D
Deleted member 62525
Guest
I used amtm to install Unbound so I am assuming it’s unbound_manager doing it.
Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)
- Thread starter Martineau
- Start date
I used amtm to install Unbound so I am assuming it’s unbound_manager doing it.
D
Deleted member 62525
Guest
I checked the latest unboud_manager code on the Github since I am at work (lunch hours).
To confirm, the one line I have to create in dnsmasq.conf is
sh /jffs/addons/unbound/unbound.postconf
dave14305
Part of the Furniture
I'm surprised it didn't do it automatically. But the full line should be:
Code:
sh /jffs/addons/unbound/unbound.postconf "$1" # unbound_manager
D
Deleted member 62525
Guest
Yes, you are correct. My bad. When I get home I will try to run unbound_manager directly (not using amtm) and see if it will do that.
Thank you @dave14305
Treadler
Very Senior Member
Xentrk
Part of the Furniture
us-la.secureconnect.me is the domain name. Substituting the "la" for other locations such as "lv", "sa", "ny", "nj" and "ch" work fine.
If I remove unbound, the domain resolves okay.
rgnldo
Very Senior Member
Work fine here:
For this reason the importance of leaving the WAN without DNS cache. As far as I know, with VPN enabled, no local DNS makes sense.
Code:
% dig us-la.secureconnect.me
; <<>> DiG 9.10.6 <<>> us-la.secureconnect.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15267
;; flags: qr rd ra; QUERY: 1, ANSWER: 80, AUTHORITY: 4, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;us-la.secureconnect.me. IN A
;; ANSWER SECTION:
us-la.secureconnect.me. 56 IN A 96.44.132.210
us-la.secureconnect.me. 56 IN A 204.152.207.178
us-la.secureconnect.me. 56 IN A 67.215.228.50
us-la.secureconnect.me. 56 IN A 204.152.213.210
us-la.secureconnect.me. 56 IN A 96.44.139.130
us-la.secureconnect.me. 56 IN A 96.44.175.218
us-la.secureconnect.me. 56 IN A 204.152.207.202
us-la.secureconnect.me. 56 IN A 67.215.241.242
us-la.secureconnect.me. 56 IN A 96.44.157.98
us-la.secureconnect.me. 56 IN A 67.215.237.50
us-la.secureconnect.me. 56 IN A 96.44.140.26
us-la.secureconnect.me. 56 IN A 69.12.80.18
us-la.secureconnect.me. 56 IN A 173.254.208.58
us-la.secureconnect.me. 56 IN A 67.215.236.98
us-la.secureconnect.me. 56 IN A 96.44.141.146
us-la.secureconnect.me. 56 IN A 98.143.158.50
us-la.secureconnect.me. 56 IN A 204.152.214.74
us-la.secureconnect.me. 56 IN A 96.44.159.66
us-la.secureconnect.me. 56 IN A 66.212.31.130
us-la.secureconnect.me. 56 IN A 204.152.213.186
us-la.secureconnect.me. 56 IN A 67.215.236.26
us-la.secureconnect.me. 56 IN A 66.63.178.154
us-la.secureconnect.me. 56 IN A 173.254.208.50
us-la.secureconnect.me. 56 IN A 66.63.178.146
us-la.secureconnect.me. 56 IN A 204.152.213.194
us-la.secureconnect.me. 56 IN A 96.44.139.178
us-la.secureconnect.me. 56 IN A 96.44.175.194
us-la.secureconnect.me. 56 IN A 67.215.228.42
us-la.secureconnect.me. 56 IN A 96.44.140.250
us-la.secureconnect.me. 56 IN A 96.44.154.98
us-la.secureconnect.me. 56 IN A 66.63.178.194
us-la.secureconnect.me. 56 IN A 96.44.132.50
us-la.secureconnect.me. 56 IN A 198.96.91.58
us-la.secureconnect.me. 56 IN A 67.215.236.106
us-la.secureconnect.me. 56 IN A 204.152.207.194
us-la.secureconnect.me. 56 IN A 173.254.218.242
us-la.secureconnect.me. 56 IN A 96.44.163.114
us-la.secureconnect.me. 56 IN A 66.212.31.138
us-la.secureconnect.me. 56 IN A 66.212.31.250
us-la.secureconnect.me. 56 IN A 173.254.208.194
us-la.secureconnect.me. 56 IN A 216.144.236.50
us-la.secureconnect.me. 56 IN A 198.55.97.130
us-la.secureconnect.me. 56 IN A 96.44.140.50
us-la.secureconnect.me. 56 IN A 67.215.232.186
us-la.secureconnect.me. 56 IN A 67.215.231.18
us-la.secureconnect.me. 56 IN A 66.63.178.170
us-la.secureconnect.me. 56 IN A 204.152.214.106
us-la.secureconnect.me. 56 IN A 96.44.139.37
us-la.secureconnect.me. 56 IN A 192.161.52.194
us-la.secureconnect.me. 56 IN A 67.215.236.34
us-la.secureconnect.me. 56 IN A 173.254.210.74
us-la.secureconnect.me. 56 IN A 67.215.237.114
us-la.secureconnect.me. 56 IN A 173.254.222.162
us-la.secureconnect.me. 56 IN A 67.215.238.18
us-la.secureconnect.me. 56 IN A 69.12.80.66
us-la.secureconnect.me. 56 IN A 66.63.178.178
us-la.secureconnect.me. 56 IN A 67.215.228.66
us-la.secureconnect.me. 56 IN A 173.254.207.90
us-la.secureconnect.me. 56 IN A 66.212.31.42
us-la.secureconnect.me. 56 IN A 173.254.212.210
us-la.secureconnect.me. 56 IN A 69.12.80.162
us-la.secureconnect.me. 56 IN A 173.254.218.234
;; AUTHORITY SECTION:
secureconnect.me. 86400 IN NS dns2.p01.nsone.net.
secureconnect.me. 86400 IN NS dns3.p01.nsone.net.
secureconnect.me. 86400 IN NS dns1.p01.nsone.net.
secureconnect.me. 86400 IN NS dns4.p01.nsone.net.
;; ADDITIONAL SECTION:
dns1.p01.nsone.net. 67346 IN A 198.51.44.1
dns2.p01.nsone.net. 67346 IN A 198.51.45.1
dns3.p01.nsone.net. 67346 IN A 198.51.44.65
dns4.p01.nsone.net. 67346 IN A 198.51.45.65
;; Query time: 116 msec
;; SERVER: 10.6.9.1#53(10.6.9.1)
;; WHEN: Fri Feb 21 20:54:22 -03 2020
;; MSG SIZE rcvd: 1484
Code:
% dig us-la.secureconnect.me
; <<>> DiG 9.10.6 <<>> us-la.secureconnect.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30980
;; flags: qr rd ra; QUERY: 1, ANSWER: 80, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;us-la.secureconnect.me. IN A
;; ANSWER SECTION:
us-la.secureconnect.me. 44 IN A 96.44.139.38
us-la.secureconnect.me. 44 IN A 173.254.207.90
us-la.secureconnect.me. 44 IN A 173.254.210.242
us-la.secureconnect.me. 44 IN A 96.44.139.37
us-la.secureconnect.me. 44 IN A 98.143.158.138
us-la.secureconnect.me. 44 IN A 69.12.80.74
us-la.secureconnect.me. 44 IN A 67.215.236.58
us-la.secureconnect.me. 44 IN A 67.215.236.106
us-la.secureconnect.me. 44 IN A 66.63.172.18
us-la.secureconnect.me. 44 IN A 67.215.236.26
us-la.secureconnect.me. 44 IN A 67.215.237.42
us-la.secureconnect.me. 44 IN A 204.152.207.226
us-la.secureconnect.me. 44 IN A 67.215.236.18
us-la.secureconnect.me. 44 IN A 204.152.214.98
us-la.secureconnect.me. 44 IN A 173.254.222.170
us-la.secureconnect.me. 44 IN A 173.254.222.146
us-la.secureconnect.me. 44 IN A 173.254.222.162
us-la.secureconnect.me. 44 IN A 96.44.175.202
us-la.secureconnect.me. 44 IN A 69.12.90.138
us-la.secureconnect.me. 44 IN A 173.254.218.234
us-la.secureconnect.me. 44 IN A 204.152.207.218
us-la.secureconnect.me. 44 IN A 67.215.234.242
us-la.secureconnect.me. 44 IN A 67.215.231.234
us-la.secureconnect.me. 44 IN A 96.44.175.218
us-la.secureconnect.me. 44 IN A 96.44.155.82
us-la.secureconnect.me. 44 IN A 173.254.233.2
us-la.secureconnect.me. 44 IN A 66.212.31.130
us-la.secureconnect.me. 44 IN A 66.212.31.170
us-la.secureconnect.me. 44 IN A 96.44.140.50
us-la.secureconnect.me. 44 IN A 66.212.31.138
us-la.secureconnect.me. 44 IN A 66.212.31.42
us-la.secureconnect.me. 44 IN A 204.152.213.210
us-la.secureconnect.me. 44 IN A 66.63.178.154
us-la.secureconnect.me. 44 IN A 66.212.31.10
us-la.secureconnect.me. 44 IN A 96.44.140.194
us-la.secureconnect.me. 44 IN A 204.152.213.194
us-la.secureconnect.me. 44 IN A 66.63.178.194
us-la.secureconnect.me. 44 IN A 66.63.178.146
us-la.secureconnect.me. 44 IN A 96.44.140.250
us-la.secureconnect.me. 44 IN A 96.44.149.218
us-la.secureconnect.me. 44 IN A 173.254.241.130
us-la.secureconnect.me. 44 IN A 66.212.31.234
us-la.secureconnect.me. 44 IN A 66.63.178.170
us-la.secureconnect.me. 44 IN A 96.44.141.146
us-la.secureconnect.me. 44 IN A 96.44.140.26
us-la.secureconnect.me. 44 IN A 69.12.80.82
us-la.secureconnect.me. 44 IN A 204.152.207.250
us-la.secureconnect.me. 44 IN A 173.254.222.130
us-la.secureconnect.me. 44 IN A 173.254.218.242
us-la.secureconnect.me. 44 IN A 96.44.159.114
us-la.secureconnect.me. 44 IN A 67.215.236.98
us-la.secureconnect.me. 44 IN A 173.254.218.250
us-la.secureconnect.me. 44 IN A 67.215.240.114
us-la.secureconnect.me. 44 IN A 204.152.214.2
us-la.secureconnect.me. 44 IN A 67.215.236.82
us-la.secureconnect.me. 44 IN A 67.215.236.90
us-la.secureconnect.me. 44 IN A 67.215.235.154
us-la.secureconnect.me. 44 IN A 96.44.154.98
us-la.secureconnect.me. 44 IN A 96.44.175.250
us-la.secureconnect.me. 44 IN A 67.215.234.250
us-la.secureconnect.me. 44 IN A 66.154.116.194
us-la.secureconnect.me. 44 IN A 96.44.139.178
us-la.secureconnect.me. 44 IN A 204.152.207.202
us-la.secureconnect.me. 44 IN A 66.212.30.146
us-la.secureconnect.me. 44 IN A 96.44.175.234
us-la.secureconnect.me. 44 IN A 192.161.52.194
us-la.secureconnect.me. 44 IN A 173.254.210.74
us-la.secureconnect.me. 44 IN A 69.12.80.18
us-la.secureconnect.me. 44 IN A 69.12.80.90
us-la.secureconnect.me. 44 IN A 67.215.236.34
us-la.secureconnect.me. 44 IN A 204.152.214.26
us-la.secureconnect.me. 44 IN A 96.44.175.242
;; Query time: 5 msec
;; SERVER: 2804:4474:201:cb00::1#53(2804:4474:201:cb00::1)
;; WHEN: Fri Feb 21 20:41:16 -03 2020
;; MSG SIZE rcvd: 1331For this reason the importance of leaving the WAN without DNS cache. As far as I know, with VPN enabled, no local DNS makes sense.
Last edited:
dave14305
Part of the Furniture
I believe the size of the response (29 IPs) is at the root of the problem. nslookup on the router chokes on it with Cloudflare and Quad9. It resolves OK with Comcast DNS, oddly enough.
It does fail on AAAA queries, if that is what is happening on your end. Follow the Diversion log to see what happens. Then enable unbound logging.
Code:
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 query[A] us-la.secureconnect.me from 127.0.0.1
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 forwarded us-la.secureconnect.me to 127.0.0.1
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 forwarded us-la.secureconnect.me to 127.0.0.1
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 98.143.158.58
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.237.114
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.246.50
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.234.242
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.90.138
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.63.172.18
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 72.11.150.194
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.228.90
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.159.66
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.42
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.170
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.63.178.170
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.140.26
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.63.178.146
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.140.194
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.250
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.138
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.213.194
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.233.2
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.140.250
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.10
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.141.146
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.241.130
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.130
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.234
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.213.210
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.149.218
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.63.178.154
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.63.178.194
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.207.202
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.30.146
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.207.178
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.234.250
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.235.2
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.228.58
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.212.31.34
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.90.130
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.236.90
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.241.242
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.139.178
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.241.26
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.240.114
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.218.250
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.207.250
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.90.162
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 66.154.116.194
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.214.2
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.228.42
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.236.2
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 192.161.52.194
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.245.130
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 98.143.158.138
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.80.34
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.222.138
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.210.226
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.80.50
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.214.42
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.80.66
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.210.242
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.207.242
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.208.114
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.139.37
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.80.26
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 69.12.80.42
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.208.50
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.208.98
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 98.143.158.170
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.228.74
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.132.210
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.218.234
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.227.122
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.232.186
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.214.74
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.236.42
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 96.44.132.50
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.218.226
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.212.210
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 173.254.222.162
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 204.152.207.226
Feb 21 18:56:29 dnsmasq[10072]: 164 127.0.0.1/33264 reply us-la.secureconnect.me is 67.215.236.58
Feb 21 18:57:17 dnsmasq[10072]: 169 127.0.0.1/43983 query[AAAA] us-la.secureconnect.me from 127.0.0.1
Feb 21 18:57:17 dnsmasq[10072]: 169 127.0.0.1/43983 forwarded us-la.secureconnect.me to 127.0.0.1
Feb 21 18:57:17 dnsmasq[10072]: 169 127.0.0.1/43983 forwarded us-la.secureconnect.me to 127.0.0.1
Feb 21 18:57:17 dnsmasq[10072]: 169 127.0.0.1/43983 reply us-la.secureconnect.me is NODATA-IPv6Xentrk
Part of the Furniture
Here is the reply from dnsmasq and unbound logs when running the nslookup and drill commands, which don't return the IP address:
dnsmasq.log
drill us-la.secureconnect.me
Code:
07:21:26 dnsmasq[26917]: query[A] us-la.secureconnect.me from 127.0.0.1
07:21:26 dnsmasq[26917]: forwarded us-la.secureconnect.me to 127.0.0.1nslookup us-la.secureconnect.me
Code:
07:24:04 dnsmasq[26917]: query[AAAA] us-la.secureconnect.me from 127.0.0.1
07:24:04 dnsmasq[26917]: forwarded us-la.secureconnect.me to 127.0.0.1
07:24:04 dnsmasq[26917]: reply us-la.secureconnect.me is NODATA-IPv6unbound.log
drill us-la.secureconnect.me
Code:
Feb 22 07:21:26 unbound[4771:0] query: 127.0.0.1 us-la.secureconnect.me. A IN
Feb 22 07:21:26 unbound[4771:0] reply: 127.0.0.1 us-la.secureconnect.me. A IN NOERROR 0.000000 1 40nslookup us-la.secureconnect.me
Code:
Feb 22 07:24:04 unbound[4771:0] query: 127.0.0.1 us-la.secureconnect.me. AAAA IN
Feb 22 07:24:04 unbound[4771:0] reply: 127.0.0.1 us-la.secureconnect.me. AAAA IN NOERROR 0.000000 1 105
Feb 22 07:24:04 unbound[4771:0] query: 127.0.0.1 us-la.secureconnect.me. A IN
Feb 22 07:24:04 unbound[4771:0] reply: 127.0.0.1 us-la.secureconnect.me. A IN NOERROR 0.000000 1 40Using drill -T us-la.secureconnect.me
dnsmsasq.log
Code:
07:28:36 dnsmasq[26917]: query[AAAA] dns1.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns1.p01.nsone.net to 127.0.0.1
07:28:36 dnsmasq[26917]: reply dns1.p01.nsone.net is NODATA-IPv6
07:28:36 dnsmasq[26917]: query[A] dns1.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns1.p01.nsone.net to 127.0.0.1
07:28:36 dnsmasq[26917]: reply dns1.p01.nsone.net is 198.51.44.1
07:28:36 dnsmasq[26917]: query[AAAA] dns2.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns2.p01.nsone.net to 127.0.0.1
07:28:36 dnsmasq[26917]: reply dns2.p01.nsone.net is NODATA-IPv6
07:28:36 dnsmasq[26917]: query[A] dns2.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns2.p01.nsone.net to 127.0.0.1
07:28:36 dnsmasq[26917]: reply dns2.p01.nsone.net is 198.51.45.1
07:28:36 dnsmasq[26917]: query[AAAA] dns3.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns3.p01.nsone.net to 127.0.0.1
07:28:36 dnsmasq[26917]: reply dns3.p01.nsone.net is NODATA-IPv6
07:28:36 dnsmasq[26917]: query[A] dns3.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns3.p01.nsone.net to 127.0.0.1
07:28:36 dnsmasq[26917]: reply dns3.p01.nsone.net is 198.51.44.65
07:28:36 dnsmasq[26917]: query[AAAA] dns4.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns4.p01.nsone.net to 127.0.0.1
07:28:36 dnsmasq[26917]: reply dns4.p01.nsone.net is NODATA-IPv6
07:28:36 dnsmasq[26917]: query[A] dns4.p01.nsone.net from 127.0.0.1
07:28:36 dnsmasq[26917]: forwarded dns4.p01.nsone.net to 127.0.0.1unbound.log
Code:
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns1.p01.nsone.net. AAAA IN
Feb 22 07:28:36 unbound[4771:0] reply: 127.0.0.1 dns1.p01.nsone.net. AAAA IN NOERROR 0.000000 1 83
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns1.p01.nsone.net. A IN
Feb 22 07:28:36 unbound[4771:0] reply: 127.0.0.1 dns1.p01.nsone.net. A IN NOERROR 0.000000 0 52
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns2.p01.nsone.net. AAAA IN
Feb 22 07:28:36 unbound[4771:0] reply: 127.0.0.1 dns2.p01.nsone.net. AAAA IN NOERROR 0.000000 1 88
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns2.p01.nsone.net. A IN
Feb 22 07:28:36 unbound[4771:0] reply: 127.0.0.1 dns2.p01.nsone.net. A IN NOERROR 0.000000 0 52
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns3.p01.nsone.net. AAAA IN
Feb 22 07:28:36 unbound[4771:0] reply: 127.0.0.1 dns3.p01.nsone.net. AAAA IN NOERROR 0.000000 1 88
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns3.p01.nsone.net. A IN
Feb 22 07:28:36 unbound[4771:0] reply: 127.0.0.1 dns3.p01.nsone.net. A IN NOERROR 0.000000 0 52
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns4.p01.nsone.net. AAAA IN
Feb 22 07:28:36 unbound[4771:0] reply: 127.0.0.1 dns4.p01.nsone.net. AAAA IN NOERROR 0.000000 1 88
Feb 22 07:28:36 unbound[4771:0] query: 127.0.0.1 dns4.p01.nsone.net. A IN
skeal
Part of the Furniture
When I use drill on my router this command fails but using ubuntu behind my router I get positive results.
skeal
Part of the Furniture
The nslookup see's 1.1.1.1 as the resolver when it fails and 127.0.0.53#53 when it passes.
Mutzli
Very Senior Member
Just a quick note for those that go back to Stubby as a resolver:
For one of my routers I went back from Unbound to Stubby because I decided that encrypting my requests was more important than a fast resolver. After uninstalling Unbound I couldn't figure out why my TCP traffic showed requests being done on both ports 853 and 53:
08:52:17.484130 IP 1.1.1.1.853 > My.Ip.Address.45561: Flags [F.], seq 5815, ack 836, win 69, length 0
08:52:17.484177 IP My.Ip.Address.45561 > 1.1.1.1.853: Flags [.], ack 5816, win 343, length 0
08:52:25.006933 IP My.Ip.Address.59061 > 1.1.1.1.53: 11776+ A? dns.msftncsi.com. (34)
08:52:25.007165 IP My.Ip.Address.59061 > 1.1.1.1.53: 17152+ AAAA? dns.msftncsi.com. (34)
08:52:25.017784 IP 1.1.1.1.53 > My.Ip.Address.59061: 11776 1/0/0 A 131.107.255.255 (50)
08:52:25.022420 IP 1.1.1.1.53 > My.Ip.Address.59061: 17152 1/0/0 AAAA fd3e:4f5a:5b81::1 (62)
Then I remembered that Stubby requires a setting under Tools/Other Settings/WAN: Use local caching DNS server as system resolver (default: No) to be set back from No to YES. Now everything looks good again:
08:57:34.030609 IP My.Ip.Address.48638 > 1.0.0.1.853: Flags [P.], seq 507:531, ack 3276, win 297, length 24
08:57:34.030738 IP My.Ip.Address.48638 > 1.0.0.1.853: Flags [F.], seq 531, ack 3276, win 297, length 0
08:57:34.041096 IP 1.0.0.1.853 > My.Ip.Address.48638: Flags [.], ack 507, win 67, options [nop,nop,sack 1 {531:532}], 0
08:57:34.045629 IP 1.0.0.1.853 > My.Ip.Address.48638: Flags [.], ack 532, win 67, length 0
08:57:34.045661 IP 1.0.0.1.853 > My.Ip.Address.48638: Flags [F.], seq 3276, ack 532, win 67, length 0
08:57:34.045716 IP My.Ip.Address.48638 > 1.0.0.1.853: Flags [.], ack 3277, win 297, length 0
For one of my routers I went back from Unbound to Stubby because I decided that encrypting my requests was more important than a fast resolver. After uninstalling Unbound I couldn't figure out why my TCP traffic showed requests being done on both ports 853 and 53:
08:52:17.484130 IP 1.1.1.1.853 > My.Ip.Address.45561: Flags [F.], seq 5815, ack 836, win 69, length 0
08:52:17.484177 IP My.Ip.Address.45561 > 1.1.1.1.853: Flags [.], ack 5816, win 343, length 0
08:52:25.006933 IP My.Ip.Address.59061 > 1.1.1.1.53: 11776+ A? dns.msftncsi.com. (34)
08:52:25.007165 IP My.Ip.Address.59061 > 1.1.1.1.53: 17152+ AAAA? dns.msftncsi.com. (34)
08:52:25.017784 IP 1.1.1.1.53 > My.Ip.Address.59061: 11776 1/0/0 A 131.107.255.255 (50)
08:52:25.022420 IP 1.1.1.1.53 > My.Ip.Address.59061: 17152 1/0/0 AAAA fd3e:4f5a:5b81::1 (62)
Then I remembered that Stubby requires a setting under Tools/Other Settings/WAN: Use local caching DNS server as system resolver (default: No) to be set back from No to YES. Now everything looks good again:
08:57:34.030609 IP My.Ip.Address.48638 > 1.0.0.1.853: Flags [P.], seq 507:531, ack 3276, win 297, length 24
08:57:34.030738 IP My.Ip.Address.48638 > 1.0.0.1.853: Flags [F.], seq 531, ack 3276, win 297, length 0
08:57:34.041096 IP 1.0.0.1.853 > My.Ip.Address.48638: Flags [.], ack 507, win 67, options [nop,nop,sack 1 {531:532}], 0
08:57:34.045629 IP 1.0.0.1.853 > My.Ip.Address.48638: Flags [.], ack 532, win 67, length 0
08:57:34.045661 IP 1.0.0.1.853 > My.Ip.Address.48638: Flags [F.], seq 3276, ack 532, win 67, length 0
08:57:34.045716 IP My.Ip.Address.48638 > 1.0.0.1.853: Flags [.], ack 3277, win 297, length 0
This is not recommended, because it might cause issues at boot time, with the ntp, or with the WAN monitoring watchdog. It will also cause issues for users with the Beeline ISP.
Mutzli
Very Senior Member
Is there another setting that forces all requests on to port 853?
I'm really enjoying amtm and the ease it allows to install other scripts. I'm running 384.15 on an RT-AC86U and I've found that the best combination for me is Skynet, and Unbound with adblock. Diversion seemed to block too much for me, even with the small list.
Is pixelserv-tls compatible with the adblock on unbound? If so, could someone point me to an install routine? I've looked everywhere I can think of. I'm mainly interested in cleaning up web pages, less so in the statistics.
Sent from my SM-T597W using Tapatalk
Is pixelserv-tls compatible with the adblock on unbound? If so, could someone point me to an install routine? I've looked everywhere I can think of. I'm mainly interested in cleaning up web pages, less so in the statistics.
Sent from my SM-T597W using Tapatalk
dave14305
Part of the Furniture
That’s unusual since the Unbound Adblock is based on the same list as the Diversion “Standard” list. So the small list should be less restrictive in Diversion. Perhaps it is the Skynet plus hosts if those are activated in Diversion, but seems unlikely.
The current Adblock script is written to return NXDOMAIN for blocked domains, where Diversion will return a null IP or the Pixelserv IP, so different behaviors could be expected when comparing them.
The Adblock script could be adapted to allow either method, but I don’t think anyone is willing to invest energy in the script when Diversion is already so mature.
Martineau
Part of the Furniture
I've uploaded v2.12 (and unbound.conf v1.05. Removed duplicates - Thanks @Safemode)
Use of the 'i = Update unbound Installation' Optional, as the existing duplicates do not cause any issue.
FIX: 'sd' command alias for 'dnsmasqstats' now reinstated
FIX: 'i' command on INITIAL install would spuriously issue "***ERROR unbound NOT running! - option unavailable" as it tries to save the non-existent cache.
CHANGE: 'rl' command will now also preserve cache (similar to 'rs' command)
NEW: 'dumpcache'/'restorecache' added so unbound cache can be manually preserved over say a manual REBOOT.
NEW: For those who need the choice, allow native unbound DoT to be configured (Requires 'unbound.conf' v1.05)
Also minor code changes to try and improve the script efficiency , but basically still at the mercy of the vendor
e.g. the 'pauses' between displaying the menu items are due to the random delays when using the unbound-control utility (between 0.75-2.00 secs per call), so simply checking if unbound is ACTIVE, and if FULL logging (query/reply ) is enabled can take 5 or 6 seconds
Use of the 'i = Update unbound Installation' Optional, as the existing duplicates do not cause any issue.
FIX: 'sd' command alias for 'dnsmasqstats' now reinstated
FIX: 'i' command on INITIAL install would spuriously issue "***ERROR unbound NOT running! - option unavailable" as it tries to save the non-existent cache.
CHANGE: 'rl' command will now also preserve cache (similar to 'rs' command)
NEW: 'dumpcache'/'restorecache' added so unbound cache can be manually preserved over say a manual REBOOT.
NOTE: Will need to manually use 'restorecache' after the REBOOT
Also minor code changes to try and improve the script efficiency , but basically still at the mercy of the vendor
e.g. the 'pauses' between displaying the menu items are due to the random delays when using the unbound-control utility (between 0.75-2.00 secs per call), so simply checking if unbound is ACTIVE, and if FULL logging (query/reply ) is enabled can take 5 or 6 seconds
Code:
time /opt/sbin/unbound-control status
version: 1.9.6
verbosity: 1
threads: 1
modules: 2 [ validator iterator ]
uptime: 47478 seconds
options: control(ssl)
unbound (pid 6838) is running...
real 0m 1.81s
user 0m 0.71s
sys 0m 0.09s
Last edited:
skeal
Part of the Furniture
Sorry Brother but it's not fixed for the AX88U, I just reinstalled and everything was fine, I edited the conf with the vx command and then saved, after saving I used rs to restart, the error was produced. I chose rs again and it passed.
kernol
Very Senior Member
V2.12 didn't work for me in three respects -
- use of the ï"option failed to save my cache; and
- failed to give me an option to retain my .conf file - so I lost my tweaks;
- "rs" is not saving my cache - goes back to "0" and starts again.
Martineau
Part of the Furniture
I'll take a look at your first issue tomorrow.
If either of the two files 'unbound.conf.add' or 'unbound.postconf' exist then there is no prompt to retain your current .conf, as it is assumed you are using the files to automatically (re)apply your custom tweaks.
The 'rs' command should save the cache?
If you ensure that 's+ Extended Stats' is enabled, you should see the *.cache.count values.
e.g. rrset.cache.count=nnnnn etc.
After the 'rs' command, the *.cache.count values should be very close to the pre 'rs' values rather than close to 0?
Last edited:
Similar threads
Similar threads
Similar threads
-
Unbound Force all DNS requests through Unbound using iptables?- Started by muffintastic
- Replies: 14
-
-
-
-
-
-
Is it possible to use nord dns with unbound or any way to add it?- Started by Jack-Sparr0w
- Replies: 9
-
-
Unbound Use unbound/router as default DNS server
- Started by BeachGuy
- Replies: 2
-
Latest threads
-
Axe 16000 dropping connection from games
- Started by Dyvurcz
- Replies: 0
-
-
-
-
ASUS RT-AC86U Firmware version 3.0.0.4.386_51955 (2024/11/08)
- Started by lepicane
- Replies: 0
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
RMerlinAsuswrt-Merlin dev