Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)
- Thread starter Martineau
- Start date
Another option is the more extensive Root Zone List, which includes the authoritative name servers from the root hints files and the zone delegates off that; however, the one reported nameserver at issue so far, is not included in that list either.
skeal
Part of the Furniture
I have one here: 139.162.180.131 also not a root server.
That one shows up as Germany -- do you block it?
Code:
[i] IP Location - Germany (Linode, LLC / AS63949)
skeal
Part of the Furniture
Here are a few:
EDIT: These results were from banning these countries bg cn ir kp nl ru ua, restarting unbound and then doing a dslreports test.
Code:
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=65460 PROTO=UDP SPT=56518 DPT=53 LEN=52
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11082 PROTO=UDP SPT=60292 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=65486 PROTO=UDP SPT=45308 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11088 PROTO=UDP SPT=50446 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11101 PROTO=UDP SPT=31174 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11114 PROTO=UDP SPT=44771 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11117 PROTO=UDP SPT=32584 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=33 PROTO=UDP SPT=52846 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=34 PROTO=UDP SPT=10599 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11123 PROTO=UDP SPT=5802 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=92 PROTO=UDP SPT=50114 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=104 PROTO=UDP SPT=18703 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11142 PROTO=UDP SPT=25871 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=188.166.56.96 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=11155 PROTO=UDP SPT=40869 DPT=53 LEN=56
Feb 12 09:49:05 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC= DST=178.128.191.122 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=155 PROTO=UDP SPT=31113 DPT=53 LEN=56
Last edited:
skeal
Part of the Furniture
No I don't it's not in the list of blocked countries.
What does the stats command report for why it's blocked?
Code:
firewall stats search ip 139.162.180.131
Adamm
Part of the Furniture
Yeah not much I can do about those as there is no list of sorts I can import, thats just the downside of country blocking I guess.
bluepoint
Very Senior Member
Personally, the cpu/memory tweak is better as an "opt in" option to give us time to know what it does and why we need it then decide. One size fits all is scary.
Also, I uninstalled unbound advanced then installed basic, unbound manager still shows remnants(customize cpu/memory usage) of the advanced installation. Looks like uninstall needs a little cleanup?
I'm back to the default settings as I also noticed some instability when I was surfing web/gaming.If you are referring to these performance tweaks post #50 then I recall that at least one user has posted that they were a little too unstable so were backed out.
I personally don't use the 'unbound_config' performance tweaks, but welcome any proven settings to be added as defaults for a first install..
For the script option
I need to ensure that any performance tweaks provided by the script remain conservative/safe for a fuss free install.Code:o4. Customise CPU/Memory usage (Advanced Users)
Consequently, as shown at the top of post #1 this is now implemented when using '2. Advanced Install' in 'Easy' mode', as I have deemed that it is a safe decision.
P.S. Not had any negative feedback, but could it be that everyone elects for an 'Advanced' install to explicitly ignore that option. ?
We all the other stuff I'm doing ...could have messed up my stream. Will try to the mods again.
Last edited:
L&LD
Part of the Furniture
@Martineau, to clarify what is happening 'behind the scenes' with version (min. and major) updates in unbound_manager;
When an update is installed using 'u', for example, from v2.07 to v2.08, do I need to run 'i' (advanced) again? Or will all the benefits of the v2.08 be applied automatically?
Right now, I am running 'i' (advanced) again, but maybe this is a needless step depending on how you're coding it?
When an update is installed using 'u', for example, from v2.07 to v2.08, do I need to run 'i' (advanced) again? Or will all the benefits of the v2.08 be applied automatically?
Right now, I am running 'i' (advanced) again, but maybe this is a needless step depending on how you're coding it?
skeal
Part of the Furniture
I'm running your enhancements and have zero issues to report. Performance as far as I can feel is better this way than without the adjustments. I'm not certain how to actually document the difference here for everyone to enjoy, but I will say these settings are safe.
Martineau
Part of the Furniture
If I push an 'unbound.conf' then it will only be applied with the 'i' command, in much the same way as the recent crucial patch by @dave14305 to the S61unbound script.
I suspect no-one is willing to formally maintain the Ad Block script 'gen_adblock.sh' but it uses the 'StevenBlack Adlist' (so is probably adequate for most), yet unfortunately the script is hardcoded to explicitly still reference the now defunct SME GitHub for the hostlist.
P.S. I'm not sure why fellow RT-AC86U owners appear to not take advantage of the 'more speed' tweaks that you appear to enjoy?
So the updates I release are ultimately more end-user GUI focused, so in general there is no need to update/reinstall unbound unless - as in the case of the impending v2.09 release - you require to use the new 'di[g]' menu option, which will need to potentially retrieve the missing Entware module if you haven't already manually installed it.
Hope this clarifies the release cycle?
Last edited:
L&LD
Part of the Furniture
@Martineau, thank you. For myself, I will continue to do 'i' after each update. I couldn't see a logical way for the changes to be incorporated otherwise!
I am also assuming that restoring the old unbound.conf file will negate all the new, too.
I am also assuming that restoring the old unbound.conf file will negate all the new, too.
Quite offtopic, but why do you block the Netherlands?
Martineau
Part of the Furniture
Correct, (obviously I always use the 'i' command,.....I have to in order to verify that everything still works! )@Martineau, thank you. For myself, I will continue to do 'i' after each update. I couldn't see a logical way for the changes to be incorporated otherwise!
I am also assuming that restoring the old unbound.conf file will negate all the new, too.
Tip: If you want to keep your current custom 'unbound.conf'.....I suspect you always do, then you (or anyone else with a truly custom config such as @dave14305) can save time by using the extra directive
Code:
e = Exit Script
A:Option ==> i keepconfig
Code:
Do you want to restore the pre-update 'unbound.conf'? ('20200212-175837_unbound.conf')
Reply 'y' to RESTORE or press [Enter] to CANCEL
Similar threads
Similar threads
Similar threads
-
Unbound Force all DNS requests through Unbound using iptables?- Started by muffintastic
- Replies: 14
-
-
-
-
-
-
Is it possible to use nord dns with unbound or any way to add it?- Started by Jack-Sparr0w
- Replies: 9
-
-
Unbound Use unbound/router as default DNS server
- Started by BeachGuy
- Replies: 2
-