What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks, I did put the short script into cron - every 15 mins.

As far as @juched script, It would never install correctly - first complained it could not find the file rpzsites
I then created an rpzsites file and put the https line pointing to rpz.urlhaus.abuse.ch into it. (so curl would would work)
It then complained it could not create a directory.

I looked over the script and simply dumbed it down with constants. Just to see if I could get the RPZ zone working with unbound.

BTW, maybe a question for @juched , in looking at the function download_reload, it seems to be called with 2 arguments.
How does it derive $3 on this line?
$UNBOUNCTRLCMD auth_zone_reload "$3"

If it helps, this is on an AX88u running 384.16.

That script doesn’t download files or make directories. How did you install? Did you use the unbound_manager firewall command?

It will download the rpzsites file.

What directory did it say was missing?
 
Indeed.

Might I suggest that to provide feedback that the script is working that you replace the 'echo' statements with 'logger' statements where appropriate?

e.g.
Code:
download_reload() {
  sitesfile=$1
  reload=$2
  count=1
  while read -r line
  do
    set -- $line
    #[ "${$line:0:1}" == "#" ] && continue
    logger -st unbound $$ "Attempting to Download $count of $(awk 'NF && !/^[:space:]*#/' $sitesfile | wc -l) from $1."
    curl --progress-bar $1 > $2
    dos2unix $2
    if [ "$reload" == "reload" ] && [ ! -z "$(pidof unbound)" ]; then
      logger -st unbound $$ "Reload unbound for zone named $3"
      $UNBOUNCTRLCMD auth_zone_reload "$3"
    fi
    count=$((count + 1))
  done < "$sitesfile"
}
resulting in confirmation download messages in the log
Code:
Apr 14 23:33:24 RT-AC68U unbound: 15925 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Apr 14 23:33:24 RT-AC68U unbound: 15925 Reload unbound for zone named rpz.urlhaus.abuse.ch
It's late here so I will delay releasing v3.03 until tomorrow to see if there is anything you wish to investigate further with @JGrana etc.

done
 
Hello,
I've been using unbound for more than a month.
Recently I upgraded to 384.16 and then to the last version of unbound and unbound manager.
Now I'm experiencing a strange problem.
When my internet connection fails it seems that tha router or unbound aren't able to correctly resume it.
The router indicates "no connection" but my PCs can normally connect to some websites and services.
For Example this morning I can connect to Amazon Music but not to Deezer. Yesterday I could connect to google but not to some websites of my country.
If I access to the router via ssh and make a ping to the same websites my PCs can't access, the router can resolve the address (the router is set to use his resolver and connect to 1.1.1.1)
So it seems that when the wan drops unbound is unable to resume his normal operation and tries to resolve addresses using his cache or something like that. This is only my speculation.
Has someone experienced a similar problem?
 
Hello,
I've been using unbound for more than a month.
Recently I upgraded to 384.16 and then to the last version of unbound and unbound manager.
Now I'm experiencing a strange problem.
When my internet connection fails it seems that tha router or unbound aren't able to correctly resume it.
The router indicates "no connection" but my PCs can normally connect to some websites and services.
For Example this morning I can connect to Amazon Music but not to Deezer. Yesterday I could connect to google but not to some websites of my country.
If I access to the router via ssh and make a ping to the same websites my PCs can't access, the router can resolve the address (the router is set to use his resolver and connect to 1.1.1.1)
So it seems that when the wan drops unbound is unable to resume his normal operation and tries to resolve addresses using his cache or something like that. This is only my speculation.
Has someone experienced a similar problem?
You should try to identify why DNS is failing

i.e. if you are using 'unbound_manager' in 'Advanced' mode, then you should try the URLs that do not resolve using dig
Code:
e  = Exit Script

A:Option ==> dig deezer.com
Show statistics
Code:
e  = Exit Script

A:Option ==> s
then stop unbound
Code:
e  = Exit Script

A:Option ==> x
then check the URLs again.
If the URLs are accessible, then I suppose the unbound cache could be stale.
So restart unbound
Code:
e  = Exit Script

A:Option ==> rs
Show statistics
Code:
e  = Exit Script

A:Option ==> s
and recheck the URLs.
If they are still inaccessible, then as a final diagnostic you should flush unbound's cache
Show statistics
Code:
e  = Exit Script

A:Option ==> s
Code:
e  = Exit Script
A:Option ==> rs nocache
P.S. Disclosing your model router might also be a pertinent helpful data-point, also are you using the unbound Stubby Integration?
 
You should try to identify why DNS is failing

P.S. Disclosing your model router might also be a pertinent helpful data-point, also are you using the unbound Stubby Integration?

Thanks for the advice, I'll make some debug when the issue will reappear.
For the question: my router is AC66U_B1 and I don't use stubby integration, just plain vanilla unbound with no adblock integration.
I use diversion, pixelserv e Skynet.
 
I don't use stubby integration, just plain vanilla unbound with no adblock integration.]

If I access to the router via ssh and make a ping to the same websites my PCs can't access, the router can resolve the address (the router is set to use his resolver and connect to 1.1.1.1)
I was confused by your statement above with a reference to 1.1.1.1 since vanilla unbound wouldn't use a 3rd-party DNS unless unbound is configured as a Stubby/DoT forwarder:confused:
 
I was confused by your statement above with a reference to 1.1.1.1 since vanilla unbound wouldn't use a 3rd-party DNS unless unbound is configured as a Stubby/DoT forwarder:confused:

As I said I could ping inside a ssh console to the router.
This way I could override unbound, because the option "Wan: Use local caching DNS server as system resolver" was set to no.
This is the reason I think it can be an unbound problem. Infact why every website is resolved by the router, which points to 1.1.1.1, where some website is non reachable within the lan, where the resolver is unbound ?
Anyway when it'll happen again I'll follow your indication and I'll post my findings...
 
I've uploaded v3.03

Version=3.03
Github md5=cef422d41ee5a36c4472694b34164dc4

use 'u' to update when prompted on screen

Use of the 'i = Update unbound Installation' **Required** see change log

v3.03 Change log
Code:
CHANGE: Revert 'Easy' menu mode to always require the [ENTER] key when selecting menu options.
ADD:     'Easy' menu mode option '7 Enable/Disable' DNS Firewall (Requires new 'unbound.conf'  to be downloaded use 'i')
FIX:     'adblock =' option missing under 'Advanced Tools' in 'Advanced' mode
ADD:    Frivolous Easter-egg ascii art promotion!
ADD:    Highlight if unbound is NOT running, and improve diagnostics to assist in determining the reason.

e.g. unbound won't start and doesn't show any reason

Code:
+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.03 by Martineau                       |
|                                                                      |
+======================================================================+

Warning unbound not running!! - Config last loaded info: # rgnldo Github Version=v1.09 Martineau update (Date Loaded by unbound_manager Mon Apr 13 23:14:33 DST 2020)

u = Push to Github PENDING for (Major) unbound_manager UPDATE v3.03 >>>> v3.02

i  = Update unbound and configuration ('/opt/var/lib/unbound/')
z  = Remove unbound/unbound_manager                 v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit)
3  = Advanced Tools                                 rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')

?  = About Configuration

e  = Exit Script

A:Option ==> rs

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.con

Adding 'include: "/opt/share/unbound/configs/unbound.conf.add"  '/opt/var/lib/unbound/unbound.conf'
 Starting unbound...              failed.

Checking status, please wait.....

    ***ERROR unbound went AWOL after 1 seconds.....
    Try option 'debug' and check for unbound.conf or runtime errors!

<snip>

e  = Exit Script

A:Option ==> debug

[1586865648] unbound[26907:0] notice: Start of unbound 1.10.0.
Apr 14 12:00:48 unbound[26907:0] error: can't bind socket: Address already in use for 0.0.0.0 port 53
Apr 14 12:00:48 unbound[26907:0] fatal error: could not open ports
 
Last edited:
That script doesn’t download files or make directories. How did you install? Did you use the unbound_manager firewall command?

It will download the rpzsites file.

What directory did it say was missing?

With the latest 3.03 unbound_manager and no rpzsites file, here is the output:
Do you want to enable DNS Firewall?

Reply 'y' or press [Enter] to skip
y
unbound_rpz.sh downloaded successfully

Created startup hook in services-start.
Created cron job.
/jffs/addons/unbound/unbound_rpz.sh: line 154: can't open /opt/share/unbound/configs/rpzsites: no such file
Installed.

Can you post what should be in the rpzsites file?
I created one with this line in it:
https://urlhaus.abuse.ch/downloads/rpz/

I also did a 'grep rpzsites unbound*' in the /jffs/addons/unbound directory. No hits.
 
With the latest 3.03 unbound_manager and no rpzsites file, here is the output:
Do you want to enable DNS Firewall?

Reply 'y' or press [Enter] to skip
y
unbound_rpz.sh downloaded successfully

Created startup hook in services-start.
Created cron job.
/jffs/addons/unbound/unbound_rpz.sh: line 154: can't open /opt/share/unbound/configs/rpzsites: no such file
Installed.

Can you post what should be in the rpzsites file?
I created one with this line in it:
https://urlhaus.abuse.ch/downloads/rpz/

/opt/share/unbound/configs/rpzsites
Code:
https://urlhaus.abuse.ch/downloads/rpz/ /opt/var/lib/unbound/rpz.urlhaus.abuse.ch.zone rpz.urlhaus.abuse.ch
I'll check if the script is failing to create the file.
 
Have you written the DNS Firewall GUI statistics module tho' ? :p:p:p

For now, ‘grep “RPZ applied” /opt/var/lib/unbound/unbound.log | we -l’ serves me well ;-)
 
/opt/share/unbound/configs/rpzsites
Code:
https://urlhaus.abuse.ch/downloads/rpz/ /opt/var/lib/unbound/rpz.urlhaus.abuse.ch.zone rpz.urlhaus.abuse.ch
I'll check if the script is failing to create the file.
Thanks. Let me create rpzsites and see how the script behaves. My self created rpzsites lacked quite a bit!
 
For now, ‘grep “RPZ applied” /opt/var/lib/unbound/unbound.log | we -l’ serves me well ;-)
My one line (awk-based) Histogram statistics reporter method is even better! ;)
 
@Martineau , with the correct rpzsites file, it works fine:

Do you want to enable DNS Firewall?

Reply 'y' or press [Enter] to skip
y
unbound_rpz.sh downloaded successfully

Created startup hook in services-start.
Created cron job.
(unbound_rpz.sh): 16717 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
######################################################################## 100.0%
Installed.

unbound DNS Firewall ENABLED

I have removed my cron job and forced an unbound_rpz.sh download.

All good now!
 
That script doesn’t download files or make directories. How did you install? Did you use the unbound_manager firewall command?

It will download the rpzsites file.

What directory did it say was missing?
Whoops :oops: Hotfix v3.03 Github md5=cef422d41ee5a36c4472694b34164dc4

'unbound_manager' didn't download 'rpzsites' file due to new functionality that I hadn't actually fully implemented in the script but had only gone-live in my head :rolleyes:

Abject apologies @JGrana for the inconvenience caused.
 
Last edited:
I had to manually create the rpzsites file. Then this:
Code:
Apr 15 09:15:00 RT-AC86U (unbound_rpz.sh): 27765 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Apr 15 09:15:01 RT-AC86U (unbound_rpz.sh): 27765 Reload unbound for zone named rpz.urlhaus.abuse.ch
Apr 15 09:15:01 RT-AC86U (unbound_rpz.sh): 27765 Attempting to Download 2 of 1 from .
Apr 15 09:15:01 RT-AC86U (unbound_rpz.sh): 27765 Reload unbound for zone named
Something about the read loop?
Prior to the hotfix.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top