Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[SomeWhereOverTheRainBow]

I only want these two mobile devices behind it, and I wanted something more capable than my router. My Xen server runs the Pi-Hole VM, and its i5 5200U can easily handle anything that I throw at it without putting any strain on my router's weaker CPU.

I do this too on a separate setup, the only downside is I have to disable/block IPV6 on those devices as the devices "get around" any manual dhcp option i try for suggesting what ipv6 to use for lan on those devices. On my stronger router, I run diversion.

 

[Ubimo]

Why is running unbound + diversion NOT recommended?

 

[SomeWhereOverTheRainBow]

Why is running unbound + diversion NOT recommended?

unbound+diversion is fine, Unbound+Ad block script+diversion is not recommended.

 

[Treadler]

Why is running unbound + diversion NOT recommended?

+1
I’m doing it, works well.

 

[martinr]

It does, but it changes unbound from a recursive resolver to just another forwarder like stubby.

EDIT: with this my 2,000th post, I am now part of the furniture. Please remember me as I was, not as a nice Chesterfield or an ottoman.

And if your promotion had been awarded on quality rather than quantity, you would have got it around 1999 posts ago.

 

[martinr]

.....I hope you folks understand and let me code in peace.
Thanks

So that’s it: instead of “RIP”, your tombstone will say “CIP”. May that be many decades away.

 

[Martineau]

Why is running unbound + diversion NOT recommended?

I've updated the Q&A post which adds a little technical clarification.

Ad Block may offer slightly better flexibility than diversion when defining the domains etc., but diversion has the (GUI) stats feature.

Crucially, performance wise, is one better than the other? - hard to say.

 

[skeal]

I'm a bit confused, does unbound use DoT out of the box or do you have to enable it in the firmware? Or is this a dumbass question? Or does a person need DoT when using unbound?

 

[dave14305]

I'm a bit confused, does unbound use DoT out of the box or do you have to enable it in the firmware? Or is this a dumbass question?

Out-of-the-box, Unbound does not use any encrypted traffic as a recursive resolver. It can’t make recursive queries using encryption. You can reconfigure Unbound to become a forwarder (like dnsmasq and Stubby) and use DoT, but what’s the value of unbound then as just another forwarder? dnsmasq+Stubby already do that well enough.

 

[skeal]

Out-of-the-box, Unbound does not use any encrypted traffic as a recursive resolver. It can’t make recursive queries using encryption. You can reconfigure Unbound to become a forwarder (like dnsmasq and Stubby) and use DoT, but what’s the value of unbound then as just another forwarder? dnsmasq+Stubby already do that well enough.

Gotcha! Thanks once again @dave14305

 

[eclp]

[✔] Enable local NTP server=YES ... ok, but which setting is best here: „Intercept NTP client requests„?

 

[SuperDuke]

FWIW....installed with CPU tweaks and has been solid since last evening.

Thanks @Martineau for a solid product and to all others that dev'd this.....now that I've come to understand some of the (not so finer) points of this, I like the approach.

 

[Martineau]

Out-of-the-box, Unbound does not use any encrypted traffic as a recursive resolver. It can’t make recursive queries using encryption. You can reconfigure Unbound to become a forwarder (like dnsmasq and Stubby) and use DoT, but what’s the value of unbound then as just another forwarder? dnsmasq+Stubby already do that well enough.

I've shamelessly added this verbatim (well almost) to the Q&A post
as I don't think you'd mind assisting with cut'n'paste given you embarrassed me into creating/maintaining this thread!

 

[dave14305]

[✔] Enable local NTP server=YES ... ok, but which setting is best here: „Intercept NTP client requests„?

I don’t think it matters. It’s not really related to Unbound, IMO, although time synchronization is a best practice for a network.

 

[thelonelycoder]

amtm 3.1.2 is now available

What's new
- Adds unbound Manager as supported script

I am pleased to add the first script from @Martineau to amtm: unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)
unbound Manager is a front end for @rgnldo 's Unbound - Authoritative Recursive Caching DNS Server

How to update amtm
Use u to update to this latest version.

 

[Martineau]

amtm 3.1.2 is now available

What's new
- Adds unbound Manager as supported script

I am pleased to add the first script from @Martineau to amtm: unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)
unbound Manager is a front end for @rgnldo 's Unbound - Authoritative Recursive Caching DNS Server

How to update amtm
Use u to update to this latest version.

Many thanks!

Like myself, I'm sure the community is grateful for your effort, particularly for those that need/choose to uninstall/reinstall on a 'regular' basis.

 

[Jack Yaz]

Can those of us running ntpmerlin be accounted for, please?

This nvram setting will always be no, so that ntpd from entware does not conflict with the built-in ntpd

 

[thelonelycoder]

View attachment 21264
Can those of us running ntpmerlin be accounted for, please?

This nvram setting will always be no, so that ntpd from entware does not conflict with the built-in ntpd

I habe the same dilemma for my local diversion test server. When set to Yes, it will not honour /jffs/configs/dnsmasq.conf.add which resolves to it.

 

[dmillerzx]

Manual, or auto are ok.
It gives your router functioning dns server/s for getting any internal stuff done, should Unbound not be ready yet. At boot up say.

Thanks this was a little confusing, I ended up just not touching anything from the DOT setup prior to Unbound.

 

[dave14305]

I habe the same dilemma for my local diversion test server. When set to Yes, it will not honour /jffs/configs/dnsmasq.conf.add which resolves to it.

Is there a servers-file= line in your dnsmasq.conf.add?