Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)
- Thread starter Martineau
- Start date
Thank you, now everything is working OK. Adblock and youtube Ad.Apologies, there is a typo in the cron schedule preventing the every 5 minute job from constantly monitoring/refreshing the dynamic YT Ad Servers list.
Please ensure you download the latest v3.11 Hotfix and follow the instructions in the v3.11 post#
Great job.
Martineau
Part of the Furniture
I believe this is the current number of YT IP domains forced to the YT IP Address
You can view the local-datas loaded into unbound
Hmmm, might be worth adding this metric to the '?' display ?
[✔] YouTube Ad Blocking (Forcing to use YT IP 173.194.135.104) Count=nn
You can view the local-datas loaded into unbound
Code:
unbound-control list_local_data | grep -F "googlevideo.com" | awk 'END{print "Total="NR} { print NR, $0 }''[✔] YouTube Ad Blocking (Forcing to use YT IP 173.194.135.104) Count=nn
Last edited:
Martineau said:Hmmm, might be worth adding this metric to the '?' display ?
[✔] YouTube Ad Blocking (Forcing to use YT IP 173.194.135.104) Count=nn
I believe that would be consistent with:
Code:
[✔] Ad and Tracker Blocking (No. of Adblock domains=55203,Blocked Hosts=0,Whitelist=19)
juched
Very Senior Member
People finding YT ad blocking is working well? If so, I will move the script to my master branch from the dev branch.
Please reply with your findings.
QuikSilver
Very Senior Member
Whats difference between unbound YT blocker and using diversion YT blocker? Is it the same script but separate for those who prefer unbound with ad blocking as opposed to unbound with diversion for ad blocking?
tomsk
Very Senior Member
Its the same idea but executed differently... Diversion lifts the domains from the dnsmasq.log and unbound lifts them from a cache dump
joe scian
Very Senior Member
Any idea what the logic is behind which YT IP address is chosen ? Eg when Unbound is primary DNS for all LAN clients my YT IP address is 220.233.204.109. When dnsmasq is enabled and Diversion is active The forced IPv4 address for YT is: 173.194.28.9
tomsk
Very Senior Member
For unbound it simply uses the first one it finds in the initial cache dump
Code:
echo "No stored IP in file $ipYTforce, checking cache for an ip..."
unbound-control dump_cache | awk '/.*\.googlevideo.*\.[0-9].*\./{print $5;exit}' > "$ipYTforce"joe scian
Very Senior Member
The services-start entries for adblock and ytadblock are as below when these services are enabled in unbound -
I believe they should be
Code:
cru a ytadblock "*/5 * * * * "/opt/var/lib/unbound/adblock/gen_ytadblock.sh" # unbound_manager
cru a adblock "0 5 * * * "/opt/var/lib/unbound/adblock/gen_adblock.sh" # unbound_managerI believe they should be
Code:
cru a ytadblock "*/5 * * * * /opt/var/lib/unbound/adblock/gen_ytadblock.sh" # unbound_manager
cru a adblock "0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh" # unbound_managerjoe scian
Very Senior Member
Seems to be working well here
glehel@AC86U-VPN:/tmp/home/root# nslookup Zara-Moto-G.SAFENET-AC86U.
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
Name: Zara-Moto-G.SAFENET-AC86U.
Address 1: 192.168.1.112 Zara-Moto-G
working! I added manual domain line in unbound.conf.localhosts all ip!
Last edited:
tomsk
Very Senior Member
A query for @juched here ..... just doing some reading about local-zone and local data, the documentation says that a local zone contains local data
Would it be better to use a redirect zone for YT ads like the example below, or is it sufficient to just use local data as you have an exact match?
Im assuming you can get away with just creating a local zone for the adblocking because there will be no matching local data and the nxdomain will be provided as default zone behaviour.
Code:
local-zone: <zone> <type>
Configure a local zone. The type determines the answer to give
if there is no match from local-data. The types are deny,
refuse, static, transparent, redirect, nodefault, typetranspar-
ent, inform, inform_deny, inform_redirect, always_transparent,
always_refuse, always_nxdomain, noview, and are explained below.
After that the default settings are listed. Use local-data: to
enter data into the local zone. Answers for local zones are
authoritative DNS answers. By default the zones are class IN.
local-data: "<resource record string>"
Configure local data, which is served in reply to queries for it.
The query has to match exactly unless you configure the local-zone
as redirect. If not matched exactly, the local-zone type deter-
mines further processing. If local-data is configured that is not
a subdomain of a local-zone, a transparent local-zone is config-
ured. For record types such as TXT, use single quotes, as in
local-data: 'example. TXT "text"'.Would it be better to use a redirect zone for YT ads like the example below, or is it sufficient to just use local data as you have an exact match?
Code:
## DnsSpoof of unwanted or restricted sites
local-zone: "doubleclick.net" redirect
local-data: "doubleclick.net A 10.0.0.111"
local-zone: "facebook.com" redirect
local-data: "facebook.com A 10.0.0.111"Im assuming you can get away with just creating a local zone for the adblocking because there will be no matching local data and the nxdomain will be provided as default zone behaviour.
Code:
always_nxdomain
Like static, but ignores local data and returns nxdomain for
the query.
Code:
local-zone: "000owamail0.000webhostapp.com" always_nxdomain
local-zone: "000tristanprod.free.fr" always_nxdomain
local-zone: "005.free-counter.co.uk" always_nxdomain
local-zone: "006.free-counter.co.uk" always_nxdomain
local-zone: "006.freecounters.co.uk" always_nxdomain
local-zone: "007.free-counter.co.uk" always_nxdomain
local-zone: "007angels.com" always_nxdomain
local-zone: "008.free-counter.co.uk" always_nxdomain
local-zone: "008.free-counters.co.uk" always_nxdomain
local-zone: "00author.com" always_nxdomain
local-zone: "00go.com" always_nxdomain
local-zone: "00it.com" always_nxdomain
Last edited:
Centrifuge
Senior Member
Awesome teamwork on this script and feature. I could use some help with facebook being blocked. I don't use unbound adblock or the firewall feature. I followed dnsmasq but nothing was being blocked:
Thats an example just following "facebook". The browser returns the server stopped responding error...So I turned off Diversion, didn't make a difference, so I turned off unbound and I could access facebook again.
Code:
May 9 22:23:53 dnsmasq[14483]: query[A] www.facebook.com from 192.168.50.129
May 9 22:23:53 dnsmasq[14483]: query[A] www.facebook.com from 192.168.50.129
May 9 22:23:53 dnsmasq[14483]: forwarded www.facebook.com to 127.0.0.1
May 9 22:23:53 dnsmasq[14483]: forwarded www.facebook.com to 127.0.0.1
May 9 22:23:53 dnsmasq[14483]: reply www.facebook.com is <CNAME>
May 9 22:23:53 dnsmasq[14483]: reply www.facebook.com is <CNAME>
May 9 22:23:53 dnsmasq[14483]: reply star-mini.c10r.facebook.com is 157.240.11.35
May 9 22:23:53 dnsmasq[14483]: reply star-mini.c10r.facebook.com is 157.240.11.35
May 9 22:23:57 dnsmasq[14483]: query[A] mqtt.c10r.facebook.com from 192.168.50.230
May 9 22:23:57 dnsmasq[14483]: query[A] mqtt.c10r.facebook.com from 192.168.50.230
May 9 22:23:57 dnsmasq[14483]: forwarded mqtt.c10r.facebook.com to 127.0.0.1
May 9 22:23:57 dnsmasq[14483]: forwarded mqtt.c10r.facebook.com to 127.0.0.1
May 9 22:23:57 dnsmasq[14483]: reply mqtt.c10r.facebook.com is 157.240.11.12
May 9 22:23:57 dnsmasq[14483]: reply mqtt.c10r.facebook.com is 157.240.11.12
May 9 22:23:58 dnsmasq[14483]: query[A] www.facebook.com from 192.168.50.129
May 9 22:23:58 dnsmasq[14483]: query[A] www.facebook.com from 192.168.50.129
May 9 22:23:58 dnsmasq[14483]: forwarded www.facebook.com to 127.0.0.1
May 9 22:23:58 dnsmasq[14483]: forwarded www.facebook.com to 127.0.0.1
May 9 22:23:58 dnsmasq[14483]: reply www.facebook.com is <CNAME>
May 9 22:23:58 dnsmasq[14483]: reply www.facebook.com is <CNAME>
May 9 22:23:58 dnsmasq[14483]: reply star-mini.c10r.facebook.com is 157.240.11.35
May 9 22:23:58 dnsmasq[14483]: reply star-mini.c10r.facebook.com is 157.240.11.35
May 9 22:23:58 dnsmasq[14483]: query[AAAA] www.facebook.com from 192.168.50.129
May 9 22:23:58 dnsmasq[14483]: query[AAAA] www.facebook.com from 192.168.50.129
May 9 22:23:58 dnsmasq[14483]: forwarded www.facebook.com to 127.0.0.1
May 9 22:23:58 dnsmasq[14483]: forwarded www.facebook.com to 127.0.0.1
May 9 22:23:58 dnsmasq[14483]: reply www.facebook.com is <CNAME>
May 9 22:23:58 dnsmasq[14483]: reply www.facebook.com is <CNAME>
May 9 22:23:58 dnsmasq[14483]: reply star-mini.c10r.facebook.com is 2a03:2880:f10d:183:face:b00c:0:25de
May 9 22:23:58 dnsmasq[14483]: reply star-mini.c10r.facebook.com is 2a03:2880:f10d:183:face:b00c:0:25deMartineau
Part of the Furniture
Many thanks, I've pushed Hotfix
Version=3.11
Github md5=0169d1a43328ea13b4b559a25c4a3825
Github md5=0169d1a43328ea13b4b559a25c4a3825
Martineau
Part of the Furniture
Thanks for the feedback.
So how is 'Zara-Moto-G' actually defined/assigned when only using dnsmasq?
Martineau
Part of the Furniture
My question is "How does dnsmasq assign the name?"
Can you print the record from '/etc/dnsmasq.conf'
Martineau
Part of the Furniture
I don't do consistent, well apart from perpetually issuing Hotfixes due to stupid typos or brain-dead coding.
Cosmetic Hotfix
Version=3.11
Github md5=1187ed25ad68aa4d65d95add663de1e1
Github md5=1187ed25ad68aa4d65d95add663de1e1
Last edited:
'/etc/dnsmasq.conf' does not contain a hostname
Similar threads
Similar threads
Similar threads
-
Unbound Force all DNS requests through Unbound using iptables?- Started by muffintastic
- Replies: 14
-
-
-
-
-
-
Is it possible to use nord dns with unbound or any way to add it?- Started by Jack-Sparr0w
- Replies: 9
-
-
Unbound Use unbound/router as default DNS server
- Started by BeachGuy
- Replies: 2
-