Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[juched]

I have a new release of Unbound_Stats ready (v1.2.1), but I have kept it in a dev branch. Looking for feedback if it should be considered for main stream, or if no one would care or use it.

New Features include...

Top 10 blocked domains (over last 7 days):

Top 10 DNS replies with return code (over last 7 days):

Today's DNS replies - limited to 250:

Note: for these to work there will be the need to turn on log-local-actions and/or local-replies in unbound_manager. With syslog-ng, it seems to not impact the speed too much, but would allow some reports on what is happening in more detail in your system.

Data is updated hourly and stored in an SQLite DB.

Open to feedback. I feel this gives some of the data of uiDivStats, but not at the level of per client detail.

@Martineau, this would need some coordinate if decided, since a new file unbound_log.sh needs to be downloaded too.

 

[Deleted member 62525]

Quick question for the group. When I backup jffs partition using GUI will it also backup Unbound ?

 

[dave14305]

Quick question for the group. When I backup jffs partition using GUI will it also backup Unbound ?

No, most of the guts of Unbound are on your USB stick.

 

[SomeWhereOverTheRainBow]

Quick question for the group. When I backup jffs partition using GUI will it also backup Unbound ?

the only thing it will backup is any commands/scripts related to running unbound-manager associated with unbound inside /jffs/

 

[SomeWhereOverTheRainBow]

I have a new release of Unbound_Stats ready (v1.2.1), but I have kept it in a dev branch. Looking for feedback if it should be considered for main stream, or if no one would care or use it.

New Features include...

Top 10 blocked domains (over last 7 days):
View attachment 22207

Top 10 DNS replies with return code (over last 7 days):
View attachment 22210

Today's DNS replies - limited to 250:
View attachment 22206


Note: for these to work there will be the need to turn on log-local-actions and/or local-replies in unbound_manager. With syslog-ng, it seems to not impact the speed too much, but would allow some reports on what is happening in more detail in your system.

Data is updated hourly and stored in an SQLite DB.

Open to feedback. I feel this gives some of the data of uiDivStats, but not at the level of per client detail.

@Martineau, this would need some coordinate if decided, since a new file unbound_log.sh needs to be downloaded too.

I think this is a good idea, maybe make it un-viewable for those running diversion instead of unbound adblocking tho (this may require two separate configurations based on whether user uses diverson or not tho), since your extended statistics also supports those who run diversion as well, maybe make it to where they only see the cache/recursion information, if possible.

 

[SomeWhereOverTheRainBow]

@dave14305 how is your unbound gui coming along?

 

[dave14305]

@dave14305 how is your unbound gui coming along?

It works for me. It’s just dull once you configure Unbound. And regrettably, it doesn’t play nice with existing Unbound installations. I want to integrate the installation routine into the main script still, and add another modification to S61unbound to respect the gui’s enable/disable option. I also colored outside the lines and picked port 5653 as my default port. Then I need to figure out an uninstaller routine so people can uninstall it safely.

 

[juched]

I think this is a good idea, maybe make it un-viewable for those running diversion instead of unbound adblocking tho (this may require two separate configurations based on whether user uses diverson or not tho), since your extended statistics also supports those who run diversion as well, maybe make it to where they only see the cache/recursion information, if possible.

Only the one graph is related to Adblock. The top relies and daily replies are DNS only. If you do not enable logs then those areas just show no data available. So not conflict.

 

[ika]

@ika I have pushed a v2.18 Hotfix - think I found the two bugs.

Finally, back, sorry for the late reply, Covid19 completely turned my life upside down (as for many of us I presume). I'm really sorry if I caused any trouble or extra problems for you, I indeed had no diversion installed nor did I had anything in dnsmasq.conf related (as I checked earlier, even before you asked).

I think you misunderstood me, I was and I am completely fine using unbound-control to do everything, I only wanted to help with your awesome script by reporting bugs and issues. I will try to read what happened since and update fw and all the scripts (including yours) and will report back, and perhaps look into things more deeply as I have this Sunday as a free time.

Thank you very much again.

EDIT: updated everything to the latest and all is fine now, thanks again The ssl error message is still there (since I reported @872) but that is not really a bug, so I will just ignore it from now on.

 

[peepsnet]

If this was already covered then I apologize but I wasn't able to stomach almost 60 pages of posts to find the answer.
If it was answered then I just need a push to know what to look for.


I wanted to try unbound but I wanted to know if I was able to set it up a certain way.

As I understand it having a Recursive DNS Server means if the DNS server doesn't have the IP already cached it will go out and get it from another DNS Server

I want to use unbound for my network's day-to-day DNS resolution. This way it is "faster". Next I want to control the DNS Servers Unbound uses to lookup IPs for domains that are not cached. I want to only use DNS-over-TLS with servers I allow.

PC-1 --> Router/DNS Server --(if not cached)-- > Cloudflare/Quad9/Google DNS-over-tls Servers

And I also want to force certain clients to bypass the router/dns server and use custom DNS servers like OpenDNS Home

PC-2(kids pc) --> OpenDNS Home(Kid safe DNS servers)

Does this make sense? Is this Possible??

thanks,
Don

 

[dave14305]

As I understand it having a Recursive DNS Server means if the DNS server doesn't have the IP already cached it will go out and get it from another DNS Server

I want to use unbound for my network's day-to-day DNS resolution. This way it is "faster". Next I want to control the DNS Servers Unbound uses to lookup IPs for domains that are not cached. I want to only use DNS-over-TLS with servers I allow.

Unbound will fetch uncached names and IPs from the authoritative nameserver for the domain the hostname belongs to. You don't really control which server it queries for recursive lookups. If you configure Unbound as a forwarder, you can specify multiple DoT servers, but you're really missing the "fun" of Unbound as a recursor.

The per-device filtering can be achieved with DNSFilter in Merlin. You don't need Unbound for that part.

 

[peepsnet]

Unbound will fetch uncached names and IPs from the authoritative nameserver for the domain the hostname belongs to. You don't really control which server it queries for recursive lookups. If you configure Unbound as a forwarder, you can specify multiple DoT servers, but you're really missing the "fun" of Unbound as a recursor.

The per-device filtering can be achieved with DNSFilter in Merlin. You don't need Unbound for that part.

Seems like unbound is not for me and what I have is enough as this time.

Thanks!!!!

 

[Ubimo]

What happens, when I replace the IPs of the root-servers in unbound.config with 1.1.1.1?
Does then unbound fetch uncached names from 1.1.1.1?

# auth-zone:
#    name: "."
#    master: 199.9.14.201         # b.root-servers.net
#    master: 192.33.4.12          # c.root-servers.net
#    master: 199.7.91.13          # d.root-servers.net
#    master: 192.5.5.241          # f.root-servers.net
#    master: 192.112.36.4         # g.root-servers.net
#    master: 193.0.14.129         # k.root-servers.net
#    master: 192.0.47.132         # xfr.cjr.dns.icann.org
#    master: 192.0.32.132         # xfr.lax.dns.icann.org

 

[L&LD]

@Ubimo I don't think that will work. 1.1.1.1 isn't a 'root-server' IP.

 

[Khadanja]

Adblocker stops working for me after a few days. Anyone else having this issue? If I remove unbound and install again it starts working then again I start seeing ads after few days.

 

[SomeWhereOverTheRainBow]

Adblocker stops working for me after a few days. Anyone else having this issue? If I remove unbound and install again it starts working then again I start seeing ads after few days.

The adblocker will only block whatever it is specified to block.. pages on the web potentially use more than just "one" of these servers on your list. If it also uses one that is not specified on your list, then you are likely to see an ad for that server that is not being blocked by your list. unbound as an adblocker is not 100 % catch all ads, it will only block servers listed inside limited hosts list generated by the ad block script.

 

[juched]

Adblocker stops working for me after a few days. Anyone else having this issue? If I remove unbound and install again it starts working then again I start seeing ads after few days.

Can you show the output of command:

cru l

There should be a file:
/opt/var/lib/unbound/adblock/stats.txt


What does it snow?

Is there a file
/opt/var/unbound/adblock/adservers

 

[Khadanja]

Can you show the output of command:

cru l

There should be a file:
/opt/var/lib/unbound/adblock/stats.txt
What does it snow?
Is there a file
/opt/var/unbound/adblock/adservers

*/2 * * * * /etc/openvpn/server1/vpns-watchdog1.sh #CheckVPNServer1#
25 8 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
18 1 * * Mon sh /jffs/scripts/firewall update #Skynet_autoupdate#
0 * * * * sh /jffs/scripts/firewall save #Skynet_save#
28 */12 * * * sh /jffs/scripts/firewall debug genstats #Skynet_genstats#
12 4 * * * curl -o /opt/var/lib/unbound/root.hints https://www.internic.net/domain/named.cache #root_servers#

 

[Khadanja]

Decided to start again & now I'm getting this when unbound loads.
/opt/var/run: No such file or directory
[1585556994] unbound-checkconf[21606:0] fatal error: pidfile directory does not exist

 

[SomeWhereOverTheRainBow]

Decided to start again & now I'm getting this when unbound loads.
/opt/var/run: No such file or directory
[1585556994] unbound-checkconf[21606:0] fatal error: pidfile directory does not exist

It looks like your cru l lines were missing, and unbound did not install properly.