dave14305
Part of the Furniture
You need this as the first line of dnsmasq.postconf:
Code:
#!/bin/sh
Code:
sed -i '1s~^~#!/bin/sh\n~' /jffs/scripts/dnsmasq.postconf
chmod 755 /jffs/scripts/dnsmasq.postconf
service restart_dnsmasqUnbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)
- Thread starter Martineau
- Start date
That did the trick. Thanks for saving my time and sleep
tomsk
Very Senior Member
Oh the shebang is there for me because the dnsmasq.postconf was added by diversion ... but this install was written by the manager script?
dave14305
Part of the Furniture
unbound.postconf is from Martineau. krgck must never have had a dnsmasq.postconf and unbound_manager doesn’t (yet) account for that scenario.
tomsk
Very Senior Member
Twiglets
Senior Member
The script already has a 'merge' option that is not tied to a menu option.
A small 'edit'
can run the 'merge' code which does appear to work !!!???Not sure why it has been left out ?
tomsk
Very Senior Member
Thats not just the icing... that's the cherry on top too.The script already has a 'merge' option that is not tied to a menu option.
A small 'edit'
Not sure why it has been left out ?
joe scian
Very Senior Member
Hi Martineau
when I issue the command below I get
and now my syslog is filled up with. A router reboot fixes the syslog spam below but I wont issue that ad command again. !
when I issue the command below I get
Code:
A:Option ==> ad
cp: write error: No space left on device
sed: write errorand now my syslog is filled up with. A router reboot fixes the syslog spam below but I wont issue that ad command again. !
Code:
May 11 21:08:09 RT-AC5300-0680 syslog: Error locking /var/lock/networkmap.lock: 28 No space left on device
May 11 21:08:09 RT-AC5300-0680 syslog: Error unlocking -1: 9 Bad file descriptor
May 11 21:08:09 RT-AC5300-0680 syslog: Error locking /var/lock/networkmap.lock: 28 No space left on device
May 11 21:08:09 RT-AC5300-0680 syslog: Error unlocking -1: 9 Bad file descriptor
May 11 21:08:09 RT-AC5300-0680 syslog: Error locking /var/lock/networkmap.lock: 28 No space left on device
May 11 21:08:09 RT-AC5300-0680 syslog: Error unlocking -1: 9 Bad file descriptor
May 11 21:08:09 RT-AC5300-0680 syslog: Error locking /var/lock/networkmap.lock: 28 No space left on device
May 11 21:08:09 RT-AC5300-0680 syslog: Error unlocking -1: 9 Bad file descriptor
May 11 21:08:09 RT-AC5300-0680 syslog: Error locking /var/lock/networkmap.lock: 28 No space left on device
May 11 21:08:09 RT-AC5300-0680 syslog: Error unlocking -1: 9 Bad file descriptor
May 11 21:08:14 RT-AC5300-0680 syslog: Error locking /var/lock/cfg_mnt.lock: 28 No space left on device
Last edited:
Martineau
Part of the Furniture
Whoops!
In trying to tidy up 'unbound.conf' v1.10, I 'helpfully' added a comment....see this commit
Clearly the original code
Code:
[ -n "$(grep "^interface: 127.0.0.1@53$" /opt/var/lib/unbound/unbound.conf)" ] && sed 's/^interface: 127\.0\.0\.1@53$/#interface: 127\.0\.0\.1@53/' /opt/var/lib/unbound/unbound.confI'll push a Hotfix later.
Last edited:
tomsk
Very Senior Member
I was having a look around for other organisations suppling RPZ data other than spamhaus . seems the other main player is SURBL .... the SURBL combined list is interesting in the way they use ip to show what list its from http://www.surbl.org/lists
Last edited:
Martineau
Part of the Furniture
OK, what size blocking list do you use?
juched
Very Senior Member
Thanks, fixed and pushed to master. I also pushed YT ad block script to master as well.
Martineau
Part of the Furniture
What?
The option is only enabled if explicitly requested, and logging to 'syslog-ng/scribe' is also explicitly ENABLED.
The design/reasoning was that if unbound logging was ENABLED, then previously as there was no housekeeping performed on the size of the log, it could silently fill the disk a lot quicker.
e.g. explicitly ENABLE the setting
Code:
e = Exit Script [?]
A:Option ==> adblock track
Option Auto Reply 'y' Installing Ads and Tracker (Ad Block) Blocking.....
adblock/gen_adblock.sh downloaded successfully
adblock/permlist downloaded successfully
Custom '/opt/share/unbound/configs/blocksites' already exists - 'adblock/blocksites' download skipped
Custom '/opt/share/unbound/configs/allowsites' already exists - 'adblock/allowsites' download skipped
Custom '/opt/share/unbound/configs/blockhost' already exists - 'adblock/blockhost' download skipped
Custom '/opt/share/unbound/configs/allowhost' already exists - 'adblock/allowhost' download skipped
Creating Daily cron job for Ad and Tracker update
Executing '/opt/var/lib/unbound/adblock/gen_adblock.sh'.....
_____ _ _ _ _
| _ |_| | |_| |___ ___| |_
| | . | . | | . | _| '_|
|__|__|___|___|_|___|___|_,_|
(gen_adblock.sh): 3200 @juched - v1.0.6 - Thanks to @SomeWhereOverTheRainBow
Removing possible temporary files..
Downloading list(s) from block site(s) configured...
Attempting to Download 1 of 4 from https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts.
######################################################################## 100.0%
Attempting to Download 4 of 4 from https://raw.githubusercontent.com/llacb47/mischosts/master/tiktok-hosts.
######################################################################## 100.0%
Attempting to Download 7 of 4 from https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hacked-domains.list.
######################################################################## 100.0%
Attempting to Download 8 of 4 from https://blocklist.cyberthreatcoalition.org/vetted/domain.txt.
######################################################################## 100.0%
Downloading list(s) from allow site(s) configured...
Adding user requested hosts to list...
Removing user requested hosts from list...
Removing required hosts from list...
Removing unnecessary formatting from the domain list...
Generating Unbound adservers file...
(gen_adblock.sh): 3200 Number of adblocked hosts: 77143
Generating Unbound unload/load lists...
Loading/Unload Unbound local-zones to take effect...
removed 77143 zones
added 77143 zones
Removing temporary files...
Adblock update complete!
Logging Ad Block BLOCKED domains to scribe
Last edited:
juched
Very Senior Member
What?
The option is only enabled if explicitly requested, and logging to 'syslog-ng/scribe' is also explicitly ENABLED.
The design/reasoning was that if unbound logging was ENABLED, then previously as there was no housekeeping performed on the size of the log, it could silently fill the disk a lot quicker.
e.g. explicitly ENABLE the setting
I suppose now that logging housekeeping should no longer be an issue, as @juched's GUI stats can use the metrics, I suppose I could change the criteria to auto-enable if 'sgui' is enabled?Code:e = Exit Script [?] A:Option ==> adblock track Option Auto Reply 'y' Installing Ads and Tracker (Ad Block) Blocking..... adblock/gen_adblock.sh downloaded successfully adblock/permlist downloaded successfully Custom '/opt/share/unbound/configs/blocksites' already exists - 'adblock/blocksites' download skipped Custom '/opt/share/unbound/configs/allowsites' already exists - 'adblock/allowsites' download skipped Custom '/opt/share/unbound/configs/blockhost' already exists - 'adblock/blockhost' download skipped Custom '/opt/share/unbound/configs/allowhost' already exists - 'adblock/allowhost' download skipped Creating Daily cron job for Ad and Tracker update Executing '/opt/var/lib/unbound/adblock/gen_adblock.sh'..... _____ _ _ _ _ | _ |_| | |_| |___ ___| |_ | | . | . | | . | _| '_| |__|__|___|___|_|___|___|_,_| (gen_adblock.sh): 3200 @juched - v1.0.6 - Thanks to @SomeWhereOverTheRainBow Removing possible temporary files.. Downloading list(s) from block site(s) configured... Attempting to Download 1 of 4 from https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts. ######################################################################## 100.0% Attempting to Download 4 of 4 from https://raw.githubusercontent.com/llacb47/mischosts/master/tiktok-hosts. ######################################################################## 100.0% Attempting to Download 7 of 4 from https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hacked-domains.list. ######################################################################## 100.0% Attempting to Download 8 of 4 from https://blocklist.cyberthreatcoalition.org/vetted/domain.txt. ######################################################################## 100.0% Downloading list(s) from allow site(s) configured... Adding user requested hosts to list... Removing user requested hosts from list... Removing required hosts from list... Removing unnecessary formatting from the domain list... Generating Unbound adservers file... (gen_adblock.sh): 3200 Number of adblocked hosts: 77143 Generating Unbound unload/load lists... Loading/Unload Unbound local-zones to take effect... removed 77143 zones added 77143 zones Removing temporary files... Adblock update complete! Logging Ad Block BLOCKED domains to scribe
I think so, since every hour I flush those message as well, and support both scribe and non-scribe logging.
Would be good to have an "option" to use "sgui extended" to enable log-replies as well, so you can get extended stats showing all requested queries. Works even if dnsmasq disable is not used. No need to enable log-queries for extended stats, and my script will flush those lines from the log as well, so the disk should not fill up.
Thoughts?
Martineau
Part of the Furniture
I've uploaded v3.12
use 'u' to update when prompted on screen
Use of the 'i = Update unbound Installation' ** not required **
Thanks again to the usual suspects for proof reading/bug reporting.
Version=3.12
Github md5=4a207524e455366859549c3cce137e95
Github md5=4a207524e455366859549c3cce137e95
use 'u' to update when prompted on screen
Use of the 'i = Update unbound Installation' ** not required **
Code:
FIX: If '/jffs/scripts/dnsmasq.postconf doesn't exist then create it with '#!/bin/sh' (and execute attributes) before adding 'sh /jffs/scripts/addons/unbound/unbound.postconf' - @dave14305
FIX: dnsmasq bypass, 'unbound.conf' v1.10 added a comment, so switching back to dnsmasq as Primary DNS, unbound now correctly releases '127.0.0.1@53' - @tomsk
FIX: 'ad' to use '/opt/tmp/' rather than '/tmp/' - @joe scian
CHANGE: If 'sgui' ENABLED and 'adblock' requested then ENABLE tracking of blocked domains 'log-local-actions: yes' - @joe scian
CHANGE: 'youtube' YT Video Ad blocking will now retrieve script from @juched's Github master branch rather than his dev branch.
CHANGE: Enhance 'debug' diagnostics
ADD: 'youtube [view | edit]' to allow access (for the curious) to the current YT blocked domains
CHANGE: '?' command, include clickable URL link to unbound v1.10.0 manual
About unbound: https://nlnetlabs.nl/projects/unbound/about/ , Manual https://nlnetlabs.nl/documentation/unbound/unbound.conf/Thanks again to the usual suspects for proof reading/bug reporting.
Last edited:
Martineau
Part of the Furniture
'lo = Enable Logging' currently ENABLEs both queries and replies, and 'lx Disable Logging' DISABLEs them.
I have added 'sgui all' which will now enable tracking of the Ad Blocking ('log-local-actions: yes') but if logging is DISABLED then it is obviously irrelevant until logging is ENABLED.
juched
Very Senior Member
Log local actions should always work, even if log replies or log queries is disabled. So what do you mean that logging needs to be enabled? What does logging enabled or disabled mean to you? Verbosity?
Martineau
Part of the Furniture
Yes
Martineau
Part of the Furniture
Similar threads
Similar threads
Similar threads
-
Unbound Force all DNS requests through Unbound using iptables?- Started by muffintastic
- Replies: 14
-
-
-
-
-
-
Is it possible to use nord dns with unbound or any way to add it?- Started by Jack-Sparr0w
- Replies: 9
-
-
Unbound Use unbound/router as default DNS server
- Started by BeachGuy
- Replies: 2
-
Latest threads
-
-
AX88U will only connect at 80Mhz
- Started by antik
- Replies: 2
-
QNAP Firmware 5.2.2.xxx Update destroys Login and Data- Started by PR3MIUM
- Replies: 1
-
-
Best way to fully disable multicasting, STP, and other features?
- Started by SDF07S
- Replies: 0
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!