Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Deleted member 62525]

Worth putting a menu item for sgui or would that be for “advanced”?

My $0.02.

If this removes the "advance menu" there should be some type of option that provides a dialogue to what options are no longer available so users can still know what to modify that is no longer available via the menu as some users have already invested much into using the advance menu and to simply go backwards creates an issue as well. The other issue is that with this argument for simplification, we could just repost @rgnldo install instructions and abandon the manager all together because that is what this seems to be about.

Unbound binaries and utilities has been already build and tested and it has already advanced commands you can read about in Unbound manual here. If you are basic user, install it and don't tinker until you read and learn about Unbound in more details. Playing and changing unbound.conf without reading the manual is asking for trouble. Editing unbound.conf can be performed with nano or vi and does not need to be included in the menu. There is an unbound command that already performs checking the file for errors after it has been edited. Again, advanced users would know how to do it but it does require reading the short manual, no a big issue. If you want to backup your unbound.conf just copy it and restore it later if you like, then restart Unbound.

This is not going backwards at all. Simply providing main cases for all user to use that is easy. The more options included in the main code the more testing that needs to happen. Every time you add new things and/or correct issues regression testing needs to be performed. It all takes time.

As for AdBlock, that also can be easily done outside of the Menu. Edit the file you need and execute gen-adblock. Done.
How often do you actually perform adding or editing adblock files that this functionality "must" be included in the code.
Idea is to make is simple, intuitive for basic use. Advanced users and cases still can be performed when needed. This allows for a cleaner code, easy maintenance and less errors in the future.

 

[Centrifuge]

NOTE: All text in italics are @Markster's

Suggested solution for basic Menu setup.

Unbound Menu

1. Status - Started (Stop)
2. Show Stats
3. AdBlock Enabled (Disable)
4. Update Unbound
5. Install Unbound
6. Uninstall

"Note that selection 1 and 3 are toggles.

One standard set by the Diversion menu style, would be to have an o option which might include things like logging level, stats level like the s+, sgui command, maybe even blockinglist options, performance tweak toggle, diable DOH toggle, idk, just my 2 cents.

Awesome community effort to bring unbound to asusmerlin! Thanks.

 

[SomeWhereOverTheRainBow]

Unbound binaries and utilities has been already build and tested and it has already advanced commands you can read about in Unbound manual here. If you are basic user, install it and don't tinker until you read and learn about Unbound in more details. Playing and changing unbound.conf without reading the manual is asking for trouble. Editing unbound.conf can be performed with nano or vi and does not need to be included in the menu. There is an unbound command that already performs checking the file for errors after it has been edited. Again, advanced users would know how to do it but it does require reading the short manual, no a big issue. If you want to backup your unbound.conf just copy it and restore it later if you like, then restart Unbound.

This is not going backwards at all. Simply providing main cases for all user to use that is easy. The more options included in the main code the more testing that needs to happen. Every time you add new things and/or correct issues regression testing needs to be performed. It all takes time.

As for AdBlock, that also can be easily done outside of the Menu. Edit the file you need and execute gen-adblock. Done.
How often do you actually perform adding or editing adblock files that this functionality "must" be included in the code.
Idea is to make is simple, intuitive for basic use. Advanced users and cases still can be performed when needed. This allows for a cleaner code, easy maintenance and less errors in the future.

Yes going by your argument there is no.need for a manager as it can all be done by ssh and simple knowledge

 

[dave14305]

I've been working on my UI since I was tagged earlier today and I've been paring so much back because Unbound should be relatively simple and trouble-free. I'm finding most things don't really need to be tweaked once set. So I'm really not sure there's an audience for a webUI. It's not interesting once it's working.

I've decided to read DNSSEC and Rebind options from the WAN page and only list them here as a read-only reference. I've eliminated IPv4/IPv6 options and only add outgoing IPv6 if you have IPv6 enabled on the router. Completely eliminated unbound-control certs. It's still overly busy looking, and I'm really trying to imagine what RMerlin or john9527 would include if they were baking this into the firmware. So I continue to slash and burn options that most people wouldn't need to tweak.

At the moment it's completely incompatible with unbound_manager and Unbound Stats. It would clobber all existing config files. As promised before, its available at https://github.com/dave14305/Unbound-Merlin-UI if anyone wants to take it over or test it on a fresh installation (the installer script should theoretically install unbound if not present).

 

[SomeWhereOverTheRainBow]

I've been working on my UI since I was tagged earlier today and I've been paring so much back because Unbound should be relatively simple and trouble-free. I'm finding most things don't really need to be tweaked once set. So I'm really not sure there's an audience for a webUI. It's not interesting once it's working.

I've decided to read DNSSEC and Rebind options from the WAN page and only list them here as a read-only reference. I've eliminated IPv4/IPv6 options and only add outgoing IPv6 if you have IPv6 enabled on the router. Completely eliminated unbound-control certs. It's still overly busy looking, and I'm really trying to imagine what RMerlin or john9527 would include if they were baking this into the firmware. So I continue to slash and burn options that most people wouldn't need to tweak.

At the moment it's completely incompatible with unbound_manager and Unbound Stats. It would clobber all existing config files. As promised before, its available at https://github.com/dave14305/Unbound-Merlin-UI if anyone wants to take it over or test it on a fresh installation (the installer script should theoretically install unbound if not present).

View attachment 21991

You should make it accessible on wan web page if possible, otherwise this is really cool.

 

[SomeWhereOverTheRainBow]

@Martineau
Just to let you know the unbound stat lines get left inside services-start and service-event upon unbound being uninstalled.

 

[Martineau]

@Martineau
Just to let you know the unbound stat lines get left inside services-start and service-event upon unbound being uninstalled.

Well I didn't put them there! ...have I been hacked? @juched

Many thanks for the heads-up, I pushed Hotfix commit

Version=2.18
Github md5=67a7bfd3f0426c50b3ad17764d8d8491​

 

[Deleted member 62525]

One standard set by the Diversion menu style, would be to have an o option which might include things like logging level, stats level like the s+, sgui command, maybe even blockinglist options, performance tweak toggle, diable DOH toggle, idk, just my 2 cents.

Awesome community effort to bring unbound to asusmerlin! Thanks.

Very good idea.

 

[juched]

Well I didn't put them there! ...have I been hacked? @juched

Many thanks for the heads-up, I pushed Hotfix commit

Version=2.18
Github md5=67a7bfd3f0426c50b3ad17764d8d8491​

I didn't change anything for weeks. The Uninstall command should remove that no? Is it not working now?

--- edit ---
ok, checked, it has been 8 days Feels like weeks right now.

 

[juched]

Funny to see with everyone at home these days, you can see when the family wakes up:

 

[Martineau]

With only my development laptop attached to this router, not sure what this activity profile implies...

 

[Martineau]

I didn't change anything for weeks. The Uninstall command should remove that no? Is it not working now?

It is working, I simply omitted to explicitly call your uninstall routine.

 

[juched]

It is working, I simply omitted to explicitly call your uninstall routine.

Ok, let me know if you need something fixed. I see you added a comment about needing to use sed to remove 3rd party tabs (like mine), but if uninstall is called I should clean up after myself.


--- edit ---

I also see a new "track" option during install of adblock

 

[Chewie420]

Sorry for such a basic question but is there an advantage to use unbound over the DoH settings in Merlin? I installed unbound but after starting the install I decided I would just leave the DNS settings using Merlin. Is there a way to uninstall it I can't seem to figure it out as I still haven't gone through the install process but it shows as a listed script in my amtm menu.

 

[heysoundude]

Q&A

Q. Does unbound support DoT
A. @dave14305 replied: "unbound does not use any encrypted traffic as a 'recursive resolver'. It can’t make 'recursive queries' using encryption. You can reconfigure unbound to become a forwarder (like dnsmasq and Stubby) and use DoT, but what’s the value of unbound then as just another forwarder? when dnsmasq+Stubby already do that well enough."

NOTE: For completeness/freedom of choice, v2.12 now does allow unbound DoT to be configured using both Cloudflare & Quad9 IPv4/IPv6 servers.​

@Martineau - what about Hurricane Electric?
https://www.snbforums.com/threads/u...-caching-dns-server.58967/page-66#post-561425

 

[Deleted member 62525]

Interesting development Unbound and REDIR. https://kazoo.ga/redir-unbound-dns-adblock/

 

[Martineau]

@Martineau - what about Hurricane Electric?
https://www.snbforums.com/threads/u...-caching-dns-server.58967/page-66#post-561425

Are you formally requesting that the HE servers be included along with the existing Cloudflare and Quad9 DoT clause that currently exists in 'unbound.conf' v1.07

unbound.conf v1.07

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
#forward-zone:                                                        # DNS-Over-TLS support
#name: "."
#forward-tls-upstream: yes
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

to be ENABLED if unbound DoT is requested to be used?

 

[Ubimo]

@Markster
This news is from march 02, 2019.

 

[Martineau]

Interesting development Unbound and REDIR. https://kazoo.ga/redir-unbound-dns-adblock/

Isn't the unbound 'redirect' directive the method to have unbound use pixelserv-tls direct? or is this something else?

i.e. if Diversion is installed, 'ad' command

e  = Exit Script

A:Option ==> ad type=pixelserv

Analysed Diversion file: 'blockinglist'  Type=pixelserv, (Adblock Domains=53074) would add 483 entries
Analysed Diversion file: 'blacklist'  Type=pixelserv, (Adblock Domains=53074) would add 2 entries
Analysed Diversion file: 'whitelist'  Type=URL, (Adblock URLs=19) would add 70 entries

should create a sample unbound 'include' file for the new additions (targeting the pixel-serv IP address)

/tmp/unbound-blacklist.add
e.g.

local-zone: "manifest.googlevideo.com" redirect
local-data: "manifest.googlevideo.com" A 10.88.8.2
<snip>

 

[Deleted member 62525]

@Markster
This news is from march 02, 2019.

ouch! Did not see the date.