Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[immi803]

Would you please share your config?

Default Conf.

 

[dave14305]

More in the ipleak test page I see the DNS address of Quad9 as it is specified in the WAN page. So what I'm missing?

Try to restart dnsmasq. Seems like the postconf script hasn’t taken effect yet.

service restart_dnsmasq

 

[ARKASHA]

Try to restart dnsmasq. Seems like the postconf script hasn’t taken effect yet.

service restart_dnsmasq

Dnsmasq restart done but still same message at unbound restart.

Inviato dal mio ONEPLUS A6003 utilizzando Tapatalk

 

[dave14305]

Dnsmasq restart done but still same message at unbound restart.

Inviato dal mio ONEPLUS A6003 utilizzando Tapatalk

There’s nothing wrong with Unbound starting based on the log. Check your /jffs/scripts/dnsmasq.postconf for the unbound.postconf line. If it’s not there, try reinstalling or force updating unbound_manager.

 

[ARKASHA]

There’s nothing wrong with Unbound starting based on the log. Check your /jffs/scripts/dnsmasq.postconf for the unbound.postconf line. If it’s not there, try reinstalling or force updating unbound_manager.

Is this line correct?

sh /jffs/addons/unbound/unbound.postconf "$1"        # unbound_manager

 

[dave14305]

Is this line correct?

sh /jffs/addons/unbound/unbound.postconf "$1"        # unbound_manager

Yes, so maybe I missed your problem. Is unbound running?

unbound-control status

 

[ARKASHA]

Yes, so maybe I missed your problem. Is unbound running?

unbound-control status

Yes

ASUSWRT-Merlin RT-AC68U 384.18_0 Sun Jun 28 17:57:07 UTC 2020
keytruda@RT-AC68U_WHITE-FFE8:/tmp/home/root# unbound-control status
version: 1.10.1
verbosity: 0
threads: 1
modules: 3 [ respip validator iterator ]
uptime: 6361 seconds
options: control
unbound (pid 10004) is running...

 

[dave14305]

Yes

ASUSWRT-Merlin RT-AC68U 384.18_0 Sun Jun 28 17:57:07 UTC 2020
keytruda@RT-AC68U_WHITE-FFE8:/tmp/home/root# unbound-control status
version: 1.10.1
verbosity: 0
threads: 1
modules: 3 [ respip validator iterator ]
uptime: 6361 seconds
options: control
unbound (pid 10004) is running...

Try running

sh /jffs/addons/unbound/unbound.postconf /etc/dnsmasq.conf

if it doesn’t help, run the dnsmasq restart again.

 

[ARKASHA]

What I miss is this line in SSh Unbound session

Code:
Jun 11 15:05:12 unbound[20530:0] info: control cmd: stats_noreset

 

[dave14305]

What I miss is this line in SSh Unbound session

That’s for the unbound stats GUI.

I also realize my previous post was useless because running the Postconf script won’t make dnsmasq use it.

 

[ARKASHA]

Don't worry about, I realise the only way to have stats going is running Dnsmasq disable.

Inviato dal mio ONEPLUS A6003 utilizzando Tapatalk

 

[archiel]

I have just installed unbound, everything seems fine and I have a couple of questions

DNS Firewall: I am already using Skynet, is there any advantage to also using the DNS firewall option?

Routing Root server queries through a VPN: I can see the option in unbound.conf #outgoing-interface: xxx.xxx.xxx.xxx which I understand will stop my ISP in looking at the root server queries (should they wish to) and as I do not route all outbound traffic through a VPN tunnel, do I replace xxx.xxx.xxx.xxx with the VPN server address setup in the VPN client tab or some other address?

As OpenVPN on the router does not support IPv6, to prevent leaks, IPv6 is disabled on any devices that use the tunnel and the tunnel is setup with Accept DNS Configuration: Exclusive and Policy Rules: Strict as the devices are not used for web browsing so ad-blocking is not needed.

• Do I need to change the VPN settings if I want to route the root server queries through the tunnel?
• As the OpenVPN client (on Merlin) does not support IPv6, does this mean that AAAA records will not be obtained?

-------------------------------------EDIT---------------------------------------

1. Routing through VPN is done by using unbound_manager vpn=# (where # is the VPN number)
2. No need to change VPN settings - VPN tunnel can remain on Exclusive
3. I can see from dnsmasq log (via Diversion) that A and AAAA queries go via 127.0.0.1 and both types of query are answered (except where blocked by Diversion/Pixelserv)
4. As IPv6 is disabled on the tunnel, all DNS (A and AAAA) queries go through IPv4, IPv6 is not used.

 

[juched]

I have just installed unbound, everything seems fine and I have a couple of questions

DNS Firewall: I am already using Skynet, is there any advantage to also using the DNS firewall option?

Routing Root server queries through a VPN: I can see the option in unbound.conf #outgoing-interface: xxx.xxx.xxx.xxx which I understand will stop my ISP in looking at the root server queries (should they wish to) and as I do not route all outbound traffic through a VPN tunnel, do I replace xxx.xxx.xxx.xxx with the VPN server address setup in the VPN client tab or some other address?

As OpenVPN on the router does not support IPv6, to prevent leaks, IPv6 is disabled on any devices that use the tunnel and the tunnel is setup with Accept DNS Configuration: Exclusive and Policy Rules: Strict as the devices are not used for web browsing so ad-blocking is not needed.

• Do I need to change the VPN settings if I want to route the root server queries through the tunnel?
• As the OpenVPN client (on Merlin) does not support IPv6, does this mean that AAAA records will not be obtained?

-------------------------------------EDIT---------------------------------------

1. Routing through VPN is done by using unbound_manager vpn=# (where # is the VPN number)
2. No need to change VPN settings - VPN tunnel can remain on Exclusive
3. I can see from dnsmasq log (via Diversion) that A and AAAA queries go via 127.0.0.1 and both types of query are answered (except where blocked by Diversion/Pixelserv)

DNS Firewall is different from skynet. DNS firewall blocks bad sites from being looked up for their IP, where skynet blocks based on known bad IPs. Both security layers are good to have.

 

[ugandy]

DNS Firewall is different from skynet. DNS firewall blocks bad sites from being looked up for their IP, where skynet blocks based on known bad IPs. Both security layers are good to have.

if you have skynet, unbound's DNS firewall is redundant, since they use same block list i think

 

[raion969]

i am not sure about unbound does it now ignores my pseronal "best dns server" that i have set in the router and windows?
if yes what are the best settings then ? automatic use dns in windows and delet the dns server that i have set in the router ?

 

[juched]

if you have skynet, unbound's DNS firewall is redundant, since they use same block list i think

Nope, they are completely different. One is an IP list the other blocks domains.

 

[ugandy]

Nope, they are completely different. One is an IP list the other blocks domains.

but the list used by unbound's DNS firewall is also included in skynet last i checked, no?

 

[juched]

but the list used by unbound's DNS firewall is also included in skynet last i checked, no?

Don’t see how, as skynet needs IP lists.

 

[raion969]

so with this unbound script do i need to delet the spezific dns server that i have set in windows and in the router ?

Does a faster usb stick improves some minor performance ?

 

[ugandy]

Don’t see how, as skynet needs IP lists.

isn't unbound's DNS firewall list also a IP list. i need to check the messages in this thread, but i remember a comment indicating that unbound's DNS firewall list was IP list and also included in skynet. i may be wrong