What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

"performance" means something different to everybody. to some it is the fastest speeds, to others the lowest packet loss, to others it's a balance of those and probably other factors thrown in to the equation.
here's another way of looking at it: when driving a car, do you want fuel economy, or do you want to win a race?

We've chatted before about this, and you've been tweaking your router for the best speed, lowest latency and low packet loss with your internet connection.
unbound helps speed up your DNS lookups on your network, and keeps the ones that aren't cached away from the prying eyes of the behemoth data miners like Google and CloudFlare - a privacy thing.
Diversion blocks advertising but in doing that, it incurs a processing delay because it needs time to filter the incoming datastream(s).
Same with Skynet.
QoS is to ensure fairness of access of everything on your network to the internet connection, in both directions, but again, it takes a brief amount of time to stream everything into the right channels/classifications.

some things to experiment with:
disable Diversion and enable unbound's adblocking - it may or may not make a positive difference to your network.
I don't believe your router can run Suricata, so changing from SkyNet isn't an option.
Same for QoS - your router can't run cake as I recall, so it's between Flex and stock Asus. Have you tried a step back to see if that gets you closer to what you're looking for?
 
I recently configured an OpenVPN client, when I try to tun 'vpn 1' in the unbound_manager, I get the following error message:
[1598428817] unbound-checkconf[17323:0] error: cannot parse ip address: 'xxx.xxx.xxx.xxx'
[1598428817] unbound-checkconf[17323:0] fatal error: cannot parse outgoing-interface specified as 'xxx.xxx.xxx.xxx'

I'm confused why it is not pulling the VPN IP and updating the conf file. I see some people had this issue a few months ago but I could not fix it following those troubleshooting steps. Any advice?
 
Additional question about the pre-reqs - how does Unbound handle DNS re-binding? For example, how do I ensure Plex resolution is OK, but block any other DNS rebind attempts?

EDIT: Answering my own question, the below in unbound.conf does rebind protection:
Code:
# RFC1918 private IP address - Protects against DNS Rebinding
private-address: 127.0.0.0/8
private-address: 169.254.0.0/16
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
To allow a rebind, I appear to need to use:
Code:
private-domain: plex.direct
Still new to unbound and trying to get it working with my local plex server. What commands need to get issued to make this work? Is this done via SSH or somewhere in the unbound menu?

Appreciate the help.
 
W
Still new to unbound and trying to get it working with my local plex server. What commands need to get issued to make this work? Is this done via SSH or somewhere in the unbound menu?

Appreciate the help.
What issues are you having with plex? I run unbound and also have plex.
 
W

What issues are you having with plex? I run unbound and also have plex.
I can't manage to cast it on my local network - receive 'Sorry something went wrong error' on Plex. If I disable unbound, it runs just fine. I saw some earlier posts related to Plex and thought that some configuration change was necessary to get it to function properly.
 
I can't manage to cast it on my local network - receive 'Sorry something went wrong error' on Plex. If I disable unbound, it runs just fine. I saw some earlier posts related to Plex and thought that some configuration change was necessary to get it to function properly.
See this post:
 
I use nano, but I think vim can also be used...they're both included on the router IIRC, so just ssh in, and sudo nano unbound.conf should do the trick
So I SSH'd in and used nano unbound.conf (neglected sudo since that command isn't found -sh: sudo: not found), but it looks like this is a newly-created file because there's no text in it. How do I access the unbound.conf file for editing?
 
So I SSH'd in and used nano unbound.conf (neglected sudo since that command isn't found -sh: sudo: not found), but it looks like this is a newly-created file because there's no text in it. How do I access the unbound.conf file for editing?

Forgive my brain fart. the real way to update the unbound config is through the script @Martineau wrote
ssh into the router and issue
unbound_manager advanced
that will get you where you're wanting to tweak
 
Forgive my brain fart. the real way to update the unbound config is through the script @Martineau wrote
ssh into the router and issue
unbound_manager advanced
that will get you where you're wanting to tweak
Worked like a charm - thanks!
 
Has anyone noticed a general slow down over time using unbound? Once unbound is stopped, DNS queries are significantly faster, but sometimes rebooting router (even if its been days of up time like this morning) seems to help temporarily.
 
Last edited:
Has anyone noticed a general slow down over time using unbound? Once unbound is stopped, DNS queries are significantly faster, but sometimes rebooting router (even if its been days of up time like this morning) seems to help temporarily.
quite the opposite, actually.
can you tell us more about your WAN setup, what your internet package is from your ISP? speeds, cable/dsl/fibre, IPv4/v6, gateway/modem, provider...I suspect we need to help you optimise this side of the equation. There's also the possibility that something in your scripts might not be quite right, but let's start with where and how you get bits and bytes in and out please.
 
ok thank you ;-)

My configs for lowest latency and lowest pin/paket loss are now:

Unbound Settingsv3.19:
1 = Update unbound files and configuration 5 = Uninstall Ad and Tracker blocker (Ad Block)
2 = Remove unbound/unbound_manager 6 = Uninstall Graphical Statistics GUI Add-on TAB
3 = Stop unbound 7 = Enable DNS Firewall
4 = Show unbound statistics 8 = Install YouTube Ad blocker


Diversion: is disabled full for testing if it performs better when i enable the ad and tracker in unbound

FlexQoS v1.0.0:

With this 90% Rule from Freshjr and it works great:


DownCeil="$(expr ${DownCeil} \* 90 / 100)"
UpCeil="$(expr ${UpCeil} \* 90 / 100)"

Entware packages

Swap file /mnt/SSD-Toshiba 2.0G

I have tested skynet and it feels like i have lower latency with skynet deinstalled

Any tips and tweaks that i could also test ?
 
quite the opposite, actually.
can you tell us more about your WAN setup, what your internet package is from your ISP? speeds, cable/dsl/fibre, IPv4/v6, gateway/modem, provider...I suspect we need to help you optimise this side of the equation. There's also the possibility that something in your scripts might not be quite right, but let's start with where and how you get bits and bytes in and out please.
You may be right, I normally take the defaults when installing unbound. I use cable with a 250/20 line purchased motorola modem.
 
when i restart my computer unbound always deinstalls the gui tap and i have to reistall it again
 
when i restart my computer unbound always deinstalls the gui tap and i have to reistall it again
unbound cannot/does not modify any router configuration.

unbound_manager.sh on the other hand does invoke @juched's script to modify '/tmp/menuTree.js' if you have explicitly requested the install/uninstall of the optional 'Graphical Statistics GUI Add-on TAB'

Check the router
Code:
grep -E "url:.*user[1-9]" /tmp/menuTree.js
to see if the expected addons tabs are defined in '/tmp/menuTree.js' - before and after the reboot.
 
You may be right, I normally take the defaults when installing unbound. I use cable with a 250/20 line purchased motorola modem.
I would begin by ensuring that your gateway/modem is provisioned correctly for the ISP.
are you bridging that gateway, or are you double NAT? that can have a big impact on "performance"
From there I would have a look at your QoS - as I discovered with Cake, whatever scheme you use depends heavily on the correct MTU your connection uses. Trying to put too much into each bucket travelling down the wire will make for a messy spillover (latency &/ packet loss) and everything slows down when something is trying to contain/work around a problem. I'm not saying that this is the case, but it bears examination. DNS traffic is still traffic on your network, and if that's having issues, your DNS won't be immune.
 
I would begin by ensuring that your gateway/modem is provisioned correctly for the ISP.
are you bridging that gateway, or are you double NAT? that can have a big impact on "performance"
From there I would have a look at your QoS - as I discovered with Cake, whatever scheme you use depends heavily on the correct MTU your connection uses. Trying to put too much into each bucket travelling down the wire will make for a messy spillover (latency &/ packet loss) and everything slows down when something is trying to contain/work around a problem. I'm not saying that this is the case, but it bears examination. DNS traffic is still traffic on your network, and if that's having issues, your DNS won't be immune.
Modem is fine...I get over 255/20+ constantly thanks to spdmerlin results running nightly. I use FreshQOS instead of CAKE. I chose to have a more finer detailed solution for QOS.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top