Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[tomsk]

Hi @Martineau for the v3.18 release i see you no longer show the valid views type along with the syntax or the RR example when redirect type is used. I found it quite a useful reference personally, did it have to go because of your readline emulation changes?

 

[Martineau]

Hi @Martineau for the v3.18 release i see you no longer show the valid views type along with the syntax or the RR example when redirect type is used. I found it quite a useful reference personally, did it have to go because of your readline emulation changes?

Whoops!

Good job someone checks the version release (especially the niche features), i.e. v3.18 suddenly became v3.16+ the cosmetic 'readline' change i.e. v3.17 never existed.

I've upload a Hotfix

Version: v3.18
Github md5=6abea14498cf88888bbf6303755ce86b
​

Again, many thanks for your vigilance.

 

[Ubimo]

I get an error during install. How can I resolve this?

Spoiler

E:Option ==> 1

Router Configuration recommended pre-reqs status:

[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO

Options:

[✔] unbound Logging
[✔] unbound-control FAST response ENABLED

UPDATEing unbound
Entware package list successfully updated
Package unbound-checkconf (1.10.0-2) installed in root is up to date.
Installing unbound-control-setup (1.10.0-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control-setup_1.10.0-2_armv7-2.6.ipk
Installing openssl-util (1.1.1d-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/openssl-util_1.1.1d-2_armv7-2.6.ipk
Package unbound-control (1.10.0-2) installed in root is up to date.
Package unbound-anchor (1.10.0-2) installed in root is up to date.
Package unbound-daemon (1.10.0-2) installed in root is up to date.
Configuring openssl-util.
Configuring unbound-control-setup.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
unbound Entware packages 'unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon' successfully installed
Initialising 'unbound-control-setup' to generate SSL Keys
setup in directory /opt/var/lib/unbound
unbound_server.key exists
unbound_control.key exists
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
Removing package unbound-control-setup from root...
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Removing package openssl-util from root...
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Package column (2.35.1-1) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'column' successfully installed
Package diffutils (3.7-2) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'diffutils' successfully installed
Package bind-dig (9.14.8-1) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'bind-dig' successfully installed
Package haveged (1.9.8-2) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'haveged' successfully installed
Updating S02haveged
S02haveged downloaded successfully
Shutting down haveged... done.
Starting haveged... done.
Customising 'dnsmasq.postconf' (aka '/jffs/addons/unbound/unbound.postconf')
Updating S61unbound
S61unbound downloaded successfully
Generating unbound-anchor 'root.key'.....
/opt/sbin/unbound-anchor: error while loading shared libraries: libunbound.so.8: cannot open shared object file: No such file or directory
Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
###################################################################################################################################################################################################################################### 100.0%
Retrieving Custom unbound configuration
unbound.conf downloaded successfully
doc/example.conf.in downloaded successfully
Checking IPv6.....
Customising unbound configuration Options:

Do you want to ENABLE unbound logging? (NO recommended)

Reply 'y' or press ENTER to skip

unbound-checkconf: error while loading shared libraries: libunbound.so.8: cannot open shared object file: No such file or directory
Restarting dnsmasq.....
Done.

***ERROR FATAL...ABORTing!

 

[tomsk]

I get an error during install. How can I resolve this?

Spoiler

E:Option ==> 1

Router Configuration recommended pre-reqs status:

[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO

Options:

[✔] unbound Logging
[✔] unbound-control FAST response ENABLED

UPDATEing unbound
Entware package list successfully updated
Package unbound-checkconf (1.10.0-2) installed in root is up to date.
Installing unbound-control-setup (1.10.0-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control-setup_1.10.0-2_armv7-2.6.ipk
Installing openssl-util (1.1.1d-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/openssl-util_1.1.1d-2_armv7-2.6.ipk
Package unbound-control (1.10.0-2) installed in root is up to date.
Package unbound-anchor (1.10.0-2) installed in root is up to date.
Package unbound-daemon (1.10.0-2) installed in root is up to date.
Configuring openssl-util.
Configuring unbound-control-setup.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
unbound Entware packages 'unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon' successfully installed
Initialising 'unbound-control-setup' to generate SSL Keys
setup in directory /opt/var/lib/unbound
unbound_server.key exists
unbound_control.key exists
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
Removing package unbound-control-setup from root...
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Removing package openssl-util from root...
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Package column (2.35.1-1) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'column' successfully installed
Package diffutils (3.7-2) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'diffutils' successfully installed
Package bind-dig (9.14.8-1) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'bind-dig' successfully installed
Package haveged (1.9.8-2) installed in root is up to date.
Collected errors:
* pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
Entware package 'haveged' successfully installed
Updating S02haveged
S02haveged downloaded successfully
Shutting down haveged... done.
Starting haveged... done.
Customising 'dnsmasq.postconf' (aka '/jffs/addons/unbound/unbound.postconf')
Updating S61unbound
S61unbound downloaded successfully
Generating unbound-anchor 'root.key'.....
/opt/sbin/unbound-anchor: error while loading shared libraries: libunbound.so.8: cannot open shared object file: No such file or directory
Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
###################################################################################################################################################################################################################################### 100.0%
Retrieving Custom unbound configuration
unbound.conf downloaded successfully
doc/example.conf.in downloaded successfully
Checking IPv6.....
Customising unbound configuration Options:

Do you want to ENABLE unbound logging? (NO recommended)

Reply 'y' or press ENTER to skip

unbound-checkconf: error while loading shared libraries: libunbound.so.8: cannot open shared object file: No such file or directory
Restarting dnsmasq.....
Done.

***ERROR FATAL...ABORTing!

try reinstalling the libunbound-light package

opkg install --force-reinstall libunbound-light

Then install unbound manager

 

[Ubimo]

Hm, I get this:

admin@Router83:/tmp/home/root# opkg install --force-reinstall libunbound-light
Removing package libunbound-light from root...
Installing libunbound-light (1.10.0-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/libunbound-light_1.10.0-2_armv7-2.6.ipk
Configuring libunbound-light.
Collected errors:
 * pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
 * pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
admin@R7000-CD47:/tmp/home/root#

 

[tomsk]

Hm, I get this:

admin@Router83:/tmp/home/root# opkg install --force-reinstall libunbound-light
Removing package libunbound-light from root...
Installing libunbound-light (1.10.0-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/libunbound-light_1.10.0-2_armv7-2.6.ipk
Configuring libunbound-light.
Collected errors:
 * pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
 * pkg_get_installed_files: Failed to open //opt/lib/opkg/info/libunbound-light.list: No such file or directory.
admin@R7000-CD47:/tmp/home/root#

Thats odd ... bit out of my knowledge... entware savvy guys might know. Its just a text file

/opt/lib/libunbound.so.8
/opt/lib/libunbound.so.8.1.7

Not sure if

opkg install --force-maintainer libunbound-light

would work?... not really a config file....
I think you have uninstalled/reinstalled unbound manager that many times that something funky is going on with the entware now

 

[Martineau]

Howto: Check if unbound is able to cache domain requests.​

It is fairly trivial to be able to test the caching capabilities of unbound, so here is my simple test that requires two concurrent SSH sessions and should take 10mins or less

NOTE: dnsmasq will immediately resume DNS duties when unbound is terminated.

Stop unbound either using unbound_manager '3/x'
or

/opt/etc/init.d/S61unbound stop

Now start unbound manually in a SSH terminal session

unbound -dd -v

[1591887896] unbound[20530:0] notice: Start of unbound 1.10.0.
Jun 11 15:04:58 unbound[20530:0] notice: init module 0: respip
Jun 11 15:04:58 unbound[20530:0] notice: init module 1: validator
Jun 11 15:04:58 unbound[20530:0] notice: init module 2: iterator
Jun 11 15:04:58 unbound[20530:0] info: start of service (unbound 1.10.0).

Now in a separate SSH session issue:

unbound-control stats_noreset | grep -F total.num

total.num.queries=0
total.num.queries_ip_ratelimited=0
total.num.cachehits=0
total.num.cachemiss=0
total.num.prefetch=0
total.num.expired=0
total.num.recursivereplies=0

and you can see that all stats are zero.

Back in the unbound SSH session screen, there should now be an additional line showing the Statistics request:

Jun 11 15:05:12 unbound[20530:0] info: control cmd:  stats_noreset

Now use 'dig' to retrieve the test domain DNS in full. I will use 'www.google.com'

dig www.google.com @127.0.0.1 -p 53535

; <<>> DiG 9.14.8 <<>> www.google.com @127.0.0.1 -p 53535
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1536
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.google.com.            IN    A

;; ANSWER SECTION:
www.google.com.        300    IN    A    216.58.210.228

;; Query time: 87 msec
;; SERVER: 127.0.0.1#53535(127.0.0.1)
;; WHEN: Thu Jun 11 15:13:01 UTC 2020
;; MSG SIZE  rcvd: 59

Back in the unbound SSH session you should now see the lines for the DNS query (in my case 'www.google.com')

Jun 11 15:13:01 unbound[20530:0] query: 127.0.0.1 www.google.com. A IN
Jun 11 15:13:01 unbound[20530:0] info: resolving www.google.com. A IN
Jun 11 15:13:01 unbound[20530:0] info: query response was REFERRAL
Jun 11 15:13:01 unbound[20530:0] info: resolving . DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: query response was ANSWER
Jun 11 15:13:01 unbound[20530:0] info: resolving com. DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: response for com. DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: reply from <com.> 192.5.6.30#53
Jun 11 15:13:01 unbound[20530:0] info: query response was ANSWER
Jun 11 15:13:01 unbound[20530:0] info: response for www.google.com. A IN
Jun 11 15:13:01 unbound[20530:0] info: reply from <com.> 192.42.93.30#53
Jun 11 15:13:01 unbound[20530:0] info: query response was REFERRAL
Jun 11 15:13:01 unbound[20530:0] info: response for www.google.com. A IN
Jun 11 15:13:01 unbound[20530:0] info: reply from <google.com.> 216.239.32.10#53
Jun 11 15:13:01 unbound[20530:0] info: query response was ANSWER
Jun 11 15:13:01 unbound[20530:0] info: prime trust anchor
Jun 11 15:13:01 unbound[20530:0] info: generate keytag query _ta-4f66. NULL IN
Jun 11 15:13:01 unbound[20530:0] info: resolving . DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: validate keys with anchor(DS): sec_status_secure
Jun 11 15:13:01 unbound[20530:0] info: Successfully primed trust anchor . DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: resolving _ta-4f66. NULL IN
Jun 11 15:13:01 unbound[20530:0] info: query response was NXDOMAIN ANSWER
Jun 11 15:13:01 unbound[20530:0] info: validated DS com. DS IN
Jun 11 15:13:01 unbound[20530:0] info: resolving . DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: resolving com. DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: validated DNSKEY com. DNSKEY IN
Jun 11 15:13:01 unbound[20530:0] info: NSEC3s for the referral proved no DS.
Jun 11 15:13:01 unbound[20530:0] info: Verified that unsigned response is INSECURE
Jun 11 15:13:01 unbound[20530:0] reply: 127.0.0.1 www.google.com. A IN NOERROR 0.054704 0 59

Now view the statistics again:

unbound-control stats_noreset | grep -F total.num

total.num.queries=1
total.num.queries_ip_ratelimited=0
total.num.cachehits=0
total.num.cachemiss=1
total.num.prefetch=0
total.num.expired=0
total.num.recursivereplies=1

and for the single query there is (as expected) 1 cache miss and 0 cache hits = 0% success

If I now make a second request to the same domain

dig www.google.com @127.0.0.1 -p 53535

; <<>> DiG 9.14.8 <<>> www.google.com @127.0.0.1 -p 53535
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31479
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.google.com.            IN    A

;; ANSWER SECTION:
www.google.com.        30    IN    A    216.58.210.228

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53535(127.0.0.1)
;; WHEN: Thu Jun 11 15:18:31 UTC 2020
;; MSG SIZE  rcvd: 59

my statistics show

unbound-control stats_noreset | grep -F total.num

total.num.queries=2
total.num.queries_ip_ratelimited=0
total.num.cachehits=1
total.num.cachemiss=1
total.num.prefetch=1
total.num.expired=1
total.num.recursivereplies=1

........out of a total of 2 requests, 1 cache hit and 1 cache miss = 50% success.

Now repeat the request to the same domain for another 9 times, then review the unbound statistics:

unbound-control stats_noreset | grep -F total.num

total.num.queries=11
total.num.queries_ip_ratelimited=0
total.num.cachehits=10
total.num.cachemiss=1
total.num.prefetch=2
total.num.expired=2
total.num.recursivereplies=1

results - Out of a total of 11 requests, 1 cache miss and 10 cache hits = 90.9% success.

@Ubimo If you can try the above test using your target test domain, it may provide a clue if there is truly something wrong with unbound in your environment.

 

[Ubimo]

Not sure if

opkg install --force-maintainer libunbound-light

would work?... not really a config file....
I think you have uninstalled/reinstalled unbound manager that many times that something funky is going on with the entware now

This is the result

admin@Router83:/tmp/home/root# opkg install --force-maintainer libunbound-light
Package libunbound-light (1.10.0-2) installed in root is up to date.

Unbound is working again. Thanks!
@Martineau
Thank you for your help, I will test and report back.

 

[Ubimo]

Back in the unbound SSH session screen, there should now be an additional line showing the Statistics request:

Jun 11 15:05:12 unbound[20530:0] info: control cmd:  stats_noreset

This line doesn't show up. Also next dig command does not show up either. All I get is this:

admin@Router83:/tmp/home/root# /opt/etc/init.d/S61unbound stop
 Checking unbound...              alive.
 Shutting down unbound...              done.
admin@Router83:/tmp/home/root# unbound -dd -v
[1591898160] unbound[16051:0] notice: Start of unbound 1.10.0.
Jun 11 17:56:01 unbound[16051:0] notice: init module 0: respip
Jun 11 17:56:01 unbound[16051:0] notice: init module 1: validator
Jun 11 17:56:01 unbound[16051:0] notice: init module 2: iterator
Jun 11 17:56:01 unbound[16051:0] info: start of service (unbound 1.10.0).
Jun 11 17:56:34 unbound[16051:0] info: generate keytag query _ta-4f66. NULL IN

 

[tomsk]

I wonder is unbound-control able to communicate with the server.... can you try something simple like

unbound-control status

The server should respond with its status

version: 1.10.0
verbosity: 0
threads: 1
modules: 3 [ respip validator iterator ]
uptime: 24043 seconds
options: control
unbound (pid 6162) is running...

 

[Martineau]

I wonder is unbound-control able to communicate with the server.... can you try something simple like

unbound-control server

I think you mean

unbound-control status

 

[tomsk]

I think you mean

unbound-control status

Yes indeed ... too late at night ...corrected already
Is it possible the port is blocked or something going on with the ssl ?....
Also possible he's not working two separate SSH sessions

 

[Martineau]

Also possible he's not working two separate SSH sessions

This seems the favourite.....

 

[Ubimo]

I did the test with two seperate ssh terminals.
Output of unbound-control status is:

admin@Router83:/tmp/home/root# unbound-control status
version: 1.10.0
verbosity: 1
threads: 1
modules: 3 [ respip validator iterator ]
uptime: 15 seconds
options: control
unbound (pid 16274) is running...

Did you notice the last line I've got, but you didn't?

admin@Router83:/tmp/home/root# unbound -dd -v
[1591898160] unbound[16051:0] notice: Start of unbound 1.10.0.
Jun 11 17:56:01 unbound[16051:0] notice: init module 0: respip
Jun 11 17:56:01 unbound[16051:0] notice: init module 1: validator
Jun 11 17:56:01 unbound[16051:0] notice: init module 2: iterator
Jun 11 17:56:01 unbound[16051:0] info: start of service (unbound 1.10.0).
Jun 11 17:56:34 unbound[16051:0] info: generate keytag query _ta-4f66. NULL IN

Here is a screenshot of both ssh terminals for those who have doubts.

 

[Martineau]

I did the test with two seperate ssh terminals.
Output of unbound-control status is:

admin@Router83:/tmp/home/root# unbound-control status
version: 1.10.0
verbosity: 1
threads: 1
modules: 3 [ respip validator iterator ]
uptime: 15 seconds
options: control
unbound (pid 16274) is running...

Did you notice the last line I've got, but you didn't?

admin@Router83:/tmp/home/root# unbound -dd -v
[1591898160] unbound[16051:0] notice: Start of unbound 1.10.0.
Jun 11 17:56:01 unbound[16051:0] notice: init module 0: respip
Jun 11 17:56:01 unbound[16051:0] notice: init module 1: validator
Jun 11 17:56:01 unbound[16051:0] notice: init module 2: iterator
Jun 11 17:56:01 unbound[16051:0] info: start of service (unbound 1.10.0).
Jun 11 17:56:34 unbound[16051:0] info: generate keytag query _ta-4f66. NULL IN

Here is a screenshot of both ssh terminals for those who have doubts.

Yeah so what happens if you run the 'dig' commands as instructed?

P.S. Stop posting screen shots, cut'n'paste the text into code tags...can you do that?

 

[bluzfanmr1]

Did you notice the last line I've got, but you didn't?

admin@Router83:/tmp/home/root# unbound -dd -v
[1591898160] unbound[16051:0] notice: Start of unbound 1.10.0.
Jun 11 17:56:01 unbound[16051:0] notice: init module 0: respip
Jun 11 17:56:01 unbound[16051:0] notice: init module 1: validator
Jun 11 17:56:01 unbound[16051:0] notice: init module 2: iterator
Jun 11 17:56:01 unbound[16051:0] info: start of service (unbound 1.10.0).
Jun 11 17:56:34 unbound[16051:0] info: generate keytag query _ta-4f66. NULL IN

This is the same for me as well, though my cache stats are working as @Martineau showed above.

 

[Ubimo]

Yeah so what happens if you run the 'dig' commands as instructed?

P.S. Stop posting screen shots, cut'n'paste the text into code tags...can you do that?

This is the output of dig first time:

admin@Router83:/tmp/home/root# dig www.google.com @127.0.0.1 -p 53535

; <<>> DiG 9.14.8 <<>> www.google.com @127.0.0.1 -p 53535
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63507
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         1200    IN      A       172.217.23.4

;; Query time: 43 msec
;; SERVER: 127.0.0.1#53535(127.0.0.1)
;; WHEN: Thu Jun 11 20:37:36 UTC 2020
;; MSG SIZE  rcvd: 59

This is the output of dig second time:

admin@Router83:/tmp/home/root# dig www.google.com @127.0.0.1 -p 53535

; <<>> DiG 9.14.8 <<>> www.google.com @127.0.0.1 -p 53535
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30621
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         1108    IN      A       172.217.23.4

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53535(127.0.0.1)
;; WHEN: Thu Jun 11 20:39:08 UTC 2020
;; MSG SIZE  rcvd: 59

Back in the unbound SSH session I only see this:

admin@Router83:/tmp/home/root# e
-sh: e: not found
admin@Router83:/tmp/home/root# unbound -dd -v
[1591909935] unbound[15361:0] notice: Start of unbound 1.10.0.
Jun 11 21:12:17 unbound[15361:0] notice: init module 0: respip
Jun 11 21:12:17 unbound[15361:0] notice: init module 1: validator
Jun 11 21:12:17 unbound[15361:0] notice: init module 2: iterator
Jun 11 21:12:17 unbound[15361:0] info: start of service (unbound 1.10.0).
Jun 11 21:12:22 unbound[15361:0] info: generate keytag query _ta-4f66. NULL IN

Unbound is somehow working, thanks, but I have a strange feeling about it's caching habits.
Let me discribe it.
I've now populated the unbound cache with 42 tabs. My browser opens 42tabs/website when I start it.
Then clear the browser cache, flush dns, stop unbound, start unbound and open my browser.
In statistics I see ~260 cache hits, but there are also 13-30 cache misses.
I've repeated this procedure 8x. There are always 13-30 cache misses.
Shouldn't unbound already have cached these 13-30 DNS queries?

I have the feeling, that there is a cache leak, or unbound refuses to cache certain domain names?

Browsing the same websites is decreasing the cache hits.

unbound (pid 25511) is running... uptime: 0 Days, 00:01:22 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:19:08 DST 2020)

1  = Update unbound files and configuration                                             5  = Install Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                                                     6  = Uninstall Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                                                       7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                                                            8  = Install YouTube Ad blocker

?  = About Configuration
v  = View ('/opt/var/lib/unbound/'unbound.conf)

e  = Exit Script [?]

E:Option ==> 4

total.num.queries=245                   total.num.prefetch=1                    total.requestlist.max=3                 total.requestlist.current.user=0        msg.cache.count=1003
total.num.queries_ip_ratelimited=0      total.num.expired=1                     total.requestlist.overwritten=0         total.recursion.time.avg=0.580623       rrset.cache.count=4750
total.num.cachehits=232                 total.num.recursivereplies=13           total.requestlist.exceeded=0            total.recursion.time.median=0.196608    infra.cache.count=23
total.num.cachemiss=13                  total.requestlist.avg=0.928571          total.requestlist.current.all=0         total.tcpusage=0                        key.cache.count=18

Summary: Cache Hits success=94.00%


unbound (pid 25511) is running... uptime: 0 Days, 00:02:15 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:19:08 DST 2020)

1  = Update unbound files and configuration                                             5  = Install Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                                                     6  = Uninstall Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                                                       7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                                                            8  = Install YouTube Ad blocker

?  = About Configuration
v  = View ('/opt/var/lib/unbound/'unbound.conf)

e  = Exit Script [?]

E:Option ==> 4

total.num.queries=270                   total.num.prefetch=2                    total.requestlist.max=3                 total.requestlist.current.user=0        msg.cache.count=1047
total.num.queries_ip_ratelimited=0      total.num.expired=2                     total.requestlist.overwritten=0         total.recursion.time.avg=0.309328       rrset.cache.count=4788
total.num.cachehits=235                 total.num.recursivereplies=35           total.requestlist.exceeded=0            total.recursion.time.median=0.148945    infra.cache.count=67
total.num.cachemiss=35                  total.requestlist.avg=0.72973           total.requestlist.current.all=0         total.tcpusage=0                        key.cache.count=36

Summary: Cache Hits success=87.00%


unbound (pid 25511) is running... uptime: 0 Days, 00:13:46 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:19:08 DST 2020)

1  = Update unbound files and configuration                                             5  = Install Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                                                     6  = Uninstall Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                                                       7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                                                            8  = Install YouTube Ad blocker

?  = About Configuration
v  = View ('/opt/var/lib/unbound/'unbound.conf)

e  = Exit Script [?]

E:Option ==> 4

total.num.queries=483                   total.num.prefetch=22                   total.requestlist.max=16                total.requestlist.current.user=0        msg.cache.count=1273
total.num.queries_ip_ratelimited=0      total.num.expired=22                    total.requestlist.overwritten=0         total.recursion.time.avg=0.151879       rrset.cache.count=5277
total.num.cachehits=286                 total.num.recursivereplies=197          total.requestlist.exceeded=0            total.recursion.time.median=0.0910222   infra.cache.count=319
total.num.cachemiss=197                 total.requestlist.avg=3.20091           total.requestlist.current.all=0         total.tcpusage=0                        key.cache.count=101

Summary: Cache Hits success=59.00%

You can see the decrease of cache hits over time, while I was only browsing snbforums.com.
If feels like unbound "runs out of air" over time.

 

[Ubimo]

Here is another example

I restart unbound and show statistics. 0 queries
Then I start Firefox and open reddit.com. You can see 30 cache misses.
Then I clear browser cache, close Firefox, flush dns, restart unbound. Statistics show 0 queries again.
Then I start Firefox and open reddit.com. You can see 37 cache misses.
Why so many cache misses? Shouldn't unbound already have cached these?

unbound (pid 18535) is running... uptime: 0 Days, 00:00:20 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:51:41 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user3.asp)

e  = Exit Script [?]

A:Option ==> s

total.num.queries=0                     total.num.prefetch=0                    total.requestlist.max=0                 total.requestlist.current.user=0        msg.cache.count=1028
total.num.queries_ip_ratelimited=0      total.num.expired=0                     total.requestlist.overwritten=0         total.recursion.time.avg=0.000000       rrset.cache.count=5134
total.num.cachehits=0                   total.num.recursivereplies=0            total.requestlist.exceeded=0            total.recursion.time.median=0           infra.cache.count=0
total.num.cachemiss=0                   total.requestlist.avg=0                 total.requestlist.current.all=0         total.tcpusage=0                        key.cache.count=0

Summary: Cache Hits success=0.00%


unbound (pid 18535) is running... uptime: 0 Days, 00:00:24 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:51:41 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user3.asp)

e  = Exit Script [?]

A:Option ==> s

total.num.queries=117                   total.num.prefetch=0                    total.requestlist.max=4                 total.requestlist.current.user=0        msg.cache.count=1058
total.num.queries_ip_ratelimited=0      total.num.expired=0                     total.requestlist.overwritten=0         total.recursion.time.avg=0.185773       rrset.cache.count=5157
total.num.cachehits=87                  total.num.recursivereplies=30           total.requestlist.exceeded=0            total.recursion.time.median=0.0579742   infra.cache.count=32
total.num.cachemiss=30                  total.requestlist.avg=2.3               total.requestlist.current.all=0         total.tcpusage=0                        key.cache.count=23

Summary: Cache Hits success=74.00%


unbound (pid 18535) is running... uptime: 0 Days, 00:00:37 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:51:41 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user3.asp)

e  = Exit Script [?]

A:Option ==> rs

23:52:41 Checking 'unbound.conf' for valid Syntax.....
23:52:41 Saving unbound cache to '/opt/share/unbound/configs/cache.txt'
23:52:42 Requesting unbound (S61unbound) restart.....
 Shutting down unbound...              done.
 Starting unbound...              done.
23:52:45 Checking status, please wait.....
23:52:47 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2020-06-11 23:52:42)
23:52:49 unbound OK



unbound (pid 19936) is running... uptime: 0 Days, 00:00:07 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:52:45 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user3.asp)

e  = Exit Script [?]

A:Option ==> s

total.num.queries=0                     total.num.prefetch=0                    total.requestlist.max=0                 total.requestlist.current.user=0        msg.cache.count=1025
total.num.queries_ip_ratelimited=0      total.num.expired=0                     total.requestlist.overwritten=0         total.recursion.time.avg=0.000000       rrset.cache.count=5132
total.num.cachehits=0                   total.num.recursivereplies=0            total.requestlist.exceeded=0            total.recursion.time.median=0           infra.cache.count=0
total.num.cachemiss=0                   total.requestlist.avg=0                 total.requestlist.current.all=0         total.tcpusage=0                        key.cache.count=0

Summary: Cache Hits success=0.00%


unbound (pid 19936) is running... uptime: 0 Days, 00:00:18 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Thu Jun 11 23:52:45 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user3.asp)

e  = Exit Script [?]

A:Option ==> s

total.num.queries=117                   total.num.prefetch=0                    total.requestlist.max=6                 total.requestlist.current.user=0        msg.cache.count=1058
total.num.queries_ip_ratelimited=0      total.num.expired=0                     total.requestlist.overwritten=0         total.recursion.time.avg=0.270306       rrset.cache.count=5155
total.num.cachehits=80                  total.num.recursivereplies=37           total.requestlist.exceeded=0            total.recursion.time.median=0.098304    infra.cache.count=40
total.num.cachemiss=37                  total.requestlist.avg=2.2973            total.requestlist.current.all=0         total.tcpusage=0                        key.cache.count=23

Summary: Cache Hits success=68.00%

 

[Ubimo]

This is the log, when I open reddit.com
https://pastebin.com/0y7y2JAd

 

[Opasen]

Is there a way to hide my DNS Server IP?

No, but you are going through the VPN tunnel to make these queries.