What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Sorry but I cannot see how to get the Advanced menu.
from the Readme on Github

1639492777826.png
 

Attachments

  • Unbound Advanced Menu.PNG
    Unbound Advanced Menu.PNG
    81.9 KB · Views: 92
Last edited:
Looks that way. See attached Advanced menu.
OK, well I didn't write the GUI (nor do I use any of the additional User TABS), so I'll now leave it to the author... unless you can uninstall one of the other tabs to see if it is possible that you have exceeded the current TAB limit?

i.e. will it work if unbound Stats TAB occupies a single digit slot number, say slot 'user4.asp' etc.
 
OK, but does the output shown in
remain the same?
looks fine now
Code:
The following name servers are used for lookup of google.com.
;rrset 2038 4 0 2 0
google.com.     2038    IN      NS      ns2.google.com.
google.com.     2038    IN      NS      ns1.google.com.
google.com.     2038    IN      NS      ns3.google.com.
google.com.     2038    IN      NS      ns4.google.com.
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      A       216.239.38.10
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      AAAA    2001:4860:4802:38::a
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      A       216.239.36.10
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      AAAA    2001:4860:4802:36::a
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      A       216.239.32.10
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      AAAA    2001:4860:4802:32::a
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      A       216.239.34.10
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      AAAA    2001:4860:4802:34::a
Delegation with 4 names, of which 0 can be examined to query further addresses.
It provides 8 IP addresses.
2001:4860:4802:34::a    rto 267 msec, ttl 560, ping 23 var 61 rtt 267, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.34.10           not in infra cache.
2001:4860:4802:32::a    rto 329 msec, ttl 575, ping 5 var 81 rtt 329, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.32.10           not in infra cache.
2001:4860:4802:36::a    rto 355 msec, ttl 562, ping 7 var 87 rtt 355, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.36.10           not in infra cache.
2001:4860:4802:38::a    rto 279 msec, ttl 562, ping 23 var 64 rtt 279, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.38.10           not in infra cache.
 
looks fine now
Code:
The following name servers are used for lookup of google.com.
;rrset 2038 4 0 2 0
google.com.     2038    IN      NS      ns2.google.com.
google.com.     2038    IN      NS      ns1.google.com.
google.com.     2038    IN      NS      ns3.google.com.
google.com.     2038    IN      NS      ns4.google.com.
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      A       216.239.38.10
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      AAAA    2001:4860:4802:38::a
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      A       216.239.36.10
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      AAAA    2001:4860:4802:36::a
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      A       216.239.32.10
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      AAAA    2001:4860:4802:32::a
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      A       216.239.34.10
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      AAAA    2001:4860:4802:34::a
Delegation with 4 names, of which 0 can be examined to query further addresses.
It provides 8 IP addresses.
2001:4860:4802:34::a    rto 267 msec, ttl 560, ping 23 var 61 rtt 267, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.34.10           not in infra cache.
2001:4860:4802:32::a    rto 329 msec, ttl 575, ping 5 var 81 rtt 329, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.32.10           not in infra cache.
2001:4860:4802:36::a    rto 355 msec, ttl 562, ping 7 var 87 rtt 355, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.36.10           not in infra cache.
2001:4860:4802:38::a    rto 279 msec, ttl 562, ping 23 var 64 rtt 279, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.38.10           not in infra cache.
As I have no access to IPv6 (or any of the hybrid 6in4 etc.) could you provide info on what changed?
 
As I have no access to IPv6 (or any of the hybrid 6in4 etc.) could you provide info on what changed?
e.g. there was no access to ipv6 only services like
Code:
ping ipv6.google.com
ping: bad address 'ipv6.google.com'
and now
Code:
ping ipv6.google.com
PING ipv6.google.com (2a00:1450:401b:805::200e): 56 data bytes
64 bytes from 2a00:1450:401b:805::200e: seq=0 ttl=115 time=45.940 ms
 
e.g. there was no access to ipv6 only services like
Code:
ping ipv6.google.com
ping: bad address 'ipv6.google.com'
and now
Code:
ping ipv6.google.com
PING ipv6.google.com (2a00:1450:401b:805::200e): 56 data bytes
64 bytes from 2a00:1450:401b:805::200e: seq=0 ttl=115 time=45.940 ms
Clearly the root cause was your environment was configured as IPv4 only?, so I would like you to explain what you did to Enable IPv6...or was it PEBCAK ?
 
OK, well I didn't write the GUI (nor do I use any of the additional User TABS), so I'll now leave it to the author... unless you can uninstall one of the other tabs to see if it is possible that you have exceeded the current TAB limit?

i.e. will it work if unbound Stats TAB occupies a single digit slot number, say slot 'user4.asp' etc.
Is there a way to cause unbound to load earlier than some of the other scripts that also use a user number, or possibly a way to add the scripts in a defined sequence to work around unbound's restrictions?

Will you pass this thread to the author of the GUI so he can fix this?

Update: I disabled ScMerlin, then rebooted the router. After about 15 min, still no Unbound GUI. I did a screen capture of the menutree, see attached. Then I went into Unbound from amtm, saw that the GUI was NOT ENABLED, enabled it, then did another screen capture of the menutree. Also see that attached.

Since I am only installing scripts from amtm, can't you replicate this problem on your system?


Update 2: I just did a 2nd reboot of the router but after Unbound was using user8. In this case, the Unbound GUI did load automatically. So Unbound will not load the GUI if the previous time the user number was double-digit even if the current user number is not double-diigit.
 

Attachments

  • Menutree_js after ScMerlin uninstalled - after GUI enabled.PNG
    Menutree_js after ScMerlin uninstalled - after GUI enabled.PNG
    47.1 KB · Views: 90
  • Menutree_js after ScMerlin uninstalled - still no Unbound GUI.PNG
    Menutree_js after ScMerlin uninstalled - still no Unbound GUI.PNG
    44.1 KB · Views: 88
Last edited:
Clearly the root cause was your environment was configured as IPv4 only?, so I would like you to explain what you did to Enable IPv6...or was it PEBCAK ?
I had connectivity via ipv6, I was able to connect to ipv6 services typing ip but it wasn't able to do it using fqdn (unbound wasn't resolving AAAA records), at the end I redownloaded conf file
 
@TonyK132: i solved this for me by adjusting the start order in the post-mount-script....

Code:
#!/bin/sh
swapon /tmp/mnt/sda1/myswap.swp # Skynet
. /jffs/addons/diversion/mount-entware.div # Added by amtm
cru a logrotate "5 0 * * * /opt/sbin/logrotate /opt/etc/logrotate.conf >> /opt/tmp/logrotate.daily 2>&1" # added by scribe
#
#
/jffs/addons/unbound/unbound_stats.sh startup "$@" & # Unbound_Stats.sh
#
/jffs/scripts/uiScribe startup "$@" & # uiScribe
/jffs/scripts/uiDivStats startup "$@" & # uiDivStats
#
/jffs/scripts/ntpmerlin startup "$@" & # ntpMerlin
#
/jffs/scripts/spdmerlin startup "$@" & # spdMerlin
/jffs/scripts/connmon startup "$@" & # connmon
/jffs/scripts/dn-vnstat startup "$@" & # dn-vnstat
#
/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager
 
@TonyK132: i solved this for me by adjusting the start order in the post-mount-script....

Code:
#!/bin/sh
swapon /tmp/mnt/sda1/myswap.swp # Skynet
. /jffs/addons/diversion/mount-entware.div # Added by amtm
cru a logrotate "5 0 * * * /opt/sbin/logrotate /opt/etc/logrotate.conf >> /opt/tmp/logrotate.daily 2>&1" # added by scribe
#
#
/jffs/addons/unbound/unbound_stats.sh startup "$@" & # Unbound_Stats.sh
#
/jffs/scripts/uiScribe startup "$@" & # uiScribe
/jffs/scripts/uiDivStats startup "$@" & # uiDivStats
#
/jffs/scripts/ntpmerlin startup "$@" & # ntpMerlin
#
/jffs/scripts/spdmerlin startup "$@" & # spdMerlin
/jffs/scripts/connmon startup "$@" & # connmon
/jffs/scripts/dn-vnstat startup "$@" & # dn-vnstat
#
/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager
Thanks, that solved my problem. It also gives me the benefit of giving some control of the order of the tabs in the AddOn menu.
 
I seems to be having issues with unbound not correctly probing domains that are blocked by default.
I've already added said 'blocked domains' to the whitelist however sometimes unbound seems to fail for no reason and my current method of solving this issue is to ssh into the router and reload my unbound config before it start working again. I've been doing this for the past few month pretty much daily. Not sure why does it fail every night.
Is there anything I should do or try to solve this problem or any way for me to automate the reloading of config for unbound?
 
So I've had YouTube Ad Blocking enabled for several days. I have the below number of domains identified, but I am still seeing ads. How long does it take before it blocks ads?

Code:
 [✔] YouTube Ad Blocking (Forcing to use YT IP 172.217.131.200, No. of YouTube Video Ad domains=224)
 
So I've had YouTube Ad Blocking enabled for several days. I have the below number of domains identified, but I am still seeing ads. How long does it take before it blocks ads?

Code:
 [✔] YouTube Ad Blocking (Forcing to use YT IP 172.217.131.200, No. of YouTube Video Ad domains=224)
I guess you still have a long way to go as I have diversion YT ad blocking enabled and it current have 4129 registered
 
In addition to running diversion + skynet on my router, I also have a pihole on a separate device. If I run unbound on merlin, would it affect my pihole setting? Alternatively, do I need to tweak unbound settings on my router to take the pihole into account? Of course I will use unbound just for DNS and not for adblocking.

Thanks for your help!
 
Just getting started running unbound (and possibly Diversion) on my AX86U, 386.4 RMerlin code. Installed via amtm and seems to be working OK, but I have questions about what I am seeing, and I hope someone can help a new user :)

1. In the dnsmasq and unbound logs, I see a fairly high rate of queries for names on my local lan. The A queries are answered by dnsmasq as expected, but the AAAA queries seem to be forwarded from dnsmasq to unbound and upwards to the root servers, getting an (expected) NXDOMAIN reply. My understanding was that dnsmasq would not forward queries to the local lan devices? Is that behavior different or expected for these IPv6 address queries? Is there a setting or config in dnsmasq to prevent this?
2. nslookups to local lan devices only show IPv4 address, not IPv6. Is that expected or related to #1 above?
3. unbound cache hit rates are kind of low, around 58%, is that also an artifact of this "extra" local AAAA query traffic?
4. Is there any definitive guidance about how to set the basic router GUI DNS settings for unbound? I have read MANY postings here, but still wonder if I have something set wrong to cause this. IPv6 DNS server? WAN DNS server? LAN DHCP DNS? I have tried to follow all the threads, and also thought many of these are not relevant once unbound takes control.
5. Is there a description of the data flows for DNS requests when
 
I would love to see a scheduled, periodic save feature of the cache.
So when my router unexpectetly reboots, I won't lose all the cache.
Sometimes I reboot the router and forget about unbound and its cache.
 
I would love to see a scheduled, periodic save feature of the cache.
So when my router unexpectetly reboots, I won't lose all the cache.
Sometimes I reboot the router and forget about unbound and its cache.
The 'feature' has been available since v2.02?, but most aren't obsessed/fixated with cache....hence no auto-schedule


Ensure you are running in Advanced Menu mode; then check that auto-restore @boot is ENABLED
Code:
e  = Exit Script [?]

A:Option ==> dumpcache bootrest

07:56:55 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=8006/356 rrset.cache=14122/1639
    NOTE: unbound cache will be automatically RESTORED on REBOOT (see /jffs/scripts/post-mount)

'/jffs/scripts/post-mount'
Code:
# If unbound UP, reload the cache if file is less than 10 mins old - requires Entware's '/opt/bin/find'
FN="/opt/share/unbound/configs/cache.txt";if [ -n "$(pidof unbound)" ] && [ -s $FN ] && [ -n "$(/opt/bin/find $FN -type f -mmin -10)" ];then TIMESTAMP=$(date -r $FN "+%Y-%m-%d %H:%M:%S");unbound-control load_cache < $FN; rm $FN; logger -st "($(basename $0))" "unbound cache RESTORED from '$FN'" $TIMESTAMP;fi # unbound_manager

Now manually schedule the cache save (obviously you should really check to see if unbound is UP before attempting the save!)

Code:
cru a unbound_cache "*/1 * * * *" "unbound-control dump_cache > /opt/share/unbound/configs/cache.txt"
Code:
cru l

*/1 * * * * unbound-control dump_cache > /opt/share/unbound/configs/cache.txt #unbound_cache#
Check cron is dumping the cache to the file on schedule ...
Code:
watch ls -l /opt/share/unbound/configs/cache.txt
 
Last edited:
Hi @Martineau - love the script and it's been running great for many moons. Currently trying to enable the self same 'feature', but can't seem to get past step one. Instead of

Code:
e  = Exit Script [?]
A:Option ==> dumpcache bootrest
07:56:55 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=8006/356 rrset.cache=14122/1639
NOTE: unbound cache will be automatically RESTORED on REBOOT (see /jffs/scripts/post-mount)

I get

Code:
e  = Exit Script [?]
E:Option ==> dumpcache bootrest
Invalid Option "dumpcache bootrest" Please enter a valid option

New to this and finding my feet so please bear with me, but I'm a bit stumped...
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top