 127.0.0.1 port 953
[1616535082] unbound-control[12124:0] error: connect: Connection refused for 127.0.0.1 port 953

LIfe is too short so uninstalled unbound_manger/unbound

Fresh install

Code:
unbound (pid 6260) is running... uptime: 0 Days, 00:07:31 version: 1.13.1 # Version=v1.12 Martineau update (Date Loaded by unbound_manager Tue Mar 23 21:50:57 GMT 2021)

1  = Update unbound files and configuration                 5  = Install Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                         6  = Install Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                           7  = Enable    DNS Firewall
4  = Show unbound statistics                                8  = Install YouTube Ad blocker
                                                            9  = Install Safe Search e.g. google.com->forcesafesearch.google.com

?  = About Configuration                   
v  = View ('/opt/var/lib/unbound/'unbound.conf)     

e  = Exit Script [?]

E:Option ==> s

total.num.queries=794               total.num.expired=5                 total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0  total.num.recursivereplies=108      total.requestlist.current.all=0         msg.cache.count=397
total.num.cachehits=686             total.requestlist.avg=0.199275      total.requestlist.current.user=0        rrset.cache.count=1488
total.num.cachemiss=108             total.requestlist.max=7             total.recursion.time.avg=0.096596       infra.cache.count=403
total.num.prefetch=168              total.requestlist.overwritten=0     total.recursion.time.median=0.0565993   key.cache.count=70

Summary: Cache Hits success=86.00%
 
Well I guess someone has to be first

Code:
Upgrading unbound-host on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-host_1.13.1-1_armv7-2.6.ipk
Upgrading unbound-checkconf on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-checkconf_1.13.1-1_armv7-2.6.ipk
Upgrading unbound-daemon on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-daemon_1.13.1-1_armv7-2.6.ipk
Upgrading unbound-control on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control_1.13.1-1_armv7-2.6.ipk
Upgrading libunbound on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/libunbound_1.13.1-1_armv7-2.6.ipk
Removing obsolete file /opt/lib/libunbound.so.8.1.10.
Upgrading unbound-anchor on root from 1.12.0-1 to 1.13.1-1...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-anchor_1.13.1-1_armv7-2.6.ipk
Configuring libunbound.
Configuring unbound-host.

unbound_manager won't restart unbound....

Code:
+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23b8 by Martineau                     |
|                                                                      |
+======================================================================+[1616535066] unbound-control[9998:0] error: connect: Connection refused for 127.0.0.1 port 953

    ***ERROR unbound-control - failed'?

unbound is stopped # Version=v1.12b Martineau update (Date Loaded by unbound_manager Tue Mar 23 21:30:21 GMT 2021)

[1616535077] unbound-control[11809:0] error: connect: Connection refused for 127.0.0.1 port 953
[1616535082] unbound-control[12124:0] error: connect: Connection refused for 127.0.0.1 port 953

LIfe is too short so uninstalled unbound_manger/unbound

Fresh install

Code:
unbound (pid 6260) is running... uptime: 0 Days, 00:07:31 version: 1.13.1 # Version=v1.12 Martineau update (Date Loaded by unbound_manager Tue Mar 23 21:50:57 GMT 2021)

1  = Update unbound files and configuration                 5  = Install Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                         6  = Install Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                           7  = Enable    DNS Firewall
4  = Show unbound statistics                                8  = Install YouTube Ad blocker
                                                            9  = Install Safe Search e.g. google.com->forcesafesearch.google.com

?  = About Configuration                  
v  = View ('/opt/var/lib/unbound/'unbound.conf)    

e  = Exit Script [?]

E:Option ==> s

total.num.queries=794               total.num.expired=5                 total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0  total.num.recursivereplies=108      total.requestlist.current.all=0         msg.cache.count=397
total.num.cachehits=686             total.requestlist.avg=0.199275      total.requestlist.current.user=0        rrset.cache.count=1488
total.num.cachemiss=108             total.requestlist.max=7             total.recursion.time.avg=0.096596       infra.cache.count=403
total.num.prefetch=168              total.requestlist.overwritten=0     total.recursion.time.median=0.0565993   key.cache.count=70

Summary: Cache Hits success=86.00%
I will have to buy a lottery ticket since upgrading Entware late this morning, unbound manager responded fine as usual. On the other hand the fact that Skynet and Scribe were affected until I ran the "Show scribe status", which have fixed the dead syslog=ng, it might be possible that this also have make unbound manager working correctly.
 
So Happy Days, Did the Entware updates and Unbound install

No errors this time :)

Avoided the rebuild as well
 
Entware updates released today. Get ready for the problems! Suggest everyone stop Unbound before updating Entware packages.
Saw you append, after I updated Entware :rolleyes:. Yep the update "borked" Unbound preventing it from restarting. Uninstalled Unbound, re-installed again to recover. Now learnt (hopefully) after two Entware updates which have created Unbound issues creating an uninstall/re-install, shutdown Unbound first!
Lot sure if it can be designed into AMTM, if you update Entware, you are prompted for a shutdown of Unbound, first?
 
Sorry if this has been asked and answered previously, but when running Unbound and I do a DNS Leak Test, what is the correct response to show that I am not leaking DNS requests?
 
Sorry if this has been asked and answered previously, but when running Unbound and I do a DNS Leak Test, what is the correct response to show that I am not leaking DNS requests?
Never mind - I just read the Unbound Wiki and that explains it.
 
I have updated to 386.2 last night (have also unmounted my USB drive prior updating) but after a successful reboot, I have noticed that the unbound GUI tab was missing from Addons (even if nothing out of order could be see from the unbound Manager/Installation script) and that it was also no longer listed from scMerlin's WebUI Addons list.

1. I have removed unbound then reinstalled it (plus option 6), still no GUI tab even after two reboots.

1617476417585.png


1617476520338.png


1617476459378.png


2. I have removed Entware and unbound before reinstalling unbound with Entware (plus option 6), still no GUI tab after two more reboots.

Therefore before I erase, reformat my USB drive then reinstall all my addons, is there another less complex solution that could help me to get the unbound GUI tab visible again?

Thanks.
 
I have updated to 386.2 last night (have also unmounted my USB drive prior updating) but after a successful reboot, I have noticed that the unbound GUI tab was missing from Addons (even if nothing out of order could be see from the unbound Manager/Installation script) and that it was also no longer listed from scMerlin's WebUI Addons list.

1. I have removed unbound then reinstalled it (plus option 6), still no GUI tab even after two reboots.

View attachment 32771

View attachment 32773

View attachment 32772

2. I have removed Entware and unbound before reinstalling unbound with Entware (plus option 6), still no GUI tab after two more reboots.

Therefore before I erase, reformat my USB drive then reinstall all my addons, is there another less complex solution that could help me to get the unbound GUI tab visible again?

Thanks.
have you tried the "sgui" command?
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top