What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Oh sorry @Adamm my router is so messed up I'm not playing with it until this unit is RMA'ed.
 
The only specific nameserver IP I've seen reported is 185.203.18.38, which is not a root server.
I have one here: 139.162.180.131 also not a root server.
 
If you post a snippet of those logs we can find out definitively what was being blocked.
The only one I was able to collect yesterday was copied here
 
Here are a few:
Code:
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=65460 PROTO=UDP SPT=56518 DPT=53 LEN=52
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11082 PROTO=UDP SPT=60292 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=65486 PROTO=UDP SPT=45308 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11088 PROTO=UDP SPT=50446 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11101 PROTO=UDP SPT=31174 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11114 PROTO=UDP SPT=44771 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11117 PROTO=UDP SPT=32584 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=33 PROTO=UDP SPT=52846 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=34 PROTO=UDP SPT=10599 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11123 PROTO=UDP SPT=5802 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=92 PROTO=UDP SPT=50114 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=104 PROTO=UDP SPT=18703 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11142 PROTO=UDP SPT=25871 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11155 PROTO=UDP SPT=40869 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=155 PROTO=UDP SPT=31113 DPT=53 LEN=56
EDIT: These results were from banning these countries bg cn ir kp nl ru ua, restarting unbound and then doing a dslreports test.
 
Last edited:
That one shows up as Germany -- do you block it?
Code:
[i] IP Location - Germany (Linode, LLC / AS63949)
No I don't it's not in the list of blocked countries.
 
Code:
188.166.56.96
Is a name server in the Netherlands, I block that country or I did anyway.
 
Like @Adamm says there are consequences to banning an entire country.
@RMerlin thinks country banning is a bad idea in most cases.
 
Here are a few:
Code:
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=65460 PROTO=UDP SPT=56518 DPT=53 LEN=52
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11082 PROTO=UDP SPT=60292 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=65486 PROTO=UDP SPT=45308 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11088 PROTO=UDP SPT=50446 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11101 PROTO=UDP SPT=31174 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11114 PROTO=UDP SPT=44771 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11117 PROTO=UDP SPT=32584 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=33 PROTO=UDP SPT=52846 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=34 PROTO=UDP SPT=10599 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11123 PROTO=UDP SPT=5802 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=92 PROTO=UDP SPT=50114 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=104 PROTO=UDP SPT=18703 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11142 PROTO=UDP SPT=25871 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11155 PROTO=UDP SPT=40869 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=155 PROTO=UDP SPT=31113 DPT=53 LEN=56
EDIT: These results were from banning these countries bg cn ir kp nl ru ua, restarting unbound and then doing a dslreports test.

Yeah not much I can do about those as there is no list of sorts I can import, thats just the downside of country blocking I guess.
 
For the script option
Code:
o4. Customise CPU/Memory usage (Advanced Users)
I need to ensure that any performance tweaks provided by the script remain conservative/safe for a fuss free install.
Personally, the cpu/memory tweak is better as an "opt in" option to give us time to know what it does and why we need it then decide. One size fits all is scary.:eek:

Also, I uninstalled unbound advanced then installed basic, unbound manager still shows remnants(customize cpu/memory usage) of the advanced installation. Looks like uninstall needs a little cleanup?
unbound manager.jpg
 
If you are referring to these performance tweaks post #50 then I recall that at least one user has posted that they were a little too unstable so were backed out.

I personally don't use the 'unbound_config' performance tweaks, but welcome any proven settings to be added as defaults for a first install..

For the script option
Code:
o4. Customise CPU/Memory usage (Advanced Users)
I need to ensure that any performance tweaks provided by the script remain conservative/safe for a fuss free install.

Consequently, as shown at the top of post #1 this is now implemented when using '2. Advanced Install' in 'Easy' mode', as I have deemed that it is a safe decision.

P.S. Not had any negative feedback, but could it be that everyone elects for an 'Advanced' install to explicitly ignore that option. ? o_O
I'm back to the default settings as I also noticed some instability when I was surfing web/gaming.

We all the other stuff I'm doing ...could have messed up my stream. Will try to the mods again.
 
Last edited:
@Martineau, to clarify what is happening 'behind the scenes' with version (min. and major) updates in unbound_manager;

When an update is installed using 'u', for example, from v2.07 to v2.08, do I need to run 'i' (advanced) again? Or will all the benefits of the v2.08 be applied automatically?

Right now, I am running 'i' (advanced) again, but maybe this is a needless step depending on how you're coding it?
 
@Martineau, to clarify what is happening 'behind the scenes' with version (min. and major) updates in unbound_manager;

When an update is installed using 'u', for example, from v2.07 to v2.08, do I need to run 'i' (advanced) again? Or will all the benefits of the v2.08 be applied automatically?

Right now, I am running 'i' (advanced) again, but maybe this is a needless step depending on how you're coding it?
I'm running your enhancements and have zero issues to report. Performance as far as I can feel is better this way than without the adjustments. I'm not certain how to actually document the difference here for everyone to enjoy, but I will say these settings are safe.
 
@Martineau, to clarify what is happening 'behind the scenes' with version (min. and major) updates in unbound_manager;

When an update is installed using 'u', for example, from v2.07 to v2.08, do I need to run 'i' (advanced) again? Or will all the benefits of the v2.08 be applied automatically?

Right now, I am running 'i' (advanced) again, but maybe this is a needless step depending on how you're coding it?
If I push an 'unbound.conf' then it will only be applied with the 'i' command, in much the same way as the recent crucial patch by @dave14305 to the S61unbound script.

I suspect no-one is willing to formally maintain the Ad Block script 'gen_adblock.sh' but it uses the 'StevenBlack Adlist' (so is probably adequate for most), yet unfortunately the script is hardcoded to explicitly still reference the now defunct SME GitHub for the hostlist. :rolleyes:

P.S. I'm not sure why fellow RT-AC86U owners appear to not take advantage of the 'more speed' tweaks that you appear to enjoy?:confused:

So the updates I release are ultimately more end-user GUI focused, so in general there is no need to update/reinstall unbound unless - as in the case of the impending v2.09 release - you require to use the new 'di[g]' menu option, which will need to potentially retrieve the missing Entware module if you haven't already manually installed it.

Hope this clarifies the release cycle?
 
Last edited:
@Martineau, thank you. For myself, I will continue to do 'i' after each update. I couldn't see a logical way for the changes to be incorporated otherwise! :)

I am also assuming that restoring the old unbound.conf file will negate all the new, too. :)
 
@Martineau, thank you. For myself, I will continue to do 'i' after each update. I couldn't see a logical way for the changes to be incorporated otherwise! :)

I am also assuming that restoring the old unbound.conf file will negate all the new, too. :)
Correct, (obviously I always use the 'i' command,.....I have to in order to verify that everything still works! )

Tip: If you want to keep your current custom 'unbound.conf'.....I suspect you always do, then you (or anyone else with a truly custom config such as @dave14305) can save time by using the extra directive
Code:
e  = Exit Script

A:Option ==> i keepconfig
and you won't be bothered by the post-update prompt
Code:
Do you want to restore the pre-update 'unbound.conf'? ('20200212-175837_unbound.conf')

    Reply 'y' to RESTORE or press [Enter] to CANCEL
 
Thank you for explaining the update procedures, I use the speed tweaks on my RT-AC86U and have experienced no problems that I’m aware of [emoji4]


Sent from my iPad using Tapatalk
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top