What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Am considering the best way to handle this. I see two options:

  1. Add to existing blacklist, and add code to strip out unbound "local-zone:" and "always_nxdomain" directives. Then handle with existing code to merge into one list and create unbound commands.
  2. create a separate "zonesites" file which allows you to add .ZONE files in unbound format, without touching the file. This would allow other sorts of unbound commands and files to be used (not just NX-DOMAIN items.

Looking for input.
Well I hacked option 1 here :p because they are 'NXDOMAIN' but I suppose option 2 offers more flexibility, although not sure what other sorts of 'unbound commands and files' you mean?
 
Hello all,

In need of some guidance/advice. All was working wonderfully (Full install, w/adblock, firewall and YTblocker).....launched advanced manager and saw config errors (looked as if it was root.key etc). Uninstalled unbound....tried to re-install (manager loads fine) but has now run into the following:

Code:
A:Option ==> 1

   Router Configuration recommended pre-reqs status:

   [✔] Swapfile=1048572 kB
   [✔] DNS Filter=ON
   [✔] DNS Filter=ROUTER
   [✔] WAN: Use local caching DNS server as system resolver=NO
   [✔] Enable local NTP server=YES
   [✔] Enable DNS Rebind protection=NO
   [✔] Enable DNSSEC support=NO

   Options: unbound ONLY install - No User Selectable options will be configured


INSTALLing unbound
Entware package list successfully updated
Installing unbound-checkconf (1.10.0-2) to root...
Installing unbound-control-setup (1.10.0-2) to root...
Installing unbound-control (1.10.0-2) to root...
Installing unbound-anchor (1.10.0-2) to root...
Installing unbound-daemon (1.10.0-2) to root...
Collected errors:
 * verify_pkg_installable: Only have 0kb available on filesystem /opt, pkg unbound-checkconf needs 46
 * opkg_install_cmd: Cannot install package unbound-checkconf.
 * verify_pkg_installable: Only have 0kb available on filesystem /opt, pkg unbound-control-setup needs 3
 * opkg_install_cmd: Cannot install package unbound-control-setup.
 * verify_pkg_installable: Only have 0kb available on filesystem /opt, pkg unbound-control needs 49
 * opkg_install_cmd: Cannot install package unbound-control.
 * verify_pkg_installable: Only have 0kb available on filesystem /opt, pkg unbound-anchor needs 26
 * opkg_install_cmd: Cannot install package unbound-anchor.
 * verify_pkg_installable: Only have 0kb available on filesystem /opt, pkg unbound-daemon needs 104
 * opkg_install_cmd: Cannot install package unbound-daemon.


   ***ERROR occurred installing unbound

Any advice? Am i understanding correctly that a disk is full? I have a 2GB USB which I thought was half empty but it turns out that it looks full. The only difference over the last few days is the install of the YT blocker.....are there files/logs that I can search to purge since I would expect that's the first place to start.....thanks in advance....
 
Am considering the best way to handle this. I see two options:

  1. Add to existing blacklist, and add code to strip out unbound "local-zone:" and "always_nxdomain" directives. Then handle with existing code to merge into one list and create unbound commands.
  2. create a separate "zonesites" file which allows you to add .ZONE files in unbound format, without touching the file. This would allow other sorts of unbound commands and files to be used (not just NX-DOMAIN items.

Looking for input.
Option 2 looks to be more flexible and gets my vote.
 
Any advice? Am i understanding correctly that a disk is full? I have a 2GB USB which I thought was half empty but it turns out that it looks full. The only difference over the last few days is the install of the YT blocker.....are there files/logs that I can search to purge since I would expect that's the first place to start.....thanks in advance....
Yes, it sounds like the drive is full. Check if there is a /opt/var/lib/unbound/unbound.log file and if so, how large it is.
Code:
ls -l /opt/var/lib/unbound/unbound.log
2 GB is nearly unusable with Skynet's swapfile requirements these days.
 
Yes, it sounds like the drive is full. Check if there is a /opt/var/lib/unbound/unbound.log file and if so, how large it is.
Code:
ls -l /opt/var/lib/unbound/unbound.log
2 GB is nearly unusable with Skynet's swapfile requirements these days.

Thanks as always @dave14305 .....I just blew it all up and re-did it. I needed to flash to .17 anyhow so this gave me a reason to upsize the USB to an 8GB anyhow. Re-installing everything as we speak! I did take the Skynet recommended 2GB swap though....didn't think I needed anything larger than that! Do i?
 
Thanks as always @dave14305 .....I just blew it all up and re-did it. I needed to flash to .17 anyhow so this gave me a reason to upsize the USB to an 8GB anyhow. Re-installing everything as we speak! I did take the Skynet recommended 2GB swap though....didn't think I needed anything larger than that! Do i?
It should be enough. I only use 1GB, and was even happy with 256MB before.
 
Well I hacked option 1 here :p because they are 'NXDOMAIN' but I suppose option 2 offers more flexibility, although not sure what other sorts of 'unbound commands and files' you mean?

The commands (or types as they all it) are things like static, transparent, redirect. I could imagine people wanting to import .zone files from URLs which include other commands than just always_nxdomain.

I see what you did in pastebin, wasn't thinking anything that complex, just changing the curl command to filter the file just down to domains and keep one big adserver file.
 
The commands (or types as they all it) are things like static, transparent, redirect. I could imagine people wanting to import .zone files from URLs which include other commands than just always_nxdomain.

I see what you did in pastebin, wasn't thinking anything that complex, just changing the curl command to filter the file just down to domains and keep one big adserver file.
I wouldn't say it was complicated.

I wanted to be able to differentiate between the '.zone' files i.e. with the inclusion of two additional '.zone' files
Code:
Removing required hosts from list...
Removing unnecessary formatting from the domain list...
Generating Unbound adservers file...
(gen_adblock.sh): 30625 Number of zoned hosts: 21316

(gen_adblock.sh): 30625 Number of New Unique zones: 9133

(gen_adblock.sh): 30625 Number of adblocked hosts: 22705

Generating Unbound unload/load lists...
Loading/Unload Unbound local-zones to take effect...
removed 85818 zones
added 31838 zones
...I can see that combined they have 21316 domains, of which 9133 are not currently in the Steven Black 22705 list.

If the figure of 9133 remains static, then that may further the case for removing the two '.zone' lists as this may indicate that they are stale i.e. no longer maintained etc.
 
I am not sure if this thread is the best place to share my feedback on the youtube adblocker, and I can move to the correct place if necessary.
I have noticed that the banner ads are blocked, but I am not sure if that is from the adblocker script or youtube adblocker, but still seeing somehow a consistency on the ads that play before and between videos.
You can use this playlist for example: it always play 2 ads before the first video and normal ads between videos.
 
@Martineau
My modem from isp is in bridge mode and pppoe dialed from ac88u and all working fine, till i bind wan , binding wan leaves everything unresolved, removing bind makes unbound work again, is this behavior OK? In this setup bind is not recommended? Than which setups are recommended for bind to work?
 
@Martineau
My modem from isp is in bridge mode and pppoe dialed from ac88u and all working fine, till i bind wan , binding wan leaves everything unresolved, removing bind makes unbound work again, is this behavior OK? In this setup bind is not recommended? Than which setups are recommended for bind to work?
Failure to bind to ppp0 interface was reported back on 1st May here by @joe scian

Originally I had not taken into account PPPoE users, but I applied a patch on 5th May see Release v3.10, so not having any feedback from the OP I assumed it was resolved.

Perhaps the PPPoE gateway IP address a chose shouldn't be the one to use?:rolleyes:
 
Failure to bind to ppp0 interface was reported back on 1st May here by @joe scian

Originally I had not taken into account PPPoE users, but I applied a patch on 5th May see Release v3.10, so not having any feedback from the OP I assumed it was resolved.

Perhaps the PPPoE gateway IP address a chose shouldn't be the one to use?:rolleyes:
Exactly, it binds with gateway, and as soon as it binds , it stops working, though I'm thoroughly enjoying it without binding, i can provide you with your required logs if you give me commands as per your ease
I hope it can be resolved for pppoe users as well
Thanks
 
Exactly, it binds with gateway, and as soon as it binds , it stops working, though I'm thoroughly enjoying it without binding, i can provide you with your required logs if you give me commands as per your ease
I hope it can be resolved for pppoe users as well
Thanks
If you have time, could you please try the PPPoE test v3.12x script from the GitHub dev branch
Code:
e  = Exit Script [?]

A:Option ==> uf dev

    unbound_manager.sh downloaded successfully Github 'dev/development' branch

unbound Manager UPDATE Complete! 4a207524e455366859549c3cce137e95
 
I am not sure if this thread is the best place to share my feedback on the youtube adblocker, and I can move to the correct place if necessary.
I have noticed that the banner ads are blocked, but I am not sure if that is from the adblocker script or youtube adblocker, but still seeing somehow a consistency on the ads that play before and between videos.
You can use this playlist for example: it always play 2 ads before the first video and normal ads between videos.

How long have you been running the blocker? It reduces ads overtime and sometimes some will come in based on a new domain being used. But I tested the playlist you sent and no ads originally and after a couple videos I did see one.

This YT Adblock is really only for the pre-roll videos. Not the overlays.
 
If you have time, could you please try the PPPoE test v3.12x script from the GitHub dev branch
Code:
e  = Exit Script [?]

A:Option ==> uf dev

    unbound_manager.sh downloaded successfully Github 'dev/development' branch

unbound Manager UPDATE Complete! 4a207524e455366859549c3cce137e95
Code:
Do you want to force BIND unbound requests via 'WAN'?

        Reply 'y' or press [Enter]  to skip
y
grep: invalid option -- P
BusyBox v1.25.1 (2020-04-25 22:26:31 EDT) multi-call binary.
Usage: grep [-HhnlLoqvsriwFE] [-m N] [-A/B/C N] PATTERN/-e PATTERN.../-f FILE [FILE]...

Search for PATTERN in FILEs (or stdin)

        -H      Add 'filename:' prefix
        -h      Do not add 'filename:' prefix
        -n      Add 'line_no:' prefix
        -l      Show only names of files that match
        -L      Show only names of files that don't match
        -c      Show only count of matching lines
        -o      Show only the matching part of line
        -q      Quiet. Return 0 if PATTERN is found, 1 otherwise
        -v      Select non-matching lines
        -s      Suppress open and read errors
        -r      Recurse
        -i      Ignore case
        -w      Match whole words only
        -x      Match whole lines only
        -F      PATTERN is a literal (not regexp)
        -E      PATTERN is an extended regexp
        -m N    Match up to N times per file
        -A N    Print N lines of trailing context
        -B N    Print N lines of leading context
        -C N    Same as '-A N -B N'
        -e PTRN Pattern to match
        -f FILE Read pattern from file


        ***ERROR unbound request force BIND via WAN () 'ppp0'  ABORTED!

03:36:26 Checking 'unbound.conf' for syntax errors.....
03:36:26 Saving unbound cache to '/opt/share/unbound/configs/cache.txt'
03:36:26 Requesting unbound (S61unbound) restart.....
 Shutting down unbound...              done.
 Starting unbound...              done.
03:36:29 Checking status, please wait.....
03:36:32 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2020-05-15 03:36:26)
03:36:33 unbound OK



unbound (pid 12304) is running... uptime: 0 Days, 00:00:05 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Fri May 15 03:36:29 GMT 2020)

u = Update (Minor Hotfix) unbound_manager v3.12x -> v3.12

i  = Update unbound and configuration ('/opt/var/lib/unbound/')             l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                        v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
x  = Stop unbound                                          vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
                                                           rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                   oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                    s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats)
                                                           adblock = Install Ad Block [uninstall | update | track]
                                                           youtube = Install YouTube Ad Block [uninstall | update]
Stubby = Enable Stubby Integration                         DoT = Enable DNS-over-TLS
                                                           firewall = Enable DNS Firewall [disable | ?]
bind = BIND unbound to WAN [debug | disable | debug show]  vpn = BIND unbound to VPN {vpnid [debug]} | [disable | debug show] e.g. vpn 1

scribe = Enable scribe (syslog-ng) unbound logging         ad = Analyse Diversion White/Black lists ([ file_name [type=adblock] ])
dnsmasq = Disable dnsmasq [disable] (no arg reinstates dnsmasq)
dumpcache = [bootrest] (or Manually use restorecache after REBOOT)  ca = Cache Size Optimisation [ min | calc ]

dig = {domain} [time] Show dig info e.g. dig asciiart.com  lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu
dnsinfo = {dns} Show DNS Server e.g. dnsinfo               dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links


e  = Exit Script [?]

[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]
Tried with x version from dev branch, also update Configuration and fresh conf file, here's the outcome
 
Code:
Do you want to force BIND unbound requests via 'WAN'?

        Reply 'y' or press [Enter]  to skip
y
grep: invalid option -- P
BusyBox v1.25.1 (2020-04-25 22:26:31 EDT) multi-call binary.
Usage: grep [-HhnlLoqvsriwFE] [-m N] [-A/B/C N] PATTERN/-e PATTERN.../-f FILE [FILE]...

Search for PATTERN in FILEs (or stdin)

        -H      Add 'filename:' prefix
        -h      Do not add 'filename:' prefix
        -n      Add 'line_no:' prefix
        -l      Show only names of files that match
        -L      Show only names of files that don't match
        -c      Show only count of matching lines
        -o      Show only the matching part of line
        -q      Quiet. Return 0 if PATTERN is found, 1 otherwise
        -v      Select non-matching lines
        -s      Suppress open and read errors
        -r      Recurse
        -i      Ignore case
        -w      Match whole words only
        -x      Match whole lines only
        -F      PATTERN is a literal (not regexp)
        -E      PATTERN is an extended regexp
        -m N    Match up to N times per file
        -A N    Print N lines of trailing context
        -B N    Print N lines of leading context
        -C N    Same as '-A N -B N'
        -e PTRN Pattern to match
        -f FILE Read pattern from file


        ***ERROR unbound request force BIND via WAN () 'ppp0'  ABORTED!

03:36:26 Checking 'unbound.conf' for syntax errors.....
03:36:26 Saving unbound cache to '/opt/share/unbound/configs/cache.txt'
03:36:26 Requesting unbound (S61unbound) restart.....
 Shutting down unbound...              done.
 Starting unbound...              done.
03:36:29 Checking status, please wait.....
03:36:32 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2020-05-15 03:36:26)
03:36:33 unbound OK



unbound (pid 12304) is running... uptime: 0 Days, 00:00:05 version: 1.10.0 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Fri May 15 03:36:29 GMT 2020)

u = Update (Minor Hotfix) unbound_manager v3.12x -> v3.12

i  = Update unbound and configuration ('/opt/var/lib/unbound/')             l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                        v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
x  = Stop unbound                                          vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
                                                           rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                   oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                    s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats)
                                                           adblock = Install Ad Block [uninstall | update | track]
                                                           youtube = Install YouTube Ad Block [uninstall | update]
Stubby = Enable Stubby Integration                         DoT = Enable DNS-over-TLS
                                                           firewall = Enable DNS Firewall [disable | ?]
bind = BIND unbound to WAN [debug | disable | debug show]  vpn = BIND unbound to VPN {vpnid [debug]} | [disable | debug show] e.g. vpn 1

scribe = Enable scribe (syslog-ng) unbound logging         ad = Analyse Diversion White/Black lists ([ file_name [type=adblock] ])
dnsmasq = Disable dnsmasq [disable] (no arg reinstates dnsmasq)
dumpcache = [bootrest] (or Manually use restorecache after REBOOT)  ca = Cache Size Optimisation [ min | calc ]

dig = {domain} [time] Show dig info e.g. dig asciiart.com  lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu
dnsinfo = {dns} Show DNS Server e.g. dnsinfo               dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links


e  = Exit Script [?]

[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]
Tried with x version from dev branch, also update Configuration and fresh conf file, here's the outcome
:oops::oops::oops:You mean you don't have the Entware version of grep?
Code:
grep -V

grep (GNU grep) 3.4
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law
Code:
grep -Po '(\d+\.){3}\d+'
Abject apologies, I should stick with with old-skool grep for backwards compatibility
Code:
grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'
Can you please try again?...I've uploaded a revised version to Github dev branch.
Code:
e  = Exit Script [?]

A:Option ==> uf dev

 unbound_manager.sh downloaded successfully Github 'dev/development' branch

unbound Manager UPDATE Complete! 4a207524e455366859549c3cce137e95
 
Pushed an update for the Adblock and YouTube Adblock scripts.

- Added command to YT script "force_newip" to pick a new IP from the DNS cache and update the YT file. This is a proactive command in case the IP you use stops working, running this command will update and after DNS caches time out the new IP is used. I haven't needed this yet, but thinking ahead.
- Added support for .zone files for blocksites and allowsites lists.

Enjoy.
 
:oops::oops::oops:You mean you don't have the Entware version of grep?
Code:
grep -V

grep (GNU grep) 3.4
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law
Code:
grep -Po '(\d+\.){3}\d+'
Abject apologies, I should stick with with old-skool grep for backwards compatibility
Code:
grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'
Can you please try again?...I've uploaded a revised version to Github dev branch.
Code:
e  = Exit Script [?]

A:Option ==> uf dev

 unbound_manager.sh downloaded successfully Github 'dev/development' branch

unbound Manager UPDATE Complete! 4a207524e455366859549c3cce137e95
Works perfectly fine now
Thanks, hope we can get it in next normal release as well other than dev branch
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top