Martineau
Part of the Furniture
As per the v2.14 release notes, you need 'unbound.conf' v1.06Not for me. I get the following
"unbound NOT installed! or 'extended-stats:' template NOT defined in 'unbound.conf'?
As per the v2.14 release notes, you need 'unbound.conf' v1.06Not for me. I get the following
"unbound NOT installed! or 'extended-stats:' template NOT defined in 'unbound.conf'?
As per the v2.14 release notes, you need 'unbound.conf' v1.06
Yes.AKA, use the “i” command to update unbound.conf.
@Martineau, can you confirm if the stunning, adblock and stats scripts are updated via “i”?
Option Auto Reply 'y' Installing Ads and Tracker Blocking.....
adblock/gen_adblock.sh downloaded successfully
Custom '/opt/share/unbound/configs/sites' already exists - 'adblock/sites' download skipped
Custom '/opt/share/unbound/configs/blockhost' already exists - 'adblock/blockhost' download skipped
Custom '/opt/share/unbound/configs/permlist' already exists - 'adblock/permlist' download skipped
Executing '/opt/var/lib/unbound/adblock/gen_adblock.sh'.....
Removing possible temporary files..
Processsing hosts file @ https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
######################################################################## 100.0%
Combining User Custom block host...
Edit User Custon list of allowed domains...
Removing duplicate formatting from the domain list...
51369 domains compiled
Generating Unbound adlist.....
Removing temporary files...
Restarting Unbound DNS server...
/opt/share/unbound/configs/cache.tmp
error: SSL handshake failed
547599556624:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:
Shutting down unbound... done.
Starting unbound... done.
Adding Ad and Tracker 'include: /opt/var/lib/unbound/adblock/adservers'
Creating Daily cron job for Ad and Tracker update
Shutting down unbound... done.
Starting unbound... done.
Does the adblock feature of this script work separately/differently from diversion?
From the Q&A in Post 4, this may go some way towards answering your question:
“Q. Can I run unbound+dnsmasq+diversion together?
A. Yes. However, unbound+Ad Block+diversion is NOT recommended, simply because Ad Block and diversionessentially perform the same function so a duplication of effort is wasteful. Also, the domains must be stored in memory, so if you have both Ad Block and diversioninstalled (issue the 'ad'command to see how manyentries are in use) one set maysimply not be referenced butstill occupies memory.”
Yes.
Clearly v2.13/v2.14 demonstrates that it is possible to implement optional features without the need to retrieve ALL files, but currently it allows the script to pre-empt/recover from any potential corruption due to missing files/disk errors.
NOTE: Apparently unbound v1.10.x has been released, so when it is available on Entware it will be automatically installed. (Not sure if anyone has manually installed it?)
This may not be the best design, but the only exception will be in the next release (v2.15) where it would be inappropriate to retrieve ALL of your Ad Block files if they have been customised.
e.g.
The problem is, what needs to happen if you provide say a truly 'must-have' 'permlist' ?Code:Option Auto Reply 'y' Installing Ads and Tracker Blocking..... adblock/gen_adblock.sh downloaded successfully Custom '/opt/share/unbound/configs/sites' already exists - 'adblock/sites' download skipped Custom '/opt/share/unbound/configs/blockhost' already exists - 'adblock/blockhost' download skipped Custom '/opt/share/unbound/configs/permlist' already exists - 'adblock/permlist' download skipped Executing '/opt/var/lib/unbound/adblock/gen_adblock.sh'..... Removing possible temporary files.. Processsing hosts file @ https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts ######################################################################## 100.0% Combining User Custom block host... Edit User Custon list of allowed domains... Removing duplicate formatting from the domain list... 51369 domains compiled Generating Unbound adlist..... Removing temporary files... Restarting Unbound DNS server... /opt/share/unbound/configs/cache.tmp error: SSL handshake failed 547599556624:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915: Shutting down unbound... done. Starting unbound... done. Adding Ad and Tracker 'include: /opt/var/lib/unbound/adblock/adservers' Creating Daily cron job for Ad and Tracker update Shutting down unbound... done. Starting unbound... done.
Do you get better responsiveness if you set "control-use-cert: no" in unbound.conf under remote-control:? I get very fast response without using the certs, and there's not much point of securing unbound-control if the only allowed access is within the router itself.the 'pauses' between displaying the menu items are due to the random delays when using the unbound-control utility (between 0.75-2.00 secs per call), so simply checking if unbound is ACTIVE, and if FULL logging (query/reply ) is enabled can take 5 or 6 seconds
remote-control:
control-enable: yes
control-use-cert: no
control-interface: 127.0.0.1
Tangible improvement - so I have added 'fastmenu [disable]' command to unbound_manager (unreleased v2.15)Do you get better responsiveness if you set "control-use-cert: no" in unbound.conf under remote-control:? I get very fast response without using the certs, and there's not much point of securing unbound-control if the only allowed access is within the router itself.
Code:remote-control: control-enable: yes control-use-cert: no control-interface: 127.0.0.1
OK - Let me know when you are ready.I could make permlist the one we update with a fixed list of allowable sites and keep it in the /opt/var/lib/unbound/adblock folder. Then could add a new allowhost file (along with blockhost and sites files) which would live in /opt/share/unbound/configs which would only be download if missing.
If I prepare that before you switch to my GitHub for download it would be a single time people would have re-enter their settings.
24 man-hours later ....How hard is it to add in the file edit options for sites/allowhost/blockhost files from the menu?
e = Exit Script
A:Option ==> 3
unbound (pid 3080) is running... uptime: 0 Days, 00:22:44 version: 1.9.6 # rgnldo Github Version=v1.06 Martineau update (Date Loaded by unbound_manager Mon Mar 2 13:09:29 GMT 2020)
u = Push to Github PENDING for (Major) unbound_manager UPDATE v2.15 >>>> v2.14
i = Update unbound Installation ('/opt/var/lib/unbound/') l = Show unbound log entries (lo=Enable Logging)
z = Remove unbound/unbound_manager Installation v = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit)
x = Stop unbound vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
? = About Configuration oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size s = Show unbound Extended statistics (s=Summary Totals; sa=All; s-=Disable Extended Stats)
fastmenu = Disable SLOW unbound-control LAN SSL cert validation
scribe = Enable scribe (syslog-ng) unbound logging ad = Analyse Diversion White/Black lists ([ file_name [type=adblock] ])
ew = Edit Ad Block Whitelist (eb=Blacklist; ec=Config; el {Ad Block file})
dumpcache = Manually use restorecache after REBOOT ca = Cache Size Optimisation ([ 'reset' ])
dig = {domain} Show dig info e.g. dig qnamemintest.internet.nl lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu
dnsinfo = {dns} Show DNS Server e.g. dnsinfo dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links
e = Exit Script
[Enter] Leave Advanced Tools Menu
I had this problem with testing but issue went away when I split it and listed it as two separatist instead of one list,for any one who has to go this route.A possible warning. With a very large Adblock list the unbound solution may not work. If you get errors where unbound won’t load when trying a new domain or host list then revert and run the gen_adblock.sh again. I was testing with the osid dbl list and it generates a 52mb adserver file which cannot be loaded by unbound.conf.
OK - Let me know when you are ready.
24 man-hours later ....
Added the Ad Block file edit command (unreleased v2.15) with logical descriptive names (can be changed later if inappropriate)
e.g. 'ew = Edit Ad Block Whitelist (eb=Blacklist; ec=Config; el {Ad Block file})'
...under Advanced Tools
Code:e = Exit Script A:Option ==> 3 unbound (pid 3080) is running... uptime: 0 Days, 00:22:44 version: 1.9.6 # rgnldo Github Version=v1.06 Martineau update (Date Loaded by unbound_manager Mon Mar 2 13:09:29 GMT 2020) u = Push to Github PENDING for (Major) unbound_manager UPDATE v2.15 >>>> v2.14 i = Update unbound Installation ('/opt/var/lib/unbound/') l = Show unbound log entries (lo=Enable Logging) z = Remove unbound/unbound_manager Installation v = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit) x = Stop unbound vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user') ? = About Configuration oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes' sd = Show dnsmasq Statistics/Cache Size s = Show unbound Extended statistics (s=Summary Totals; sa=All; s-=Disable Extended Stats) fastmenu = Disable SLOW unbound-control LAN SSL cert validation scribe = Enable scribe (syslog-ng) unbound logging ad = Analyse Diversion White/Black lists ([ file_name [type=adblock] ]) ew = Edit Ad Block Whitelist (eb=Blacklist; ec=Config; el {Ad Block file}) dumpcache = Manually use restorecache after REBOOT ca = Cache Size Optimisation ([ 'reset' ]) dig = {domain} Show dig info e.g. dig qnamemintest.internet.nl lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu dnsinfo = {dns} Show DNS Server e.g. dnsinfo dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com links = Show list of external URL links e = Exit Script [Enter] Leave Advanced Tools Menu
A:Option ==> sgui <enter>
oooooo gimme gimme.The GUI tab has recived graphs!
3 new graph types. You should be able to type:
To update to the latest version (v1.1.0)Code:A:Option ==> sgui <enter>
Graphs include a running line graph of your cache hit percentage (aka, how well are you using your cache).
View attachment 21723
Second graph covers a histogram (extended stats needs to be enabled) for how quickly unbound is responding to requests:
View attachment 21725
Third graph shows what answer codes have been returned, good to see how many NOERROR and how many NXDOMAIN if you have adblock enabled:
View attachment 21726
Of course you still have the text stats:
View attachment 21727
I hope this works for people.
Cool!
Can you please elaborate the second graph? What is the x and y axis represent?
Since you're already practically re-using my code verbatim , I'm sure you can borrow the update_file, create_dirs and create_symlinks to maintain the shared-jy. Do note if you do want to use shared-jy it is imperative you add any additional files I may choose to add, otherwise your implementation could break any/all of my scripts.The GUI tab has received graphs!
3 new graph types. You should be able to type:
To update to the latest version (v1.1.0)Code:A:Option ==> sgui <enter>
Graphs include a running line graph of your cache hit percentage (aka, how well are you using your cache).
View attachment 21723
Second graph covers a histogram (extended stats needs to be enabled) for how quickly unbound is responding to requests:
View attachment 21725
Third graph shows what answer codes have been returned, good to see how many NOERROR and how many NXDOMAIN if you have adblock enabled:
View attachment 21726
Of course you still have the text stats:
View attachment 21727
I hope this works for people. It will require at least one other graph tab installed to get the shared-jy folder and files in place. @Jack Yaz any recommendations on how to best install those?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!