Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[juched]

Thank you.
Much appreciated.
What line do I need to run to disable the adblock? Or do I need to uninstall and install again UnBound?

Run i command again and skip Adblock.


Sent from my iPhone using Tapatalk

 

[Ubimo]

I just uninstalled unbound with "z" and then "Y".
Then I saw two red lines with "no files in ..../.../unbound" (or something like this)
After a restart I thought unbound was gone, but I figured out it's still running.

Apr  1 14:31:28 rc_service: service 15259:notify_rc restart_dnsmasq
Apr  1 14:31:29 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Apr  1 14:31:30 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Apr  1 14:31:31 Diversion: is disabled, no services started
Apr  1 14:31:31 (dnsmasq.postconf): Updating /etc/dnsmasq.conf for unbound.....
Apr  1 14:31:57 (unbound_manager.sh): 15986 Starting Script Execution (easy)

The menu(7) in amtm is gone.
What can I do to properly uninstall unbound?

Edit:
Via amtm I started "7" and then chose "z" again to uninstall. No success, see haveged.

Apr  1 14:47:58 Diversion: Starting Entware and Diversion services on /tmp/mnt/USB
Apr  1 14:47:58 S02haveged: Starting Haveged entropy /opt/etc/init.d/S02haveged
Apr  1 14:47:58 haveged: haveged starting up
Apr  1 14:47:58 admin: Started haveged from /jffs/scripts/post-mount.
Apr  1 14:47:58 rc_service: service 785:notify_rc restart_dnsmasq
Apr  1 14:47:58 rc_service: hotplug 583:notify_rc restart_nasapps
Apr  1 14:47:58 rc_service: waitting "restart_dnsmasq" via  ...
Apr  1 14:47:58 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Apr  1 14:47:59 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Apr  1 14:47:59 Diversion: enabling services after unmount
Apr  1 14:48:02 Diversion: restarted Dnsmasq to apply settings

 

[Martineau]

I just uninstalled unbound with "z" and then "Y".
Then I saw two red lines with "no files in ..../.../unbound" (or something like this)
After a restart I thought unbound was gone, but I figured out it's still running.

Apr  1 14:31:28 rc_service: service 15259:notify_rc restart_dnsmasq
Apr  1 14:31:29 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Apr  1 14:31:30 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Apr  1 14:31:31 Diversion: is disabled, no services started
Apr  1 14:31:31 (dnsmasq.postconf): Updating /etc/dnsmasq.conf for unbound.....
Apr  1 14:31:57 (unbound_manager.sh): 15986 Starting Script Execution (easy)

The menu(7) in amtm is gone.
What can I do to properly uninstall unbound?

Edit:
Via amtm I started "7" and then chose "z" again to uninstall. No success, see haveged.

Apr  1 14:47:58 Diversion: Starting Entware and Diversion services on /tmp/mnt/USB
Apr  1 14:47:58 S02haveged: Starting Haveged entropy /opt/etc/init.d/S02haveged
Apr  1 14:47:58 haveged: haveged starting up
Apr  1 14:47:58 admin: Started haveged from /jffs/scripts/post-mount.
Apr  1 14:47:58 rc_service: service 785:notify_rc restart_dnsmasq
Apr  1 14:47:58 rc_service: hotplug 583:notify_rc restart_nasapps
Apr  1 14:47:58 rc_service: waitting "restart_dnsmasq" via  ...
Apr  1 14:47:58 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Apr  1 14:47:59 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Apr  1 14:47:59 Diversion: enabling services after unmount
Apr  1 14:48:02 Diversion: restarted Dnsmasq to apply settings

see See this post but if it bothers you.....remove it manually

opkg remove haveged

 

[juched]

@Martineau believe I found an issue (or maybe two).

When using unbound.postconf (and maybe from unbound.conf.add), I am finding that multiple lines are being added to my unbound.conf, also, the changes made my postconf are permanent, meaning that you need to re-download to get the original back.

server:
include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives


include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives


include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives

Perhaps unbound.conf should be downloaded and kept as a copy, then during boot copy it, insert .add and apply postconf. Right now the only copy of unbound.conf is gone once you mess it up with a bad postconf.

Don't ask how I know

 

[Martineau]

@Martineau believe I found an issue (or maybe two).

When using unbound.postconf (and maybe from unbound.conf.add), I am finding that multiple lines are being added to my unbound.conf, also, the changes made my postconf are permanent, meaning that you need to re-download to get the original back.

server:
include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives


include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives


include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives

Perhaps unbound.conf should be downloaded and kept as a copy, then during boot copy it, insert .add and apply postconf. Right now the only copy of unbound.conf is gone once you mess it up with a bad postconf.

Don't ask how I know

I'll take a look at the duplicate 'include:' issue.

You can always use the 'vb' command to take a backup then use 'rl ? / rl' commands etc. to reload a valid 'unbound.conf' or 'vx' having renamed/disabled the corrupting 'unbound.postconf' - so I'll pass on your suggestion.

 

[Martineau]

@Martineau believe I found an issue

When using unbound.postconf (and maybe from unbound.conf.add), I am finding that multiple lines are being added to my unbound.conf, also, the changes made my postconf are permanent, meaning that you need to re-download to get the original back.

server:
include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives


include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives


include: "/opt/share/unbound/configs/unbound.conf.add"          # Custom server directives

I've pushed v2.18 Hotfix.

Version=2.18
Github md5=249af3a36c2ae1ba4734457917b1c8e8​

HotFix: Prevent duplicate 'include:' commands in 'unbound.conf' if '/opt/share/unbound/configs/unbound.conf.add' is defined.

use the following to apply the fix:

e  = Exit Script

A:Option ==> u

Also, rather than enforce the use of scripting (i.e. 'unbound.postconf') to replace existing directives in 'unbound.conf', allow 'unbound.conf.add' to advantageously/conveniently override existing values by appending the 'include: unbound.conf.add' directive to the end of 'unbound.conf' rather than at the beginning.

NOTE: If users wish to take advantage of this feature, then they will need to manually delete the existing 'include: unbound.conf.add' and restart unbound.

 

[dave14305]

Also, rather than enforce the use of scripting (i.e. 'unbound.postconf') to replace existing directives in 'unbound.conf', allow 'unbound.conf.add' to advantageously/conveniently override existing values by appending the 'include: unbound.conf.add' directive to the end of 'unbound.conf' rather than at the beginning.

But by appending to the end of the file, the include will be outside the server: section and may not work as before if it includes server: options. I don’t know if it’s valid to have a second server: section or not, but you might consider just including the statement at the end of server: before remote-control:. Then any options can be used as long as the server ones appear first.

 

[Martineau]

But by appending to the end of the file, the include will be outside the server: section and may not work as before if it includes server: options. I don’t know if it’s valid to have a second server: section or not, but you might consider just including the statement at the end of server: before remote-control:. Then any options can be used as long as the server ones appear first.

RTFM ?

unbound_manager v3.00 Beta (use 'uf dev' command to try it) includes NEW: Duplicate directives Alert feature.

 

[juched]

RTFM ?

unbound_manager v3.00 Beta (use 'uf dev' command to try it) includes NEW: Duplicate directives Alert feature.

Just to be clear, this means that from now on we can simply specify server: and the server items we want to add/override, and your script will insert it at the end, and the last item specified wins?

Seems the following items are supported to be duplicated:

• server:
• access-control:
• private-address:
• domain-insecure:
• forward-addr:
• include:
• interfaces:
• outgoing-interface:

--- edit ----

sorry, looking closer it seems you output the server: portion automatically. So, just server: is supported, and it adds it to the end.


Also, I see that I missed yesterday that there is a "reset.conf" and "user.conf". Reset seems to be the original, as I had asked, so you had already thought of that. What is the purpose of user.conf? Just a backup?

--- edit 2 ----
Confirmed from the code user.conf is a backup.

I can also confirm that I have moved all my postconf script replacement and deletions to my .conf.add and it inserted into the end and overrides those settings well. Much simplier.

So, to what this means is that any items you want to set under "server:" directive, you can do by adding to the unbound.conf.add file, and it will work.

 

[Martineau]

Just to be clear, this means that from now on we can simply specify server: and the server items we want to add/override, and your script will insert it at the end, and the last item specified wins?

Seems the following items are supported to be duplicated:

• server:
• access-control:
• private-address:
• domain-insecure:
• forward-addr:
• include:
• interfaces:
• outgoing-interface:

--- edit ----

sorry, looking closer it seems you output the server: portion automatically. So, just server: is supported, and it adds it to the end.


Also, I see that I missed yesterday that there is a "reset.conf" and "user.conf". Reset seems to be the original, as I had asked, so you had already thought of that. What is the purpose of user.conf? Just a backup?

--- edit 2 ----
Confirmed from the code user.conf is a backup.

I can also confirm that I have moved all my postconf script replacement and deletions to my .conf.add and it inserted into the end and overrides those settings well. Much simplier.

So, to what this means is that any items you want to set under "server:" directive, you can do by adding to the unbound.conf.add file, and it will work.

Originally I assumed 'unbound.conf.add' would be used to insert unique statements, and for more advanced users, they would ideally use the 'unbound.postconf' script to replace/delete directives.

However, didn't someone say nah!, learn vi to edit the configs files directly (remembering to take judicious backups of course) so no need for these advanced features to be available in the script.

Fortunately (unlike say dnsmasq) unbound appears to tolerate duplicate directives and 'last one wins', so it makes sense to move 'unbound.conf.add' to the end of 'unbound.conf' with the beneficial side effect that you may wish to add/overide non-'server:' directives, but to make the new implementation backwards compatible, I decided it was prudent to include the 'server:' header....just in case!

During the initial install, 'reset.conf' is the 'unbound.conf' downloaded from Github, and 'user.conf' is the modified 'unbound.conf' resulting from the user replying 'y' to the Option prompts.
(If no advanced options are selected, then 'user'.conf' is identical to 'reset.conf')

 

[juched]

Originally I assumed 'unbound.conf.add' would be used to insert unique statements, and for more advanced users, they would ideally use the 'unbound.postconf' script to replace/delete directives.

However, didn't someone say nah!, learn vi to edit the configs files directly (remembering to take judicious backups of course) so no need for these advanced features to be available in the script.

Fortunately (unlike say dnsmasq) unbound appears to tolerate duplicate directives and 'last one wins', so it makes sense to move 'unbound.conf.add' to the end of 'unbound.conf' with the beneficial side effect that you may wish to add/overide non-'server:' directives, but to make the new implementation backwards compatible, I decided it was prudent to include the 'server:' header....just in case!

During the initial install, 'reset.conf' is the 'unbound.conf' downloaded from Github, and 'user.conf' is the modified 'unbound.conf' resulting from the user replying 'y' to the Option prompts.
(If no advanced options are selected, then 'user'.conf' is identical to 'reset.conf')

Thanks, makes sense. I am now using this method (instead of postconf) to change the port to 53 and some other settings I want to stick after update (like use-syslog).

That, and my dnsmasq.conf.add to set port to 0, and now my network talks directly to unbound. This allows my stats page to show which clients are making which requests.

A little bit of learning and playing seems to keep expanding and expanding.

 

[Centrifuge]

A little bit of learning and playing seems to keep expanding and expanding.

Does it make sense to have a separate thread for your unbound.conf project?

 

[SomeWhereOverTheRainBow]

Thanks, makes sense. I am now using this method (instead of postconf) to change the port to 53 and some other settings I want to stick after update (like use-syslog).

That, and my dnsmasq.conf.add to set port to 0, and now my network talks directly to unbound. This allows my stats page to show which clients are making which requests.

A little bit of learning and playing seems to keep expanding and expanding.

Keep up the great work man, if you need any one to test and collaborate your findings, just give a shout out.

 

[Khadanja]

Is there a point of or is it possible to use unbound & inbuilt DoT together. My DoT is enabled with cloudfare servers and I'm wondering if it is doing anything?

 

[bluzfanmr1]

Is there a point of or is it possible to use unbound & inbuilt DoT together. My DoT is enabled with cloudfare servers and I'm wondering if it is doing anything?

@Khadanja
The following link will help you to verify that DoT is working:

https://www.snbforums.com/threads/r...-384-11-is-available.56501/page-6#post-488904

 

[Khadanja]

@bluzfanmr1 I did & it shows no traffic on both port 53 & 853. Screen shot of config page attached.

 

[dave14305]

@bluzfanmr1 I did & it shows no traffic on both port 53 & 853. Screen shot of config page attached.

You must be seeing dns traffic somewhere. Try:

tcpdump -i $(nvram get wan0_ifname) -n port 853
tcpdump -i $(nvram get wan0_ifname) -n port 53

Maybe eth0 isn’t your WAN port name.

 

[Khadanja]

You must be seeing dns traffic somewhere. Try:

tcpdump -i $(nvram get wan0_ifname) -n port 853
tcpdump -i $(nvram get wan0_ifname) -n port 53

Maybe eth0 isn’t your WAN port name.

Yeah 2nd command show something but still nothing on port 853, see below. Maybe my set up is weird as I connect the Asus to a Fibre ONT & under IPTV I have to set VID 10 in Internet tab.

23:16:35.213832 IP WAN IP.telstraclear.net.59822 > one.one.one.one.domain: 25894+ PTR? 1.1.1.1.in-addr.arpa. (38)
00:00:00.720471 IP one.one.one.one.domain > WAN IP.telstraclear.net.59822: 25894 1/0/0 PTR one.one.one.one. (87)
00:00:00.718261 IP ns4.google.com.domain > WAN IP.telstraclear.net.39946: 41910*- 1/0/1 A 172.217.1.99 (58)
23:16:36.803586 IP WAN IP.telstraclear.net.64063 > ns3.google.com.domain: 24259% [1au] A? cdn.ampproject.org. (47)
23:16:36.804018 IP WAN IP.telstraclear.net.46182 > one.one.one.one.domain: 43574+ PTR? 10.36.239.216.in-addr.arpa. (44)
00:00:00.759467 IP one.one.one.one.domain > WAN IP.telstraclear.net.46182: 43574 1/0/0 PTR ns3.google.com. (98)
00:00:00.760121 IP ns3.google.com.domain > WAN IP.telstraclear.net.64063: 24259*- 2/0/1 CNAME cdn-content.ampproject.org., A 216.58.196.129 (89)
23:16:36.971698 IP WAN IP.telstraclear.net.14750 > ns4.google.com.domain: 4435% [1au] A? cdn-content.ampproject.org. (55)
00:00:00.774990 IP ns4.google.com.domain > WAN IP.telstraclear.net.14750: 4435*- 1/0/1 A 216.58.196.129 (71)
23:16:42.033104 IP WAN IP.telstraclear.net.15657 > ns-779.awsdns-33.net.domain: 31521% [1au] A? api.smartthings.com. (48)

 

[dave14305]

Yeah 2nd command show something but still nothing on port 853, see below. Maybe my set up is weird as I connect the Asus to a Fibre ONT & under IPTV I have to set VID 10 in Internet tab.

23:16:35.213832 IP WAN IP.telstraclear.net.59822 > one.one.one.one.domain: 25894+ PTR? 1.1.1.1.in-addr.arpa. (38)
00:00:00.720471 IP one.one.one.one.domain > WAN IP.telstraclear.net.59822: 25894 1/0/0 PTR one.one.one.one. (87)
00:00:00.718261 IP ns4.google.com.domain > WAN IP.telstraclear.net.39946: 41910*- 1/0/1 A 172.217.1.99 (58)
23:16:36.803586 IP WAN IP.telstraclear.net.64063 > ns3.google.com.domain: 24259% [1au] A? cdn.ampproject.org. (47)
23:16:36.804018 IP WAN IP.telstraclear.net.46182 > one.one.one.one.domain: 43574+ PTR? 10.36.239.216.in-addr.arpa. (44)
00:00:00.759467 IP one.one.one.one.domain > WAN IP.telstraclear.net.46182: 43574 1/0/0 PTR ns3.google.com. (98)
00:00:00.760121 IP ns3.google.com.domain > WAN IP.telstraclear.net.64063: 24259*- 2/0/1 CNAME cdn-content.ampproject.org., A 216.58.196.129 (89)
23:16:36.971698 IP WAN IP.telstraclear.net.14750 > ns4.google.com.domain: 4435% [1au] A? cdn-content.ampproject.org. (55)
00:00:00.774990 IP ns4.google.com.domain > WAN IP.telstraclear.net.14750: 4435*- 1/0/1 A 216.58.196.129 (71)
23:16:42.033104 IP WAN IP.telstraclear.net.15657 > ns-779.awsdns-33.net.domain: 31521% [1au] A? api.smartthings.com. (48)

Did you choose the stubby integration in Unbound Manager? Otherwise Unbound is overriding Stubby.

It’s also important to run the tcpdump as I amended with -n to avoid additional lookups by the router to resolve names of the IPs being “dumped”.

 

[Khadanja]

Did you choose the stubby integration in Unbound Manager? Otherwise Unbound is overriding Stubby.

It’s also important to run the tcpdump as I amended with -n to avoid additional lookups by the router to resolve names of the IPs being “dumped”.

No I did not. So how do I change it now in unbound so DoT works?