What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi Guys any idea why i am getting the below error ? :

Bad address
[1588460622] unbound-checkconf[14383:0] fatal error: control-key-file: "(null)" does not exist
***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

Thank you!
This sounds like the Fast menu option is disabled, but the path to the key files is undefined.
 
Code:
--without-pthreads --without-solaris-threads --without-libevent

No threads, no libevent. Each thread launches another cache. While it seems they are somehow shared, I don't see how they shared the memory effectively between processes. On my machine the stats never how more than 0.7 requests to be processed for recursive lookups in the queue, so I don't feel a need to "split the load" between processes.

Average number of requests in list for recursive processing: 0.733269
 
Hi Guys any idea why i am getting the below error ? :

Bad address
[1588460622] unbound-checkconf[14383:0] fatal error: control-key-file: "(null)" does not exist
***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file
@CardcaptorRLH85 also recently reported this....not sure if there was another user who also suffered the same error?:confused:

I did request a copy of the 'corrupted' '/opt/var/lib/unbound.conf' but I haven't seen a reply (although I may have missed it), but not sure if the OP still encounters this error?

However, if you could please provide the file (via pastebin etc.) I can check to see if 'unbound_manger' is incorrectly modifying the file.
 
I had to restore my device to factory defaults and proceed from there, so for me is sorted as it works fine now. (That all happened when I upgraded to the latest version of Firmware). Now i have problems with skynet again playing up and not recognizing my usb devices i presume swap file gets corrupted for some unknown reason.
 
I had to restore my device to factory defaults and proceed from there, so for me is sorted as it works fine now. (That all happened when I upgraded to the latest version of Firmware).
Many thanks for the 'unbound_mangler' 'not guilty' verdict! :D
 
Evening All

Had time today so put unbound back on router and same problem it just stops NTP from working

I have reset the router and still cant get this to work

I instill it at the AMTM and it started working but as soon as I restart the router is broken and all my other programs fail to boot but will start after a little time but unbound will still stay broken

As soon as uninstall unbound NTP and all my programs startup no problem

https://1drv.ms/t/s!ApZr4PK0Md8XtUkFHrj_OnWi5Zh1?e=P1n1ec
 
Last edited:
Evening All

Had time today so put unbound back on router and same problem it just stops NTP form working
I have reset the router and still cant get this to work

I instill it at the AMTM and it started working but as soon as I restart the router is broken and all my other programs fail to boot but will start after a little time but unbound will still stay broken

https://1drv.ms/t/s!ApZr4PK0Md8XtUkFHrj_OnWi5Zh1?e=P1n1ec
What else is in dnsmasq.postconf script? rc seems to give up on waiting for a dnsmasq restart to finish. Do you have the "Wan: Use local caching DNS server as system resolver" setting on Tools menu enabled or disabled? Better to be disabled (No) in these situations.
Code:
May  5 06:05:48 rc_service: skip the event: restart_dnsmasq.
May  5 06:05:57 rc_service: skip the event: start_dnsmasq.
 
What else is in dnsmasq.postconf script? rc seems to give up on waiting for a dnsmasq restart to finish. Do you have the "Wan: Use local caching DNS server as system resolver" setting on Tools menu enabled or disabled? Better to be disabled (No) in these situations.
Code:
May  5 06:05:48 rc_service: skip the event: restart_dnsmasq.
May  5 06:05:57 rc_service: skip the event: start_dnsmasq.

Yep Wan: Use local caching DNS server as system resolver is set to No


dnsmasq.postconf

#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion
sh /jffs/addons/unbound/unbound.postconf "$1" # unbound_manager


dnsmasq.conf.add & profile.add

https://1drv.ms/u/s!ApZr4PK0Md8XtUqXZiyYdX0LPn8U?e=wlnhau
 
Last edited:
Yep Wan: Use local caching DNS server as system resolver is set to No


dnsmasq.postconf

#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion
sh /jffs/addons/unbound/unbound.postconf "$1" # unbound_manager


dnsmasq.conf.add & profile.add

https://1drv.ms/u/s!ApZr4PK0Md8XtUqXZiyYdX0LPn8U?e=wlnhau
Interesting that the logger message from /jffs/addons/unbound/unbound.postconf don't show up in your syslog file, despite several dnsmasq restarts in the log. It still shouldn't affect NTP because the router will use your WAN DNS servers to resolve the ntp server hostnames. This is the third report in a week of NTP issues on boot (not necessarily related to Unbound).
 
Evening All

Had time today so put unbound back on router and same problem it just stops NTP from working

I have reset the router and still cant get this to work

I instill it at the AMTM and it started working but as soon as I restart the router is broken and all my other programs fail to boot but will start after a little time but unbound will still stay broken

As soon as uninstall unbound NTP and all my programs startup no problem

https://1drv.ms/t/s!ApZr4PK0Md8XtUkFHrj_OnWi5Zh1?e=P1n1ec
Looks like the router did not manage to set its time....in time

LINE 852
Code:
May  5 06:05:17 S61unbound: Waiting for NTP to sync before starting Unbound...
May  5 06:05:17 haveged: haveged: ver: 1.9.8; arch: generic; vend: ; build: (gcc 8.3.0 CV); collect: 128K
May  5 06:05:17 haveged: haveged: cpu: (); data: 32K (P); inst: 32K (P); idx: 20/40; sz: 31368/64688
May  5 06:05:17 haveged: haveged: fills: 0, generated: 0
May  5 06:05:18 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
May  5 06:05:18 wan: finish adding multi routes

May  5 06:05:18 rc_service: udhcpc 1607:notify_rc stop_ntpd
May  5 06:05:18 rc_service: udhcpc 1607:notify_rc start_ntpd

May  5 06:05:18 rc_service: waitting "stop_ntpd" via udhcpc ...
May  5 06:05:18 custom_script: Running /jffs/scripts/service-event (args: stop ntpd)
May  5 06:05:18 ntpd: Stopped ntpd
May  5 06:05:19 custom_script: Running /jffs/scripts/service-event (args: start ntpd)

May  5 06:05:19 ntpd: Started ntpd
06:05:21 ntpMerlin: Sleeping for 5s to allow firewall/nat startup to be completed...
 06:06:17 Skynet: [*] Waiting For NTP To Sync
May  5 06:06:17 S61unbound: NTP failed to sync after 1 minute - please check immediately!

May  5 06:06:17 S77ntpd: Waiting for NTP to sync before starting...

May  5 06:06:27 rc_service: waitting "restart_dnsmasq" via  ...

May  5 06:06:27 S61unbound: NTP failed to sync after 1 minute - please check immediately!

20:54:41 ntpd: Initial clock set
Eventually the router set its time, and everything except S61unbound kicked into life...including S77ntpd!

I suspect if you kindly ask @Jack Yaz to update /opt/etc/init.d/S61unbound to replace its paltry 60 seconds with the same 300 second timeout he uses in his /opt/etc/init.d/S77ntpd script then the problem goes away?

In the interim, try manually editing S61unbound to wait 300 secs, then reboot
 
Looks like the router did not manage to set its time....in time

LINE 852
Code:
May  5 06:05:17 S61unbound: Waiting for NTP to sync before starting Unbound...
May  5 06:05:17 haveged: haveged: ver: 1.9.8; arch: generic; vend: ; build: (gcc 8.3.0 CV); collect: 128K
May  5 06:05:17 haveged: haveged: cpu: (); data: 32K (P); inst: 32K (P); idx: 20/40; sz: 31368/64688
May  5 06:05:17 haveged: haveged: fills: 0, generated: 0
May  5 06:05:18 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
May  5 06:05:18 wan: finish adding multi routes

May  5 06:05:18 rc_service: udhcpc 1607:notify_rc stop_ntpd
May  5 06:05:18 rc_service: udhcpc 1607:notify_rc start_ntpd

May  5 06:05:18 rc_service: waitting "stop_ntpd" via udhcpc ...
May  5 06:05:18 custom_script: Running /jffs/scripts/service-event (args: stop ntpd)
May  5 06:05:18 ntpd: Stopped ntpd
May  5 06:05:19 custom_script: Running /jffs/scripts/service-event (args: start ntpd)

May  5 06:05:19 ntpd: Started ntpd
06:05:21 ntpMerlin: Sleeping for 5s to allow firewall/nat startup to be completed...
 06:06:17 Skynet: [*] Waiting For NTP To Sync
May  5 06:06:17 S61unbound: NTP failed to sync after 1 minute - please check immediately!

May  5 06:06:17 S77ntpd: Waiting for NTP to sync before starting...

May  5 06:06:27 rc_service: waitting "restart_dnsmasq" via  ...

May  5 06:06:27 S61unbound: NTP failed to sync after 1 minute - please check immediately!

20:54:41 ntpd: Initial clock set
Eventually the router set its time, and everything except S61unbound kicked into life...including S77ntpd!

I suspect if you kindly ask @Jack Yaz to update /opt/etc/init.d/S61unbound to replace its paltry 60 seconds with the same 300 second timeout he uses in his /opt/etc/init.d/S77ntpd script then the problem goes away?

In the interim, try manually editing S61unbound to wait 300 secs, then reboot

Looks like that did the trick

https://1drv.ms/t/s!ApZr4PK0Md8XtUtJ8XFgp2PvboSD?e=gfVZBK
 
I don't know how increasing Unbound's wait for NTP to sync allows NTP to sync. What I see in the 2 different syslogs is that udhcpc restarts NTP before the WAN is up in the first syslog (premature) and after the WAN is up in the one above.

I'm glad it works, and I hope it's repeatable in the future, but I don't understand WHY it works in this case. :confused:
 
Looks like the router did not manage to set its time....in time

LINE 852
Code:
May  5 06:05:17 S61unbound: Waiting for NTP to sync before starting Unbound...
May  5 06:05:17 haveged: haveged: ver: 1.9.8; arch: generic; vend: ; build: (gcc 8.3.0 CV); collect: 128K
May  5 06:05:17 haveged: haveged: cpu: (); data: 32K (P); inst: 32K (P); idx: 20/40; sz: 31368/64688
May  5 06:05:17 haveged: haveged: fills: 0, generated: 0
May  5 06:05:18 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
May  5 06:05:18 wan: finish adding multi routes

May  5 06:05:18 rc_service: udhcpc 1607:notify_rc stop_ntpd
May  5 06:05:18 rc_service: udhcpc 1607:notify_rc start_ntpd

May  5 06:05:18 rc_service: waitting "stop_ntpd" via udhcpc ...
May  5 06:05:18 custom_script: Running /jffs/scripts/service-event (args: stop ntpd)
May  5 06:05:18 ntpd: Stopped ntpd
May  5 06:05:19 custom_script: Running /jffs/scripts/service-event (args: start ntpd)

May  5 06:05:19 ntpd: Started ntpd
06:05:21 ntpMerlin: Sleeping for 5s to allow firewall/nat startup to be completed...
 06:06:17 Skynet: [*] Waiting For NTP To Sync
May  5 06:06:17 S61unbound: NTP failed to sync after 1 minute - please check immediately!

May  5 06:06:17 S77ntpd: Waiting for NTP to sync before starting...

May  5 06:06:27 rc_service: waitting "restart_dnsmasq" via  ...

May  5 06:06:27 S61unbound: NTP failed to sync after 1 minute - please check immediately!

20:54:41 ntpd: Initial clock set
Eventually the router set its time, and everything except S61unbound kicked into life...including S77ntpd!

I suspect if you kindly ask @Jack Yaz to update /opt/etc/init.d/S61unbound to replace its paltry 60 seconds with the same 300 second timeout he uses in his /opt/etc/init.d/S77ntpd script then the problem goes away?

In the interim, try manually editing S61unbound to wait 300 secs, then reboot
https://github.com/jackyaz/Unbound-Asuswrt-Merlin/commit/951bbf9d604769d6c0928e87e3e0157eafdc74b6 done!
 
I don't know how increasing Unbound's wait for NTP to sync allows NTP to sync. What I see in the 2 different syslogs is that udhcpc restarts NTP before the WAN is up in the first syslog (premature) and after the WAN is up in the one above.

I'm glad it works, and I hope it's repeatable in the future, but I don't understand WHY it works in this case. :confused:
Time is often unpredictable...
 
I don't know how increasing Unbound's wait for NTP to sync allows NTP to sync.
It didn't - S61undound is a passive client/observer.
I don't understand WHY it works in this case. :confused:
Clearly S77ntpd also had to wait until ntpd sync'd with the default time servers, then eventually S77ntpd successfully took over the ntpd duties.
Case in point, two customers in the supermarket queue, neither has any active influence on when the tardy manager actually unlocks the doors after the expected opening time, but if one customer loses patience and walks off after a minute, but the other patiently waits 5 minutes....hmmm
 
I've uploaded v3.10

Version=3.10
Github md5=1071e00a2ea83501f75b6ed249b231bd

use 'u' to update when prompted on screen

Use of the 'i = Update unbound Installation' **Not required**

Code:
FIX:    'bind' command doesn't detect a valid Gateway IP for PPTP 'ppp0' interface
FIX:     logging status doesn't auto-disable' during initial install.
ADD:    's' command now displays cache stats by (if configured) thread (num-threads:) and discards the Average Summary.
ADD:    'ca min' command to set the cache size to 4M,4M,4M as shown below - interesting 17%/45% full!..wonder what happens if it reaches 100%?
ADD:    'adblock [update]'  command to request immediate execution of the Ad Block daily refresh/update cron job.
ADD:    'dnsmasq [disable]' command to allow ALL LAN Clients to use unbound as their Primary DNS server rather than dnsmasq.
         This may allow tweakers to play with 'num-threads'; i.e. DNS requests are no longer funnelled from only (single queue) dnsmasq.
         @Juched's reports may also be more informative.

NOTE: The new 'dnsmasq disable' command was personally useful and assisted in revealing which device was hammering DNS requests for 'ipid.shat.net'
So I was then able to manually add the domain to the Ad Block blockhosts; hence the use of the convenient new 'adblock update' command.
Code:
info: ipid.shat.net. always_nxdomain 10.88.8.120@3978 ipid.shat.net. A IN

Code:
    [✔] unbound Logging
    [✔] Ad and Tracker Blocking (No. of Adblock domains=64305,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED
    [✔] Unbound is the Primary DNS for ALL LAN Clients (dnsmaq DNS features DISABLED e.g. IPSET auto-populate)

    unbound Memory/Cache:

    'key-cache-size:'   4194304 (4.00 MB)
    'msg-cache-size:'   4194304 (4.00 MB)   17% used 729278 (712.19 KB)
    'rrset-cache-size:' 4194304 (4.00 MB)   45% used 1911190    (1.82 MB)

total.num.queries=35063             total.num.expired=1914              total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0  total.num.recursivereplies=2982     total.requestlist.current.all=0         msg.cache.count=3785
total.num.cachehits=32081           total.requestlist.avg=1.31234       total.requestlist.current.user=0        rrset.cache.count=9536
total.num.cachemiss=2982            total.requestlist.max=16            total.recursion.time.avg=0.409051       infra.cache.count=3031
total.num.prefetch=2544             total.requestlist.overwritten=0     total.recursion.time.median=0.073728    key.cache.count=471

Summary: Cache Hits success=91.00%
 
Last edited:
I've uploaded v3.10

Version=3.10
Github md5=5f505ae65042114a5ae9dc48471a9cbc

use 'u' to update when prompted on screen

Use of the 'i = Update unbound Installation' **Not required**

Code:
FIX:    'bind' command doesn't detect a valid Gateway IP for PPTP 'ppp0' interface
FIX:     logging status doesn't auto-disable' during initial install.
ADD:    's' command now displays cache stats by (if configured) thread (num-threads:) and discards the Average Summary.
ADD:    'ca min' command to set the cache size to 4M,4M,4M as shown below - interesting 17%/45% full!..wonder what happens if it reaches 100%?
ADD:    'adblock [update]'  command to request immediate execution of the Ad Block daily refresh/update cron job.
ADD:    'dnsmasq [disable]' command to allow ALL LAN Clients to use unbound as their Primary DNS server rather than dnsmasq.
         This may allow tweakers to play with 'num-threads'; i.e. DNS requests are no longer funnelled from only (single queue) dnsmasq.
         @Juched's reports may also be more informative.

NOTE: The new 'dnsmasq disable' command was personally useful and assisted in revealing which device was hammering DNS requests for 'ipid.shat.net'
So I was then able to manually add the domain to the Ad Block blockhosts; hence the use of the convenient new 'adblock update' command.
Code:
info: ipid.shat.net. always_nxdomain 10.88.8.120@3978 ipid.shat.net. A IN

Code:
    [✔] unbound Logging
    [✔] Ad and Tracker Blocking (No. of Adblock domains=64305,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED
    [✔] Unbound is the Primary DNS for ALL LAN Clients (dnsmaq DNS features DISABLED e.g. IPSET auto-populate)

    unbound Memory/Cache:

    'key-cache-size:'   4194304 (4.00 MB)
    'msg-cache-size:'   4194304 (4.00 MB)   17% used 729278 (712.19 KB)
    'rrset-cache-size:' 4194304 (4.00 MB)   45% used 1911190    (1.82 MB)

total.num.queries=35063             total.num.expired=1914              total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0  total.num.recursivereplies=2982     total.requestlist.current.all=0         msg.cache.count=3785
total.num.cachehits=32081           total.requestlist.avg=1.31234       total.requestlist.current.user=0        rrset.cache.count=9536
total.num.cachemiss=2982            total.requestlist.max=16            total.recursion.time.avg=0.409051       infra.cache.count=3031
total.num.prefetch=2544             total.requestlist.overwritten=0     total.recursion.time.median=0.073728    key.cache.count=471

Summary: Cache Hits success=91.00%
Nice work ... i see a hot fix sneak in there as i was playing with the dnsmasq command.

Will you be adding these commands to the menu.... i ran the dnsmasq command from advanced tools menu but i assume it can run directly from the advanced menu?
 
Code:
Converting dnsmasq local hosts to 'unbound'.....

Adding 'include: "/opt/share/unbound/configs/unbound.conf.addgui" to '/opt/var/lib/unbound/unbound.conf'
Adding 'include: "/opt/share/unbound/configs/unbound.conf.localhosts" to '/opt/var/lib/unbound/unbound.conf'
Restarting dnsmasq.....
Done.

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

 Shutting down unbound...              done.
 Starting unbound...              failed.

Checking status, please wait.....

    ***ERROR unbound went AWOL after 1 seconds.....

    Try option 'debug' and check for unbound.conf or runtime errors!
Code:
A:Option ==> debug


[1588673447] unbound[23245:0] notice: Start of unbound 1.10.0.
May 05 10:10:47 unbound[23245:0] error: can't bind socket: Address already in use for 0.0.0.0 port 53
May 05 10:10:47 unbound[23245:0] fatal error: could not open ports

Something went wonky here..... dnsmasq enable recovered the old setup
 
when dnsmasq disabled then no diversion as I understand?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top