Unbound No internet on clients after reboot.

Khadanja

Senior Member
Have reverted to google DNS in LAN for now. All I did was a router reboot and now no internet on clients.

Code:
Oct 13 12:46:15 unbound[28806:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Oct 13 12:49:27 unbound[2675:0] notice: init module 0: respip
Oct 13 12:49:27 unbound[2675:0] notice: init module 1: validator
Oct 13 12:49:27 unbound[2675:0] notice: init module 2: iterator
Oct 13 12:49:32 unbound[2675:0] info: start of service (unbound 1.13.2).
Oct 13 12:51:42 unbound[2675:0] info: service stopped (unbound 1.13.2).
Oct 13 12:51:43 unbound[2675:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Oct 13 12:51:43 unbound[2675:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Oct 13 12:51:52 unbound[16028:0] notice: init module 0: respip
Oct 13 12:51:52 unbound[16028:0] notice: init module 1: validator
Oct 13 12:51:52 unbound[16028:0] notice: init module 2: iterator
Oct 13 12:51:53 unbound[16028:0] info: start of service (unbound 1.13.2).
Oct 13 13:02:03 unbound[3842:0] notice: init module 0: respip
Oct 13 13:02:03 unbound[3842:0] notice: init module 1: validator
Oct 13 13:02:03 unbound[3842:0] notice: init module 2: iterator
Oct 13 13:02:05 unbound[3842:0] info: start of service (unbound 1.13.2).
Oct 13 13:06:18 unbound[3842:0] info: service stopped (unbound 1.13.2).
Oct 13 13:06:20 unbound[3842:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Oct 13 13:06:20 unbound[3842:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Oct 13 13:06:31 unbound[17592:0] notice: init module 0: respip
Oct 13 13:06:31 unbound[17592:0] notice: init module 1: validator
Oct 13 13:06:31 unbound[17592:0] notice: init module 2: iterator
Oct 13 13:06:32 unbound[17592:0] info: start of service (unbound 1.13.2).
Oct 13 13:10:24 unbound[17592:0] info: service stopped (unbound 1.13.2).
Oct 13 13:10:25 unbound[17592:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Oct 13 13:10:25 unbound[17592:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Oct 13 13:10:34 unbound[22020:0] notice: init module 0: respip
Oct 13 13:10:34 unbound[22020:0] notice: init module 1: validator
Oct 13 13:10:34 unbound[22020:0] notice: init module 2: iterator
Oct 13 13:10:37 unbound[22020:0] info: start of service (unbound 1.13.2).
Oct 13 13:10:45 unbound_manager: 'scribe':  ============================================================== Started
Oct 13 13:10:57 unbound[22020:0] info: service stopped (unbound 1.13.2).
Oct 13 13:10:57 unbound[22020:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Oct 13 13:10:57 unbound[22020:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Code:
 
Last edited:

Khadanja

Senior Member
Code:
        Version=3.23bB                                  (Change Log: https://github.com/MartineauUK/Unbound-Asuswrt-Merlin/commits/dev/unbound_manager.sh)
        Local                                           md5=c7a29f5806410ca53da61910981ea6a3
        Github                                          md5=6b4a500c071bcbb3f4a6e9596a178d43
        /jffs/addons/unbound/unbound_manager.md5        md5=c7a29f5806410ca53da61910981ea6a3

        Router Configuration recommended pre-reqs status:

        [✔] Swapfile=2097148 kB
        [✔] DNS Filter=ON
        [✔] DNS Filter=ROUTER
        [✔] WAN: Use local caching DNS server as system resolver=NO
        [✔] Enable local NTP server=YES
        [✔] Enable DNS Rebind protection=NO
        [✔] Enable DNSSEC support=NO
        [✖] Warning Skynet's Country BAN feature is currently ACTIVE and may significantly reduce unbound performance and in some cases block sites

        Options:

        [✔] unbound Logging
        [✔] Ad and Tracker Blocking (No. of Adblock domains=259076,Blocked Hosts=1,Allowlist=19,Blocked Country=2)
        [✔] unbound CPU/Memory Performance tweaks
        [✔] Firefox DNS-over-HTTPS (DoH) DISABLE/Blocker
        [✔] DoT ENABLED. These third parties are used:
                [email protected]#cloudflare-dns.com
                [email protected]#cloudflare-dns.com
        [✔] Router Graphical GUI statistics TAB installed
        [✔] unbound-control FAST response ENABLED
        [✔] YouTube Ad Blocking (Forcing to use YT IP 203.109.178.144, No. of YouTube Video Ad domains=134)
        [✔] Safe Search ENABLED (209 domains e.g. redirect "www.google.com" to "forcesafesearch.google.com")

        unbound Memory/Cache:

        'key-cache-size:'       8388608 (8.00 MB)
        'msg-cache-size:'       8388608 (8.00 MB)       0% used 19172   (18.72 KB)
        'rrset-cache-size:'     16777216 (16.00 MB)     0% used 40466   (39.52 KB)

        System Memory/Cache:

                     total       used       free     shared    buffers     cached
        Mem:        255684     193172      62512          0       1580      33044
        -/+ buffers/cache:     158548      97136
        Swap:      2097148      35612    2061536

        About unbound: https://nlnetlabs.nl/projects/unbound/about/ , Manual https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Running dig within unbound seems to suggest dns queries are working but no internet on clients.
Code:
; <<>> DiG 9.17.13 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5436
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             216     IN      A       142.250.204.14

;; Query time: 0 msec
;; SERVER: 203.109.191.1#53(203.109.191.1) (UDP)
;; WHEN: Wed Oct 13 01:45:28 UTC 2021
;; MSG SIZE  rcvd: 55
 

Khadanja

Senior Member
This is how it's currently working, if I remove the Google DNS entry, no internet. Also attached, current unbound.log.
Capture5.JPG
 

Khadanja

Senior Member
Code:
Oct 13 16:15:00 RT-AC68U-20E0 (unbound_rpz.sh): 29989 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Oct 13 16:15:06 RT-AC68U-20E0 (unbound_rpz.sh): 29989 Reload unbound for zone named rpz.urlhaus.abuse.ch
Oct 13 16:15:07 RT-AC68U-20E0 (unbound_manager): 30192 Starting Script Execution (advanced)
Oct 13 16:15:39 RT-AC68U-20E0 (unbound_manager): 31181 Starting Script Execution (advanced)
Oct 13 16:15:42 RT-AC68U-20E0 unbound: [*] Lock File Detected (advanced) (pid=30192) - Exiting (cpid=31181)
Oct 13 16:15:59 RT-AC68U-20E0 (unbound_manager): 31444 Starting Script Execution (advanced)
Oct 13 16:17:12 RT-AC68U-20E0 (unbound_manager): 2049 Starting Script Execution (advanced)
Oct 13 16:30:01 RT-AC68U-20E0 (unbound_rpz.sh): 16066 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Oct 13 16:30:06 RT-AC68U-20E0 (unbound_rpz.sh): 16066 Reload unbound for zone named rpz.urlhaus.abuse.ch
Oct 13 16:45:00 RT-AC68U-20E0 (unbound_rpz.sh): 22305 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Oct 13 16:45:04 RT-AC68U-20E0 (unbound_rpz.sh): 22305 Reload unbound for zone named rpz.urlhaus.abuse.ch
Oct 13 16:57:01 RT-AC68U-20E0 (unbound_log.sh): 30413 Processed 4 reply_domains...
Oct 13 17:00:00 RT-AC68U-20E0 (unbound_rpz.sh): 3580 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Oct 13 17:00:05 RT-AC68U-20E0 (unbound_rpz.sh): 3580 Reload unbound for zone named rpz.urlhaus.abuse.ch
Oct 13 17:15:00 RT-AC68U-20E0 (unbound_rpz.sh): 12938 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Oct 13 17:15:03 RT-AC68U-20E0 (unbound_rpz.sh): 12938 Reload unbound for zone named rpz.urlhaus.abuse.ch
Oct 13 17:19:51 RT-AC68U-20E0 (unbound_manager): 14791 Starting Script Execution (advanced)
Oct 13 17:30:00 RT-AC68U-20E0 (unbound_rpz.sh): 20029 Attempting to Download 1 of 1 from https://urlhaus.abuse.ch/downloads/rpz/.
Oct 13 17:30:03 RT-AC68U-20E0 (unbound_rpz.sh): 20029 Reload unbound for zone named rpz.urlhaus.abuse.ch
 

chongnt

Very Senior Member
Code:
        Version=3.23bB                                  (Change Log: https://github.com/MartineauUK/Unbound-Asuswrt-Merlin/commits/dev/unbound_manager.sh)
        Local                                           md5=c7a29f5806410ca53da61910981ea6a3
        Github                                          md5=6b4a500c071bcbb3f4a6e9596a178d43
        /jffs/addons/unbound/unbound_manager.md5        md5=c7a29f5806410ca53da61910981ea6a3

        Router Configuration recommended pre-reqs status:

        [✔] Swapfile=2097148 kB
        [✔] DNS Filter=ON
        [✔] DNS Filter=ROUTER
        [✔] WAN: Use local caching DNS server as system resolver=NO
        [✔] Enable local NTP server=YES
        [✔] Enable DNS Rebind protection=NO
        [✔] Enable DNSSEC support=NO
        [✖] Warning Skynet's Country BAN feature is currently ACTIVE and may significantly reduce unbound performance and in some cases block sites

        Options:

        [✔] unbound Logging
        [✔] Ad and Tracker Blocking (No. of Adblock domains=259076,Blocked Hosts=1,Allowlist=19,Blocked Country=2)
        [✔] unbound CPU/Memory Performance tweaks
        [✔] Firefox DNS-over-HTTPS (DoH) DISABLE/Blocker
        [✔] DoT ENABLED. These third parties are used:
                [email protected]#cloudflare-dns.com
                [email protected]#cloudflare-dns.com
        [✔] Router Graphical GUI statistics TAB installed
        [✔] unbound-control FAST response ENABLED
        [✔] YouTube Ad Blocking (Forcing to use YT IP 203.109.178.144, No. of YouTube Video Ad domains=134)
        [✔] Safe Search ENABLED (209 domains e.g. redirect "www.google.com" to "forcesafesearch.google.com")

        unbound Memory/Cache:

        'key-cache-size:'       8388608 (8.00 MB)
        'msg-cache-size:'       8388608 (8.00 MB)       0% used 19172   (18.72 KB)
        'rrset-cache-size:'     16777216 (16.00 MB)     0% used 40466   (39.52 KB)

        System Memory/Cache:

                     total       used       free     shared    buffers     cached
        Mem:        255684     193172      62512          0       1580      33044
        -/+ buffers/cache:     158548      97136
        Swap:      2097148      35612    2061536

        About unbound: https://nlnetlabs.nl/projects/unbound/about/ , Manual https://nlnetlabs.nl/documentation/unbound/unbound.conf/

Running dig within unbound seems to suggest dns queries are working but no internet on clients.
Code:
; <<>> DiG 9.17.13 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5436
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             216     IN      A       142.250.204.14

;; Query time: 0 msec
;; SERVER: 203.109.191.1#53(203.109.191.1) (UDP)
;; WHEN: Wed Oct 13 01:45:28 UTC 2021
;; MSG SIZE  rcvd: 55
Was it working before or is this the first time setting this up? I don't use DoT so I have no idea on that part. From your unbound logs there is no query or reply seen. I am not sure if it is working correctly. If you don't change the default port, it should be 53535. You can verify from unbound_manager advanced:
Code:
A:Option ==> oq interface

unbound-control 'interface' '[email protected]'

Can you try the following command and see if it works and counter increases.

Code:
dig @127.0.0.1 -p 53535 google.com
unbound-control stats_noreset | grep -F total.num
 

Khadanja

Senior Member
Was it working before or is this the first time setting this up? I don't use DoT so I have no idea on that part. From your unbound logs there is no query or reply seen. I am not sure if it is working correctly. If you don't change the default port, it should be 53535. You can verify from unbound_manager advanced:
Code:
A:Option ==> oq interface

unbound-control 'interface' '[email protected]
[email protected]'
Can you try the following command and see if it works and counter increases.

[CODE]
dig @127.0.0.1 -p 53535 google.com
unbound-control stats_noreset | grep -F total.num
Yes it was working perfectly for the last few days.
Code:
A:Option ==> oq interface
unbound-control 'interface' '[email protected]
[email protected]'
Yes it works and counter increases.
Code:
dig @127.0.0.1 -p 53535 google.com

; <<>> DiG 9.17.13 <<>> @127.0.0.1 -p 53535 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54060
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             1200    IN      A       142.250.204.14

;; Query time: 300 msec
;; SERVER: 127.0.0.1#53535(127.0.0.1) (UDP)
;; WHEN: Wed Oct 13 05:27:47 UTC 2021
;; MSG SIZE  rcvd: 55

Can you check if these settings are correct. dnsmasq is handled by router so it is disabled.
Code:
server:

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53535                                 # v1.08 If 53, requires 'port=0' in '/etc/dnsmasq.conf' to 'disable' dnsmasq to answer queries direct from LAN clients
interface: [email protected]                  # v1.01 As per @dave14305 minimal config; Will be overwritten by $(nvram get lan_ipaddr_rt) if dnsmasq 'disabled'
interface: [email protected]                     # v1.10 Required by router if dnsmasq 'disabled'
#interface: [email protected]                # v1.12 AiMesh Guest SSID VLAN TAG (dnsmasq disabled) @juched
access-control: 0.0.0.0/0 allow             # v1.10 Will be overwritten by LAN subnet "${lan_ip_addr_rt}/24" if 'dnsmasq disabled' aka bypassed
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This was in dnsmasq.conf
Code:
port=0                             # unbound_manager
dhcp-option=lan,6,192.168.1.1      # unbound_manager
server=127.0.0.1#53535

Also, I've commented DoT & forward-addr settings-
Code:
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
#forward-zone:#DoT                                                    # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
#name: "."
#forward-tls-upstream: yes
#forward-addr: [email protected]#cloudflare-dns.com
#forward-addr: [email protected]#cloudflare-dns.com
#forward-addr: [email protected]#dns.quad9.net
#forward-addr: [email protected]#dns.quad9.net
#forward-addr: 2606:4700:4700::[email protected]#cloudflare-dns.com
#forward-addr: 2606:4700:4700::[email protected]#cloudflare-dns.com
#forward-addr: 2620:fe::[email protected]#dns.quad9.net
#forward-addr: 2620:fe::[email protected]#dns.quad9.net
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
Last edited:

chongnt

Very Senior Member
Yes it was working perfectly for the last few days.
Code:
A:Option ==> oq interface
unbound-control 'interface' '[email protected]
[email protected]'
Yes it works and counter increases.
Code:
dig @127.0.0.1 -p 53535 google.com

; <<>> DiG 9.17.13 <<>> @127.0.0.1 -p 53535 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54060
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             1200    IN      A       142.250.204.14

;; Query time: 300 msec
;; SERVER: 127.0.0.1#53535(127.0.0.1) (UDP)
;; WHEN: Wed Oct 13 05:27:47 UTC 2021
;; MSG SIZE  rcvd: 55

Can you check if these settings are correct. dnsmasq is handled by router so it is disabled.
Code:
server:

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53535                                 # v1.08 If 53, requires 'port=0' in '/etc/dnsmasq.conf' to 'disable' dnsmasq to answer queries direct from LAN clients
interface: [email protected]                  # v1.01 As per @dave14305 minimal config; Will be overwritten by $(nvram get lan_ipaddr_rt) if dnsmasq 'disabled'
interface: [email protected]                     # v1.10 Required by router if dnsmasq 'disabled'
#interface: [email protected]                # v1.12 AiMesh Guest SSID VLAN TAG (dnsmasq disabled) @juched
access-control: 0.0.0.0/0 allow             # v1.10 Will be overwritten by LAN subnet "${lan_ip_addr_rt}/24" if 'dnsmasq disabled' aka bypassed
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This was in dnsmasq.conf
Code:
port=0                             # unbound_manager
dhcp-option=lan,6,192.168.1.1      # unbound_manager
server=127.0.0.1#53535

Also, I've commented DoT & forward-addr settings-
Code:
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
#forward-zone:#DoT                                                    # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
#name: "."
#forward-tls-upstream: yes
#forward-addr: [email protected]#cloudflare-dns.com
#forward-addr: [email protected]#cloudflare-dns.com
#forward-addr: [email protected]#dns.quad9.net
#forward-addr: [email protected]#dns.quad9.net
#forward-addr: 2606:4700:4700::[email protected]#cloudflare-dns.com
#forward-addr: 2606:4700:4700::[email protected]#cloudflare-dns.com
#forward-addr: 2620:fe::[email protected]#dns.quad9.net
#forward-addr: 2620:fe::[email protected]#dns.quad9.net
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
From your dig output looks like unbound is working. Is your router ip 192.168.1.1? If yes, you can also run [email protected] google.com from your router. If it is working too then can try to check from your LAN client if it can resolve DNS query using the router ip as DNS server.

Did you make any changes prior to reboot? Here is what it looks like in my router:
Code:
server:

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53535                                 # v1.08 If 53, requires 'port=0' in '/etc/dnsmasq.conf' to 'disable' dnsmasq to answer queries direct from LAN clients
interface: [email protected]                  # v1.01 As per [USER=58901]@dave14305[/USER] minimal config; Will be overwritten by $(nvram get lan_ipaddr_rt) if dnsmasq 'disabled'
#interface: [email protected]                    # v1.10 Required by router if dnsmasq 'disabled'
#interface: [email protected]                # v1.12 AiMesh Guest SSID VLAN TAG (dnsmasq disabled) [USER=56808]@juched[/USER]
#access-control: 0.0.0.0/0 allow            # v1.10 Will be overwritten by LAN subnet "${lan_ip_addr_rt}/24" if 'dnsmasq disabled' aka bypassed
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 

Khadanja

Senior Member
From your dig output looks like unbound is working. Is your router ip 192.168.1.1? If yes, you can also run [email protected] google.com from your router. If it is working too then can try to check from your LAN client if it can resolve DNS query using the router ip as DNS server.

Did you make any changes prior to reboot? Here is what it looks like in my router:
Code:
server:

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53535                                 # v1.08 If 53, requires 'port=0' in '/etc/dnsmasq.conf' to 'disable' dnsmasq to answer queries direct from LAN clients
interface: [email protected]                  # v1.01 As per [USER=58901]@dave14305[/USER] minimal config; Will be overwritten by $(nvram get lan_ipaddr_rt) if dnsmasq 'disabled'
#interface: [email protected]                    # v1.10 Required by router if dnsmasq 'disabled'
#interface: [email protected]                # v1.12 AiMesh Guest SSID VLAN TAG (dnsmasq disabled) [USER=56808]@juched[/USER]
#access-control: 0.0.0.0/0 allow            # v1.10 Will be overwritten by LAN subnet "${lan_ip_addr_rt}/24" if 'dnsmasq disabled' aka bypassed
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
dig from router
Code:
[email protected]:/tmp/home/root# dig @192.168.1.1 google.com
;; communications error to 192.168.1.1#53: end of file
;; communications error to 192.168.1.1#53: end of file

dig from client
Code:
$ dig @192.168.1.1 google.com
; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.1 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

So dnsmasq is disabled in your case too? Have you also got what I have in dnsmasq.conf. If your settings are also standard maybe I can replace my unbound.conf with yours to try.I have made mine same as yours for the server section you posted.
 
Last edited:

chongnt

Very Senior Member
dig from router
Code:
[email protected]:/tmp/home/root# dig @192.168.1.1 google.com
;; communications error to 192.168.1.1#53: end of file
;; communications error to 192.168.1.1#53: end of file

dig from client
Code:
 dig @192.168.1.1 google.com

; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27490
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             203     IN      A       142.250.67.14

;; Query time: 40 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Oct 13 18:55:03 NZDT 2021
;; MSG SIZE  rcvd: 44

So dnsmasq is disabled in your case too? Have you also got what I have in dnsmasq.conf. If your settings are also standard maybe I can replace my unbound.conf with yours to try.I have made mine same as yours for the server section you posted.
I did not disable dnsmasq in my router. I am using it together with diversion etc. I can see dns query in dnsmasq.log
 

Khadanja

Senior Member
I did not disable dnsmasq in my router. I am using it together with diversion etc. I can see dns query in dnsmasq.log
I meant dnsmasq disabled in unbound. Can you share your unbound.conf? I'll compare. Has to be something in that file that's breaking my dns queries.
 

Khadanja

Senior Member
ok i got it working after enabling dnsmasq in unbound. I disabled it so I can see IP addresses in logs instead of 127.0.0.1 and it was working fine for the last 5-6 days with multiple reloads of unbound etc. and router reboots. Now I'm worried about disabling it again but would like to see client IPs instead of 127.0.0.1 in logs. What do you use diversion for along with unbound? I thought there is no use of diversion as unbound does everything. That's what I found.
 

chongnt

Very Senior Member
ok i got it working after enabling dnsmasq in unbound. I disabled it so I can see IP addresses in logs instead of 127.0.0.1 and it was working fine for the last 5-6 days with multiple reloads of unbound etc. and router reboots. Now I'm worried about disabling it again but would like to see client IPs instead of 127.0.0.1 in logs. What do you use diversion for along with unbound? I thought there is no use of diversion as unbound does everything. That's what I found.
Glad that you got it working again. I have been using diversion since ab-solutions, way before I use unbound. I did not explore adblock feature in unbound. I think it works somewhat similarly.
 

chongnt

Very Senior Member

Khadanja

Senior Member
Yes, Diversion support custom lists too. You can find the details in this link:

Unable to use that list -
Code:
getting hosted blacklist
 https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
###################################################################################################################################################################################################################################### 100.0%
Error  hosted blacklist is above the limit of 4000 domains.
 Consider to use a larger blocking list in  b
 to not have to blacklist so many domains.
Keeping existing blacklist
 

Martineau

Part of the Furniture
ok i got it working after enabling dnsmasq in unbound. I disabled it <snip> and it was working fine for the last 5-6 days with multiple reloads of unbound etc. and router reboots.
So there were no issues/problems (although not sure why you would have multiple reloads/reboots) then after nearly a week it inexplicably stopped working?

Was there a delayed change that you forgot about that was only implemented after the last reboot?
Now I'm worried about disabling it again
Well without any diagnostics we'll never know if we can dispel your worries - error messages in Syslog?, memory exhaustion?, testing LAN clients using IP Addresses in URLs rather than names to be resolved by DNS etc.

So, it really depends how satisfied you were with running only unbound for nearly a week and subsequently if you wish to tediously spend time troubleshooting

i.e. you would need to disable dnsmasq again, and see if the issue returns after 5-6 days, or if you can instantly reproduce the issue immediately after dnsmasq is disabled, otherwise probably best to drop unbound and its features, for a worry-free life.

Regards
 

Khadanja

Senior Member
v
So there were no issues/problems (although not sure why you would have multiple reloads/reboots) then after nearly a week it inexplicably stopped working?

Was there a delayed change that you forgot about that was only implemented after the last reboot?

Well without any diagnostics we'll never know if we can dispel your worries - error messages in Syslog?, memory exhaustion?, testing LAN clients using IP Addresses in URLs rather than names to be resolved by DNS etc.

So, it really depends how satisfied you were with running only unbound for nearly a week and subsequently if you wish to tediously spend time troubleshooting

i.e. you would need to disable dnsmasq again, and see if the issue returns after 5-6 days, or if you can instantly reproduce the issue immediately after dnsmasq is disabled, otherwise probably best to drop unbound and its features, for a worry-free life.

Regards
Don't think there was a delayed change. Yes no issues for nearly a week. Only thing is I reinstalled scribe and unbound as unbound log file stopped updating before reboot but internet was still working.
very satisfied with unbound. Happy to disable dnsmasq and try again if you are around for a while to help me troubleshoot? Do I need to uncomment anything in the conf file after disabling dnsmasq?
 

Khadanja

Senior Member
@Martineau ok dnsmasq disabled and it's all working now. Didn't do anything manually. Can you please explain each of these?
Code:
server:
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
port: 53535                                 # v1.08 If 53, requires 'port=0' in '/etc/dnsmasq.conf' to 'disable' dnsmasq to answer queries direct from LAN clients
interface: [email protected]                  # v1.01 As per @dave14305 minimal config; Will be overwritten by $(nvram get lan_ipaddr_rt) if dnsmasq 'disabled'
#interface: [email protected]                    # v1.10 Required by router if dnsmasq 'disabled'
#access-control: 0.0.0.0/0 allow            # v1.10 Will be overwritten by LAN subnet "${lan_ip_addr_rt}/24" if 'dnsmasq disabled' aka bypassed
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
#outgoing-interface: xxx.xxx.xxx.xxx        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP (or force WAN ONLY)
Also, I've got this, what exactly does forward zone mean? I am getting full benefit of unbound still right?
Code:
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
forward-zone:#DoT                                                    # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
name: "."
#forward-tls-upstream: yes
forward-addr: 1.1.1.3
forward-addr: 1.0.0.3
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top