What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I did "dnsmasq disable" and chose do use Ad-blocking.
Now I can't SSH into my router anymore. putty window is black and then says it's time out.
Any suggestions?

Edit:
I managed to SSH into my router with my android phone.

Edit2:
After rebooting my PC, I also could SSH into my router again.

Edit3:
I see a lot of these "some IP.in-addr.arpa." entries in logging:
What are these?
Code:
Jun 21 21:44:44 unbound[25028:0] query: 127.0.0.1 assets.orf.at. A IN
Jun 21 21:44:44 unbound[25028:0] reply: 127.0.0.1 assets.orf.at. A IN NOERROR 0.000000 1 177
Jun 21 21:44:45 unbound[25028:0] query: 127.0.0.1 182.104.232.194.in-addr.arpa. PTR IN
Jun 21 21:44:45 unbound[25028:0] reply: 127.0.0.1 182.104.232.194.in-addr.arpa. PTR IN NOERROR 0.055811 0 71
Jun 21 21:44:56 unbound[25028:0] query: 127.0.0.1 g.static.mega.co.nz. A IN
Jun 21 21:44:56 unbound[25028:0] reply: 127.0.0.1 g.static.mega.co.nz. A IN NOERROR 0.000000 1 118
Jun 21 21:44:58 unbound[25028:0] query: 127.0.0.1 11.148.216.31.in-addr.arpa. PTR IN
Jun 21 21:44:58 unbound[25028:0] reply: 127.0.0.1 11.148.216.31.in-addr.arpa. PTR IN NXDOMAIN 0.062147 0 104
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 prod-tp.sumo.mozit.cloud. A IN
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 prod-tp.sumo.mozit.cloud. A IN NOERROR 0.000000 1 74
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 prod-tp.sumo.mozit.cloud. AAAA IN
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 prod-tp.sumo.mozit.cloud. AAAA IN NOERROR 0.000000 1 127
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 42.244.33.13.in-addr.arpa. PTR IN
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 12.244.33.13.in-addr.arpa. PTR IN
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 42.244.33.13.in-addr.arpa. PTR IN NOERROR 0.080452 0 99
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 12.244.33.13.in-addr.arpa. PTR IN NOERROR 0.073283 0 99
 
Last edited:
I'm using unbound (with dnsmasq) since its release on the forum. I keep it up-to-date with both @Martineau and Entware's developments.
Until a while ago it ran for several days/weeks without issues.
Over the past few days I see that it resets itself every few hours - the equivalent of
Code:
rs nocache
After that it rebuilds the cache quite fast and works well; for a few hours.
I tried to compare the reset time with running cron jobs - not even close. Sometimes it happens at night when the network is as idle as it gets. Also, tried disabling the VPN client - no change.
Here is my configuration:
Code:
 Router Configuration recommended pre-reqs status:

        [✔] Swapfile=1048572 kB
        [✔] DNS Filter=ON
        [✔] DNS Filter=ROUTER
        [✔] WAN: Use local caching DNS server as system resolver=NO
        [✔] Enable local NTP server=YES
        [✔] Enable DNS Rebind protection=NO
        [✔] Enable DNSSEC support=NO

        Options: Auto Reply='y' for User Selectable Options ('3 4') Ad Block,Performance Tweaks

        [✔] Ad and Tracker Blocking (No. of Adblock domains=56921,Blocked Hosts=1,Allowlist=19)
        [✔] unbound CPU/Memory Performance tweaks
        [✔] Router Graphical GUI statistics TAB installed
        [✔] unbound-control FAST response ENABLED
        [✔] unbound requests via VPN Client 3 (10.37.10.6) tunnel ENABLED
        [✔] YouTube Ad Blocking (Forcing to use YT IP 173.194.185.200, No. of YouTube Video Ad domains=138)
Any suggestions on troubleshooting steps?
 
I'm using unbound (with dnsmasq) since its release on the forum. I keep it up-to-date with both @Martineau and Entware's developments.
Until a while ago it ran for several days/weeks without issues.
Over the past few days I see that it resets itself every few hours - the equivalent of
Code:
rs nocache
After that it rebuilds the cache quite fast and works well; for a few hours.
I tried to compare the reset time with running cron jobs - not even close. Sometimes it happens at night when the network is as idle as it gets. Also, tried disabling the VPN client - no change.
Here is my configuration:
Code:
 Router Configuration recommended pre-reqs status:

        [✔] Swapfile=1048572 kB
        [✔] DNS Filter=ON
        [✔] DNS Filter=ROUTER
        [✔] WAN: Use local caching DNS server as system resolver=NO
        [✔] Enable local NTP server=YES
        [✔] Enable DNS Rebind protection=NO
        [✔] Enable DNSSEC support=NO

        Options: Auto Reply='y' for User Selectable Options ('3 4') Ad Block,Performance Tweaks

        [✔] Ad and Tracker Blocking (No. of Adblock domains=56921,Blocked Hosts=1,Allowlist=19)
        [✔] unbound CPU/Memory Performance tweaks
        [✔] Router Graphical GUI statistics TAB installed
        [✔] unbound-control FAST response ENABLED
        [✔] unbound requests via VPN Client 3 (10.37.10.6) tunnel ENABLED
        [✔] YouTube Ad Blocking (Forcing to use YT IP 173.194.185.200, No. of YouTube Video Ad domains=138)
Any suggestions on troubleshooting steps?
If its just been happening over the last few days there is the possibility its due to vunerabilities in unbound which have been recently patched.... if your unbound isn't at version 1.10.1 then you should upgrade it via entware.

If your Unbound is the latest and greatest , can you share any syslog or unbound logs that may help figure this out?
 
Must to admire
:D;)
Screenshot_20200624-042305.jpg
 
If its just been happening over the last few days there is the possibility its due to vunerabilities in unbound which have been recently patched.... if your unbound isn't at version 1.10.1 then you should upgrade it via entware.

If your Unbound is the latest and greatest , can you share any syslog or unbound logs that may help figure this out?
Here, here:
Code:
unbound (pid 31597) is running... uptime: 0 Days, 06:46:09 version: 1.10.1 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Tue Jun 23 12:23:53 EDT 2020)

Code:
Jun 23 12:23:49 RT-AC86U (unbound_manager.sh): 31157 unbound requests via VPN Client 3 (10.37.10.6) tunnel ENABLED
Jun 23 12:23:52 RT-AC86U unbound: [31858:0] query: 127.0.0.1 api.amplitude.com. A IN
Jun 23 12:23:52 RT-AC86U (unbound_manager.sh): 31157 unbound cache SAVED to '/opt/share/unbound/configs/cache.txt' - BEWARE, file will be DELETED on first RELOAD 2020-06-23 12:23:52
Jun 23 12:23:52 RT-AC86U S61unbound: restart Unbound DNS server  /opt/etc/init.d/S61unbound
Jun 23 12:23:52 RT-AC86U unbound: [31858:0] info: service stopped (unbound 1.10.1).
Jun 23 12:23:54 RT-AC86U unbound: [31597:0] info: start of service (unbound 1.10.1).
Jun 23 12:23:54 RT-AC86U unbound: [31597:0] query: 127.0.0.1 conversions.appsflyer.com. A IN
Jun 23 12:23:54 RT-AC86U unbound: [31597:0] query: 127.0.0.1 api.amplitude.com. A IN
Jun 23 12:23:56 RT-AC86U (unbound_manager.sh): 31157 unbound cache RESTORED from '/opt/share/unbound/configs/cache.txt' (2020-06-23 12:23:52)
Jun 23 12:23:56 RT-AC86U unbound: [31597:0] query: 127.0.0.1 api.amplitude.com. A IN

...nothing gets restored from '/opt/share/unbound/configs/cache.txt' - it all starts from zero and builds up pretty fast.
 
Is it possible to implement some ip addresses (192.168.1.107-108) from other dns servers on DOT which contains the parental control?
 
Finally got around to playing with dnsmasq disable command. Not quite sure about having a one time import, but will see.

I do have some entires that look like this:
85511 xx:xx:xx:xx:xx:xx 192.168.x.xxx * *


These end up creating a *.<domain> mapping inside unbound. Anyone else see that?
 
I see a lot of these "some IP.in-addr.arpa." entries in logging:

What are these?
Code:
Jun 21 21:44:44 unbound[25028:0] query: 127.0.0.1 assets.orf.at. A IN
Jun 21 21:44:44 unbound[25028:0] reply: 127.0.0.1 assets.orf.at. A IN NOERROR 0.000000 1 177
Jun 21 21:44:45 unbound[25028:0] query: 127.0.0.1 182.104.232.194.in-addr.arpa. PTR IN
Jun 21 21:44:45 unbound[25028:0] reply: 127.0.0.1 182.104.232.194.in-addr.arpa. PTR IN NOERROR 0.055811 0 71
Jun 21 21:44:56 unbound[25028:0] query: 127.0.0.1 g.static.mega.co.nz. A IN
Jun 21 21:44:56 unbound[25028:0] reply: 127.0.0.1 g.static.mega.co.nz. A IN NOERROR 0.000000 1 118
Jun 21 21:44:58 unbound[25028:0] query: 127.0.0.1 11.148.216.31.in-addr.arpa. PTR IN
Jun 21 21:44:58 unbound[25028:0] reply: 127.0.0.1 11.148.216.31.in-addr.arpa. PTR IN NXDOMAIN 0.062147 0 104
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 prod-tp.sumo.mozit.cloud. A IN
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 prod-tp.sumo.mozit.cloud. A IN NOERROR 0.000000 1 74
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 prod-tp.sumo.mozit.cloud. AAAA IN
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 prod-tp.sumo.mozit.cloud. AAAA IN NOERROR 0.000000 1 127
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 42.244.33.13.in-addr.arpa. PTR IN
Jun 21 21:46:05 unbound[25028:0] query: 127.0.0.1 12.244.33.13.in-addr.arpa. PTR IN
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 42.244.33.13.in-addr.arpa. PTR IN NOERROR 0.080452 0 99
Jun 21 21:46:05 unbound[25028:0] reply: 127.0.0.1 12.244.33.13.in-addr.arpa. PTR IN NOERROR 0.073283 0 99

Reverse Lookup requests.

A device on the LAN is requesting the associated DNS name for the IP target adddress.
 
During install I found this warning: duplicate local-zone:
Code:
Checking IPv6.....
Customising unbound configuration Options:
Adding 'include: "/opt/share/unbound/configs/unbound.conf.localhosts" to '/opt/var/lib/unbound/unbound.conf'

Do you want to ENABLE unbound logging? (NO recommended)

        Reply 'y' or press ENTER  to skip

[1593622423] unbound-checkconf[16595:0] warning: duplicate local-zone 0.0.0.0.?A?0.0.0.0.
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

Do you want to optimise Performance/Memory parameters? (YES recommended)

        Reply 'y' or press [Enter]  to skip
y
How can I resolve this?

Edit:
And this?
Code:
Jul 01 18:53:47 unbound[16712:0] notice: init module 1: validator
Jul 01 18:53:47 unbound[16712:0] notice: init module 2: iterator
Jul 01 18:53:47 unbound[16712:0] info: start of service (unbound 1.10.1).
Jul 01 18:53:48 unbound[16712:0] info: generate keytag query _ta-4f66. NULL IN
Jul 01 18:53:53 unbound_manager: '--':  =================================================================================== Auto-Stopped Post-Install
Jul 01 19:04:18 unbound[16712:0] error: SERVFAIL <addgadgets.com. A IN>: all servers for this domain failed, at zone addgadgets.com.
Jul 01 19:05:35 unbound[16712:0] error: SERVFAIL <addgadgets.com. A IN>: all servers for this domain failed, at zone addgadgets.com.
Jul 01 19:14:00 unbound[16712:0] error: SERVFAIL <addgadgets.com. A IN>: all servers for this domain failed, at zone addgadgets.com.
Jul 01 19:15:47 unbound[16712:0] error: SERVFAIL <addgadgets.com. A IN>: all servers for this domain failed, at zone addgadgets.com.
Jul 01 19:20:21 unbound_manager: 'lo':  =================================================================================== Started Loglevel=1
 
Last edited:
During install I found this warning: duplicate local-zone:
Code:
Adding 'include: "/opt/share/unbound/configs/unbound.conf.localhosts" to '/opt/var/lib/unbound/unbound.conf'

[1593622423] unbound-checkconf[16595:0] warning: duplicate local-zone 0.0.0.0.?A?0.0.0.0.
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
How can I resolve this?
Did you previously use the 'dnsmasq disable' command?, i.e. the conversion possibly encountered/created an invalid directive.

You can either rename '/opt/share/unbound/configs/unbound.conf.localhosts' or use option '2/z' to completely uninstall unbound (including '/opt/share/unbound/configs/') ; then reinstall.
And this?
Code:
Jul 01 19:04:18 unbound[16712:0] error: SERVFAIL <addgadgets.com. A IN>: all servers for this domain failed, at zone addgadgets.com.
You can either use
Code:
dig +trace addgadgets.com

dig addgadgets.com SOA

dig addgadgets.com NS
or unbound_manager to generate a clickable URL to generate a detailed graphical report of the failure.
Code:
[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]

A:Option ==> dnssec addgadgets.com

Click https://dnsviz.net/d/addgadgets.com/dnssec/ to view DNSSEC Authentication Chain
to prove that that the SERVFAIL answer tells you there's an issue reaching the DNS server for that domain, or that it isn't set up properly.
 
Last edited:
Gents got unbound issues again, after updating entware, different message, same loop (can’t uninstall/reinstall)
Please advise?
/opt/var/lib/unbound/unbound.conf:142: error: cannot open include file '/opt/var/lib/unbound/adblock/adservers': No such file or directory
read /opt/var/lib/unbound/unbound.conf failed: 1 errors in configuration file

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

or 'e' exit; then issue debug command

unbound -dv
 
Gents got unbound issues again, after updating entware, different message, same loop (can’t uninstall/reinstall)
Please advise?
Can you not access the menu to issue the '2/z' command to uninstall unbound?

If not try
Code:
sh /jffs/addons/unbound/unbound_manager.sh uninstall
then retry the unbound install.
 
Gents got unbound issues again, after updating entware, different message, same loop (can’t uninstall/reinstall)
Please advise?
Had the same issue, but it's easy to fix, just uninstall the adserver in cli-menu and everything is good again or comment it in the unbound.conf, but it's easier to uninstall the adserver. The issue appears because adserver is enabled by default.
 
Last edited:
After reinstalling Unbound with DNSmasq running I still don't see any stats going.

Code:
 unbound (pid 15613) is running... uptime: 0 Days, 00:05:59 version: 1.10.1 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Sun Jul 5 13:06:53 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound log entries (lo=Enable FULL Logging [log_level])
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.10.1:80/user2.asp)

e  = Exit Script [?]

A:Option ==> s

total.num.queries=0                     total.requestlist.avg=0                 total.recursion.time.median=0
total.num.queries_ip_ratelimited=0      total.requestlist.max=0                 total.tcpusage=0
total.num.cachehits=0                   total.requestlist.overwritten=0         msg.cache.count=0
total.num.cachemiss=0                   total.requestlist.exceeded=0            rrset.cache.count=0
total.num.prefetch=0                    total.requestlist.current.all=0         infra.cache.count=0
total.num.expired=0                     total.requestlist.current.user=0        key.cache.count=0
total.num.recursivereplies=0            total.recursion.time.avg=0.000000

Summary: Cache Hits success=0.00%

So I tried the test proposed some pages before and as you see, after starting Unbound, the lines stopped before tha LAST line as posted by @Martineau

Code:
keytruda@RT-AC68U_WHITE-FFE8:/tmp/home/root# unbound -dd -v
[1593947421] unbound[15613:0] notice: Start of unbound 1.10.1.
Jul 05 11:10:23 unbound[15613:0] notice: init module 0: respip
Jul 05 11:10:23 unbound[15613:0] notice: init module 1: validator
Jul 05 11:10:23 unbound[15613:0] notice: init module 2: iterator
Jul 05 11:10:23 unbound[15613:0] info: start of service (unbound 1.10.1).

Unboud installed with default .conf file. More in the ipleak test page I see the DNS address of Quad9 as it is specified in the WAN page. So what I'm missing?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top