What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

In the last few updates I have noticed the following errors during updates, it that normal?

RT-AC86U-AB50 (unbound_manager.sh): 6866 Starting Script Execution (restart)
Mar 8 09:21:02 RT-AC86U-AB50 unbound: [2516:0] notice: failed connection from 127.0.0.1 port 52183
Mar 8 09:21:02 RT-AC86U-AB50 unbound: [2516:0] error: remote control failed ssl crypto error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
 
In the last few updates I have noticed the following errors during updates, it that normal?

RT-AC86U-AB50 (unbound_manager.sh): 6866 Starting Script Execution (restart)
Mar 8 09:21:02 RT-AC86U-AB50 unbound: [2516:0] notice: failed connection from 127.0.0.1 port 52183
Mar 8 09:21:02 RT-AC86U-AB50 unbound: [2516:0] error: remote control failed ssl crypto error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
It would be a mismatch between unbound-control and unbound about whether SSL certs are required. What’s in the remote-control section of /opt/var/lib/unbound/unbound.conf?
 
Pushed an update v1.1.1 to github for unbound_stats.sh.

- Wait for unbound to start before generating stats - hope this helps avoid an initial empty graph on reboot
- Install needed shared JY charting libraries following the pattern @JackYaz just did with his last updates.
 
when it comes to unbound/entware, the startup must be /jffs/scripts/post-mount, on end line:
Code:
sleep 1
/jffs/scripts/unbound/unbound_stats.sh startup

Why with post-mount? This seems to be too early as it is once the disk is mounted, but services haven't started yet. Doing it in services-start seems to be once all main services are running.
 
Why with post-mount?
The script needs unbound-control. Only after assembly will there be an unbound process. From start, execution unbound_stats generate won't work. Maybe it's for my reality.
 
Any thoughts about this error? I cannot even uninstall it ...
unbound-control[14030:0] fatal error: could not send: Connection reset by peer

***ERROR unbound-control - failed'?
 
Pushed an update v1.1.1 to github for unbound_stats.sh.
Install needed shared JY
The script needs to verify that this folder already exists.

continues to depend on some Jack Yaz script. Only unbound_stats will not display the graphs. I installed Jack Yaz's connmon script, it works now.
 
Last edited:
Pushed an update v1.1.1 to github for unbound_stats.sh.

- Wait for unbound to start before generating stats - hope this helps avoid an initial empty graph on reboot
- Install needed shared JY charting libraries following the pattern @JackYaz just did with his last updates.
All appears to be working fine here great job
Screenshot_20200308-150006177 (1).jpg
 
It would be a mismatch between unbound-control and unbound about whether SSL certs are required. What’s in the remote-control section of /opt/var/lib/unbound/unbound.conf?

This is my remote-control section, default setup. It is also strange that the error message mentioned different port number.

remote-control:
control-enable: yes
#control-use-cert: no # v1.07 Martineau "Fast Menu"
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/opt/var/lib/unbound/unbound_server.key"
server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
control-key-file: "/opt/var/lib/unbound/unbound_control.key"
control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"
 
This is my remote-control section, default setup. It is also strange that the error message mentioned different port number.

remote-control:
control-enable: yes
#control-use-cert: no # v1.07 Martineau "Fast Menu"
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/opt/var/lib/unbound/unbound_server.key"
server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
control-key-file: "/opt/var/lib/unbound/unbound_control.key"
control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"
Could then be if the upgrade process is copying back a different config file with different remote control options, then trying to run unbound-control reload, it would have a mismatch. A lot of scenarios possible based on all the options available in the script. It’s better to stop unbound first if the config changes will change the remote-control clause.
 
Could then be if the upgrade process is copying back a different config file with different remote control options, then trying to run unbound-control reload, it would have a mismatch. A lot of scenarios possible based on all the options available in the script. It’s better to stop unbound first if the config changes will change the remote-control clause.

Yes, thank you @dave14305 . I did as you suggested. Stopped Unbound and did update again keeping my configuration. No errors anymore. Thank you.
 
In our unbound.postconf file we hardcode the unbound IP and port - UNBOUNDLISTENADDR="127.0.0.1#53535" and use it to update dnsmasq.conf.

I was wondering if this is intentional as default. I don't know the actual flow of how things get initialized but would it be better if we read that value from unbound.conf and have only one place to define unbound listening interface and port?
 
In our unbound.postconf file we hardcode the unbound IP and port - UNBOUNDLISTENADDR="127.0.0.1#53535" and use it to update dnsmasq.conf.

I was wondering if this is intentional as default. I don't know the actual flow of how things get initialized but would it be better if we read that value from unbound.conf and have only one place to define unbound listening interface and port?
Me again. I think in the realm of Unbound_manager, the expected port is known since the script defines the config file and the postconf (I’m not a fan of choosing a port in the ephemeral range, but that’s just me).

There is commented out code in the script to find out what port unbound is really listening on via netstat, which is adapted from my own method:
Code:
UNBOUNDLISTENADDR=$(netstat -nlup | grep "^udp.* 127\.0\..*\/unbound$" | head -1 | awk ' { print $4 } ' | tr ':' '#')
 
The script needs to verify that this folder already exists.

continues to depend on some Jack Yaz script. Only unbound_stats will not display the graphs. I installed Jack Yaz's connmon script, it works now.

I am sure I tested this by removing the /jffs/addons/shared-jy folder as well as /www/user/shared-jy. My script during "install" command creates the addons folder downloads the files, untars and then creates the symbolic link if needed.

Or do you mean a different folder?
 
I am sure I tested this by removing the /jffs/addons/shared-jy
Nothing that compromises the execution of the script. In the execution of the installation, he accused that files already exist.

I noticed that when uninstalling, some files remain: .db and .md5. Are they necessary to allow? In a reinstallation, I got errors with the .db file.

Take the test without any Jack Yaz script on jffs, reboot and do and check.
 
Nothing that compromises the execution of the script. In the execution of the installation, he accused that files already exist.

I noticed that when uninstalling, some files remain: .db and .md5. Are they necessary to allow? In a reinstallation, I got errors with the .db file.

Take the test without any Jack Yaz script on jffs, reboot and do and check.

Thank you @rgnldo, I have made fixes based on your findings. pushed v1.1.2.
 
Thank you @rgnldo, I have made fixes based on your findings. pushed v1.1.2.

@juched Could you point me to which file contains your GitHub URL or publish the link here please? I looked in your files and searched the forum but didn't see it. I imagine I just missed it in my forum search. Thank you.
 
@juched Could you point me to which file contains your GitHub URL or publish the link here please? I looked in your files and searched the forum but didn't see it. I imagine I just missed it in my forum search. Thank you.
If you use the "i" command in unbound_manager and select "y" to install adblock, it will install this version.
You can see the code here:
https://github.com/juched78/Unbound-Asuswrt-Merlin

--- edit ---

oops... wrong script. @martinr is right, just type "sgui" and it will update.
 
Last edited:
@juched Could you point me to which file contains your GitHub URL or publish the link here please? I looked in your files and searched the forum but didn't see it. I imagine I just missed it in my forum search. Thank you.
If you’re simply wanting to uodate, you only need to go into Unbound Manager (Option 7 in AMTM) and type sgui.
 
If you’re simply wanting to uodate, you only need to go into Unbound Manager (Option 7 in AMTM) and type sgui.

Yes I just wanted to update the one script. Thanks to both of you for the answers.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top