Unbound Correct location and permissions for unbound.conf.add file

[iTyPsIDg]

I'm having trouble locating the correct path and permissions needed for the unbound.conf.add file. I prefer not to modify the original, but I've seen both /opt/share/unbound and /opt/share/unbound/configs listed as the correct path. Where should this file go so that it overrides some of the settings in unbound.conf?

Also, what permissions are needed for the file? I currently have it set to 666.

 

[chongnt]

I'm having trouble locating the correct path and permissions needed for the unbound.conf.add file. I prefer not to modify the original, but I've seen both /opt/share/unbound and /opt/share/unbound/configs listed as the correct path. Where should this file go so that it overrides some of the settings in unbound.conf?

Also, what permissions are needed for the file? I currently have it set to 444.

I edit in this file /opt/share/unbound/configs/unbound.conf.add
Restart unbound manager advanced, use oq command do a query to verify the new value is working.

-rw-rw-rw- 1 admin root 10.7K Jun 29 20:02 unbound.conf.add

For example, here is the changes I made

admin@RT-AC86U-DBA8:/tmp/home/root# egrep -v '(^[[:space:]]*#|^[[:space:]]*$)' /opt/s
hare/unbound/configs/unbound.conf.add
outgoing-interface: 192.168.1.1        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP (or force WAN ONLY)
log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
cache-max-ttl: 86400            # 86400; default 14400                             # v1.08 Martineau
cache-min-ttl: 3600             # 3600; default 1200                              # v1.08 Martineau
serve-expired-ttl: 259200       # 259200; three days, default 1 day                 # v1.12 as per @juched
outgoing-range: 950             # depends on number of cores: 1024/cores - 50
num-queries-per-thread: 512     # best set at half the number of the outgoing-range
so-rcvbuf: 1m                   # Larger socket buffer                      # v1.05 Martineau see DEFAULT /proc/sys/net/core/rmem_default
admin@RT-AC86U-DBA8:/tmp/home/root#

 

[iTyPsIDg]

I edit in this file /opt/share/unbound/configs/unbound.conf.add
Restart unbound manager advanced, use oq command do a query to verify the new value is working.

-rw-rw-rw- 1 admin root 10.7K Jun 29 20:02 unbound.conf.add

Interesting. I have it in the correct location, I've restarted a few times, but it doesn't seem to load.

Spoiler: unbound.conf.add

log-replies: yes
log-local-actions: yes

# no threads and no memory slabs for threads
num-threads: 2
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4

key-cache-size: 10m
msg-cache-size: 10m
rrset-cache-size: 20m

 

[Martineau]

I'm having trouble locating the correct path and permissions needed for the unbound.conf.add file. I prefer not to modify the original, but I've seen both /opt/share/unbound and /opt/share/unbound/configs listed as the correct path. Where should this file go so that it overrides some of the settings in unbound.conf?

Also, what permissions are needed for the file? I currently have it set to 444.

Last time I looked, I recall I coded

/opt/share/unbound/configs/unbound.postconf
/opt/share/unbound/configs/unbound.conf.add
etc.

and 666 will suffice for the permissions, although you may manually set the execute permission 777

 

[iTyPsIDg]

I'll correct my mistake, I had 666 for the permissions, not 444.

777 didn't do the trick either.

I verified the path from /jffs/addons/unbound/unbound_manager.sh is /opt/share/unbound/configs/unbound.conf.add.

Maybe I need a full restart of the router, which will have to wait since people are currently using it. I tried using rs and rl in advanced mode, but neither of those caused my changes to load.

 

[Martineau]

I'll correct my mistake, I had 666 for the permissions, not 444.

777 didn't do the trick either.

I verified the path from /jffs/addons/unbound/unbound_manager.sh is /opt/share/unbound/configs/unbound.conf.add.

Maybe I need a full restart of the router, which will have to wait since people are currently using it. I tried using rs and rl in advanced mode, but neither of those caused my changes to load.

A reboot of the router isn't necessary.

I'll have to check when I get back, but in the interim no doubt Colin Taylor can assist

 

[CornfieldWin]

I'll correct my mistake, I had 666 for the permissions, not 444.

777 didn't do the trick either.

I verified the path from /jffs/addons/unbound/unbound_manager.sh is /opt/share/unbound/configs/unbound.conf.add.

Maybe I need a full restart of the router, which will have to wait since people are currently using it. I tried using rs and rl in advanced mode, but neither of those caused my changes to load.

Just stop and restart unbound from AMTM or by shell which allows for the something. No need to do a complete router reboot unless dnsmasq jumps out of the VLAN weed patch, in which case abandon all hope...

 

[ColinTaylor]

Just stop and restart unbound from AMTM or by shell which allows for the something. No need to do a complete router reboot unless dnsmasq jumps out of the VLAN weed patch, in which case abandon all hope...

Do you realise that you're replying to a post from over four years ago?

 

[Twiglets]

Do you realise that you're replying to a post from over four years ago?

I am tempted to revise the answer to the original question, even if 4 years late, as it is WRONG !!!

From the asuswrt-merlin wiki the answer for ALL 'xxxxxxxx.conf.add' files:

Replacing or appending content to config files​

You can append content to various configuration files that are created by the firmware, or even completely replace them with custom config files you have created. Those config override files must be stored in /jffs/configs/. To have a config file appended to the one created by the firmware, simply add ".add" at the end of the filename taken from the list below. For example:

/jffs/configs/dnsmasq.conf.add

 

[ColinTaylor]

I am tempted to revise the answer to the original question, even if 4 years late, as it is WRONG !!!

From the asuswrt-merlin wiki the answer for ALL 'xxxxxxxx.conf.add' files:

Replacing or appending content to config files​

You can append content to various configuration files that are created by the firmware, or even completely replace them with custom config files you have created. Those config override files must be stored in /jffs/configs/. To have a config file appended to the one created by the firmware, simply add ".add" at the end of the filename taken from the list below. For example:

/jffs/configs/dnsmasq.conf.add

That would be correct for services that are part of the firmware, e.g. dnsmasq. However, this question relates to Unbound which is not part of the firmware but rather a third party addon script.

Looking at the unbound Manager script indicates that the file resides at /opt/share/unbound/configs/unbound.conf.add as indicated in post #2.

 

[Twiglets]

Ooops !!!
My mistake

 

[CornfieldWin]

Do you realise that you're replying to a post from over four year

 

[CornfieldWin]

Pop quiz: has the technology or answer changed in any way over the last four years?

 

[CornfieldWin]

I am tempted to revise the answer to the original question, even if 4 years late, as it is WRONG !!!

From the asuswrt-merlin wiki the answer for ALL 'xxxxxxxx.conf.add' files:

Replacing or appending content to config files​

You can append content to various configuration files that are created by the firmware, or even completely replace them with custom config files you have created. Those config override files must be stored in /jffs/configs/. To have a config file appended to the one created by the firmware, simply add ".add" at the end of the filename taken from the list below. For example:

/jffs/configs/dnsmasq.conf.add

Yeah, there seems to be a real problem with corrections.