Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[juched]

Since you're already practically re-using my code verbatim , I'm sure you can borrow the update_file, create_dirs and create_symlinks to maintain the shared-jy. Do note if you do want to use shared-jy it is imperative you add any additional files I may choose to add, otherwise your implementation could break any/all of my scripts.

Yes, I truly appreciate all your work. If my liberal referencing is not ok with you please do let me know. Always appreciate to stand on the shoulders of others

Any chance you are considering a shared package for the shared files. Seems your plugins for ntp and uiDiv as well as skynet and this one could all benefit from a shared package. Just curious.

 

[L&LD]

Quick update:

As usual, I updated a few examples of the RT-AC66U_B1, RT-AC68U, RT-AC3100, RT-AC86U and RT-AX88U's. No issues. Running fine with the following settings for v1.07

• No Logging enabled with 'i', during install (after updating with 'u').
• Optimizations enabled with 'i'.
• Nothing else was 'y', especially not to restore the previous config.
• Fastmenu 'y'.
• sgui 'y'.

I have not enabled my customizations on my RT-AX88U, but will after about 24 hours from now.

Still, this is a very fast ISP experience on every single provider from the surrounding areas, from Fibre to Cable, to DSL and even Satellite ISP connections.

What a great contribution from everyone involved in this awesome community!

Thank you x 1M.

 

[Martineau]

I can change it to use your restart command. That should address this right?

--- edit ---

Yes, it seems to. Pushed to github. Now it uses the offical unbound_manager.sh restart command which has checks and delays for the reload. My RT-AX88U is so fast it wasn't an issue.

Erm…

If another instance of unbound_manager is already running, the 'unbound_manager restart' request will be rejected due to the lock file being in use. (Hopefully when the daily Ad Block refresh cron job executes, no-one will be awake interactively using unbound_manager )

I can easily push a hotfix to call Restart_unbound() before checking the lock file.

However, during the initial install of unbound from amtm,i,7, unbound_manager will obviously be running, and during the Ad Block feature installation, 'gen_adblock.sh' will invoke a premature unbound start, and Restart_unbound() will unfortunately report

***ERROR unbound NOT running! - option unavailable

It isn't fatal, but is disconcerting to see unbound start twice during the install process.

I'll have a think how best to address this unfortunate side effect.

 

[Jack Yaz]

Yes, I truly appreciate all your work. If my liberal referencing is not ok with you please do let me know. Always appreciate to stand on the shoulders of others

Any chance you are considering a shared package for the shared files. Seems your plugins for ntp and uiDiv as well as skynet and this one could all benefit from a shared package. Just curious.

It's all good.

They probably could, but I'm loathe to push a mass update right now. I have significant rewrites of how I pass data to ChartJS on the go, as well as an experimental idea that could give uiDivStats more powerful charts, akin to PiHole.

I'll add bundling into a tar as a to-do

 

[Ubimo]

I have a similar graph like @juched (that's why I'm using his screenshot below)
Am I reading this correct?
1.284 DNS queries took on average 65-131ms? That's slow...
1.1.1.1 can resolve DNS queries in under 10ms.
I thought, that now I'm running my own DNS (unbound) on my router itself, it should resolve DNS requests much faster than 65-131ms?
(is query and request the same? I cannot differ in my language)

 

[dave14305]

I have a similar graph like @juched (that's why I'm using his screenshot below)
Am I reading this correct?
1.284 DNS queries took on average 65-131ms? That's slow...
1.1.1.1 can resolve DNS queries in under 10ms.
I thought, that now I'm running my own DNS (unbound) on my router itself, it should resolve DNS requests much faster than 65-131ms?
(is query and request the same? I cannot differ in my language)

For uncached queries, that is probably expected. Your cached queries appear on the left side of the chart, usually 0ms.

 

[martinr]

I have a similar graph like @juched (that's why I'm using his screenshot below)
Am I reading this correct?
1.284 DNS queries took on average 65-131ms? That's slow...
1.1.1.1 can resolve DNS queries in under 10ms.
I thought, that now I'm running my own DNS (unbound) on my router itself, it should resolve DNS requests much faster than 65-131ms?
(is query and request the same? I cannot differ in my language)

I’m really glad you asked this because I’m trying to understand my own graphs. So I’m really asking questions rather than offering an answer.
Your screenshot shows nearly 600 queries resolved between zero and one microsecond. So those must he queries resolved from Unbound’s own cache. So when you say 1.1.1.1 resolves in under 10ms, if those resolutions are from 1.1.1.1’s own cache, then you wouldn’t be comparing like for like because 1.1.1.1 would then be 3 orders of magnitude slower, if that were the case.
Then moving to the right we have the “bell-shaped” histograms starting at 4-8ms resolutions, then 8-16ms, 16-32ms ...

These I presume are all the recursive resolutions that Unbound had to make because it didn’t have the answers in its own cache? Now, if your 1.1.1.1 resolutions in less than 10ms are for DNS requests that 1.1.1.1 also didn't have the answers to, then I can see what you mean by Unbound being slower, but for those requests only. One could then say, but look many requests Unbound answered in less than one microsecond! How many did 1.1.1.1 answer that quickly?

I’m hoping someone will tell me if my thinking is correct on this.

 

[dave14305]

The benefit of a public resolver is that other users have probably primed the cache before your requests ever get there, at least for popular sites (like snbforums.com ). When you're your own recursive resolver, your cache solely depends on your own network activity, so you will often be making the first uncached request to your Unbound server. The other thing that gets lost is how many responses are cached by your browser or client and therefore do not reach Unbound anyway.

Did you feel your online experience was slower BEFORE you look at your stats?

 

[Jumpstarter]

Does this work with NTPMerlin?

 

[Jumpstarter]

Does this work with NTPMerlin?

For those less technical savvy users that rely on @Martineau to lead you out of "the darkness of the cave" and into the light of day, the answer is yes.

 

[Ubimo]

When I "sgui uninstall", will "s+" extended statistics be automatically disabled?

Edit:
I guess it does not get disabled, cause I see s+ in menu.

 

[ika]

Reporting a problem: Attempted minor update, just a minute ago, got this:

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

error: SSL handshake failed........... certificate verify failed:ssl/statem/statem_clnt.c:1915:

edit: did several attempts, still happening while I see this being commented out in the script, I'm confused.
edit2: I was blind, never mind, sorry

 

[Martineau]

When I "sgui uninstall", will "s+" extended statistics be automatically disabled?

The GUI TAB states:

hence the reason I force 's+' 'extended-statistics' to be ENABLED when 'sgui' is requested.

However you may wish to legitimately remove the GUI Graphical statistics TAB, but still retain the ability to view the cache stats on the command line using unbound_manager, so I decided to not DISABLE 'extended-statistics' given the consensus is that once ENABLED it doesn't unduly impact the performance of unbound.

I guess it does not get disabled, cause I see s+ in menu.

Correct - it does not get DISABLED, but if you see 's+' then that is a bug!

i.e. although I have altered the menu for (unreleased v2.16) to show the clickable GUI TAB

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache) s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user4.asp)

e  = Exit Script

A:Option ==> sgui uninstall

    unbound GUI graphical stats TAB uninstalled - user4.asp

unbound (pid 18134) is running... uptime: 0 Days, 00:11:57 version: 1.9.6 # rgnldo Github Version=v1.07 Martineau update (Date Loaded by unbound_manager Wed Mar 4 13:51:12 GMT 2020)

u = Push to Github PENDING for (Major) unbound_manager UPDATE v2.16 >>>> v2.15

i  = Update unbound Installation ('/opt/var/lib/unbound/')        l  = Show unbound log entries (lo=Enable Logging)
z  = Remove unbound/unbound_manager Installation                  v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit)
3  = Advanced Tools                                               rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                          oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
rs = Restart (or Start) unbound (use 'rs nocache' to flush cache) s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB; s-=Disable Extended Stats)

e  = Exit Script

A:Option ==>

the menu correctly shows 's-=Disable Extended Stats' to inform the user that 's+' 'extended-statistics' is ENABLED

 

[Martineau]

Reporting a problem: Attempted minor update, just a minute ago, got this:

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

error: SSL handshake failed........... certificate verify failed:ssl/statem/statem_clnt.c:1915:

edit: did several attempts, still happening while I see this being commented out in the script, I'm confused.
edit2: I was blind, never mind, sorry

What exactly was the sequence of events/messages surrounding the appearance of the error?

i.e. if the message appeared and was immediately followed by message

 Shutting down unbound...              done.

then I assume it is safe to ignore, but not 100% sure what the code severity means.

 

[juched]

The GUI TAB states:

View attachment 21754
hence the reason I force 's+' 'extended-statistics' to be ENABLED when 'sgui' is requested.

However you may wish to legitimately remove the GUI Graphical statistics TAB, but still retain the ability to view the cache stats on the command line using unbound_manager, so I decided to not DISABLE 'extended-statistics' given the consensus is that once ENABLED it doesn't unduly impact the performance of unbound.


Correct - it does not get DISABLED, but if you see 's+' then that is a bug!

i.e. although I have altered the menu for (unreleased v2.16) to show the clickable GUI TAB

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache) s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://192.168.1.1:80/user4.asp)

e  = Exit Script

A:Option ==> sgui uninstall

    unbound GUI graphical stats TAB uninstalled - user4.asp

unbound (pid 18134) is running... uptime: 0 Days, 00:11:57 version: 1.9.6 # rgnldo Github Version=v1.07 Martineau update (Date Loaded by unbound_manager Wed Mar 4 13:51:12 GMT 2020)

u = Push to Github PENDING for (Major) unbound_manager UPDATE v2.16 >>>> v2.15

i  = Update unbound Installation ('/opt/var/lib/unbound/')        l  = Show unbound log entries (lo=Enable Logging)
z  = Remove unbound/unbound_manager Installation                  v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit)
3  = Advanced Tools                                               rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                          oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
rs = Restart (or Start) unbound (use 'rs nocache' to flush cache) s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB; s-=Disable Extended Stats)

e  = Exit Script

A:Option ==>

the menu correctly shows 's-=Disable Extended Stats' to inform the user that 's+' 'extended-statistics' is ENABLED

If you disable the extended stats the GUI tab should still work, just those graphs become “No data to display”. The top graphs and text still show.

 

[Jumpstarter]

Is this a normal amount of ram usage for A RTAX-88U with diversion +skynet +unbound

 

[Treadler]

Is this a normal amount of ram usage for A RTAX-88U with diversion +skynet +unbound

View attachment 21760

It can be, specially when using the “large” Diversion block list.

 

[Jumpstarter]

yea mine is half the size of the "large" diversion list

 

[juched]

Is this a normal amount of ram usage for A RTAX-88U with diversion +skynet +unbound

View attachment 21760

Ssh in and run “top”. Hit “M” to sort by memory. What do you see?

Ctrl-c to exit top.

Did you change unbound number of threads?

 

[SuperDuke]

FWIW, I am on the Large+ Diversion list and my box has half the RAM and I'm only using half of that!