Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[juched]

isn't unbound's DNS firewall list also a IP list. i need to check the messages in this thread, but i remember a comment indicating that unbound's DNS firewall list was IP list and also included in skynet. i may be wrong

Nope, it is RPZ and is based on domains. It can also do reverse IP blocking, but it isn’t common. I fully recommend running both. But stopping the lookup for a bad site before knowing the IP is best.

 

[juched]

isn't unbound's DNS firewall list also a IP list. i need to check the messages in this thread, but i remember a comment indicating that unbound's DNS firewall list was IP list and also included in skynet. i may be wrong

If you run unbound you should change your router to specify itself as the DNS server and do not use any other DNS servers like 1.1.1.1 or 9.9.9.9 or else it will just skip your local DNS.

For windows just let it use the router for the DNS and don’t specify a specific one.

 

[juched]

i am not sure about unbound does it now ignores my pseronal "best dns server" that i have set in the router and windows?
if yes what are the best settings then ? automatic use dns in windows and delet the dns server that i have set in the router ?

Correct. Use DHCP auto DNS on windows and allow router to specify its own IP as DNS and remove other DNS specified. Also turn off auto on WAN to not use ISP DNS servers.

You can tell which DNS server you are using by using this site. https://www.dnsleaktest.com/
It should show your own IP as the DNS server.

 

[raion969]

so in the dns server status on windows i should see the same ip as i login with the router ?

you mean this setting to of : Get the WAN IP automatically?

my ip shows different than the dns server i see in the windows stats

Or which ip do you mean ? right now my dns sever shows as the router login ip ?

 

[archiel]

I am confused by the comments above as I think unbound is working correctly (it is showing a 76%+ hit rate), but I still have the same WAN DNS Setting (from before installing unbound).

Connect to DNS Server automatically No
DNS Server1: 208.67.220.220
DNS Server2: 208.67.220.222
There are the OpenDNS servers

After installing unbound running https://www.dnsleaktest.com/ I can see my local IPv4 address as the DNS server and if I look in the unbound logs I can see DNS lookups in this form.

Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] query: 127.0.0.1 nav.smartscreen.microsoft.com. A IN
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] query: 127.0.0.1 nav.smartscreen.microsoft.com. AAAA IN
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] reply: 127.0.0.1 nav.smartscreen.microsoft.com. AAAA IN NOERROR 0.000000 1 213
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] reply: 127.0.0.1 nav.smartscreen.microsoft.com. A IN NOERROR 0.016008 0 166

It looks to me as though that when unbound is running then the OpenDNS DNS servers are bypassed. Is this correct or do I also need to empty DNS Server1 & 2 above?

 

[heysoundude]

so in the dns server status on windows i should see the same ip as i login with the router ?

Yes, that’s it.


Sent from my iPhone using Tapatalk

 

[raion969]

but my own ip is not the same ip that shows in the browser line when i login into the router or ? so on https://www.dnsleaktest.com/. i should not see the same ip as in the merlin firmware on the top left in the browser line ?

on connmon test what dns sever should i set ? The same as the router login because the router is now the *new* dns server

 

[martinr]

I am confused by the comments above as I think unbound is working correctly (it is showing a 76%+ hit rate), but I still have the same WAN DNS Setting (from before installing unbound).

Connect to DNS Server automatically No
DNS Server1: 208.67.220.220
DNS Server2: 208.67.220.222
There are the OpenDNS servers

After installing unbound running https://www.dnsleaktest.com/ I can see my local IPv4 address as the DNS server and if I look in the unbound logs I can see DNS lookups in this form.

Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] query: 127.0.0.1 nav.smartscreen.microsoft.com. A IN
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] query: 127.0.0.1 nav.smartscreen.microsoft.com. AAAA IN
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] reply: 127.0.0.1 nav.smartscreen.microsoft.com. AAAA IN NOERROR 0.000000 1 213
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] reply: 127.0.0.1 nav.smartscreen.microsoft.com. A IN NOERROR 0.016008 0 166

It looks to me as though that when unbound is running then the OpenDNS DNS servers are bypassed. Is this correct or do I also need to empty DNS Server1 & 2 above?

My understanding is that you turn on DNS Filter (LAN page) and set to router in Global Filter Mode (and no clients specified in the exceptions list at the bottom). But on the WAN page you still need to specify DNS servers (I have 1.1.1.1 and 1.0.0.1). These are used during boot up so that the ntp server domain can be resolved.

https://www.snbforums.com/threads/r...cursive-dns-server.61669/page-128#post-591513

and, I suppose, if Unbound fails or is turned off, then your Internet still works

 

[juched]

I am confused by the comments above as I think unbound is working correctly (it is showing a 76%+ hit rate), but I still have the same WAN DNS Setting (from before installing unbound).

Connect to DNS Server automatically No
DNS Server1: 208.67.220.220
DNS Server2: 208.67.220.222
There are the OpenDNS servers

After installing unbound running https://www.dnsleaktest.com/ I can see my local IPv4 address as the DNS server and if I look in the unbound logs I can see DNS lookups in this form.

Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] query: 127.0.0.1 nav.smartscreen.microsoft.com. A IN
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] query: 127.0.0.1 nav.smartscreen.microsoft.com. AAAA IN
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] reply: 127.0.0.1 nav.smartscreen.microsoft.com. AAAA IN NOERROR 0.000000 1 213
Jul 11 18:48:44 RT-AX88U-5050 unbound: [30258:0] reply: 127.0.0.1 nav.smartscreen.microsoft.com. A IN NOERROR 0.016008 0 166

It looks to me as though that when unbound is running then the OpenDNS DNS servers are bypassed. Is this correct or do I also need to empty DNS Server1 & 2 above?

Sorry, my mistake. You do not need to empty those two boxes.

 

[raion969]

So for my gaming rule in the flexqos i needed to Set my PC in the wi does ipv4 tap an specific ip and also a dns server so is this right that i have to put in my router login Adress as an dns Server because now my router is the dns?

 

[archiel]

I have a problem with unbound and using VPN to route DNS queries. I had setup unbound to use a client vpn connection (vpn 5), this had picked up the internal VPN interface (10.8.0.5) and everything worked. However when I rebooted the router this morning, after first dismounting the USB drive, everything seemed okay at first until I saw I could not connect to any sites and unbound was reporting SERVFAIL on all enquiries.

On investigation the cause was that the internal IP address for vpn 5 had changed after the reboot (10.8.1.8), but unbound was still trying to use the old (and now defunct) address. I was able to fix this by running unbound_manager advanced, then vpn 5 which then updated the address, but how can I make sure that this does not re-occur - ideally if I am using the vpn routing options then unbound should rerun the vpn command as it starts-up to pick up any changes?

 

[immi803]

@Martineau
from few days, i'm getting no connection error in YouTube videos in app Android and it has increased every coming day, i'm using YouTube ad blocker , same videos play fine in chrome /browsers etc, can ad blocker can be reason for this issue?

 

[juched]

@Martineau
from few days, i'm getting no connection error in YouTube videos in app Android and it has increased every coming day, i'm using YouTube ad blocker , same videos play fine in chrome /browsers etc, can ad blocker can be reason for this issue?

Not sure. This ad blocker was based on findings from the Pi-hole community. My first thought was the IP selected as gone bad, meaning the server it is directing all traffic to may be gone, causing issues. However you do Chrome works fine.

What happens when you disable the youtube ad blocker? does it start working on Android again? Any unbound log entries of interest while running android ad blocker?

Anyone else having Android issues with youtube ad blocker enabled?

 

[immi803]

Not sure. This ad blocker was based on findings from the Pi-hole community. My first thought was the IP selected as gone bad, meaning the server it is directing all traffic to may be gone, causing issues. However you do Chrome works fine.

What happens when you disable the youtube ad blocker? does it start working on Android again? Any unbound log entries of interest while running android ad blocker?

Anyone else having Android issues with youtube ad blocker enabled?

i'll check and report when back home

 

[ugandy]

I have a problem with unbound and using VPN to route DNS queries. I had setup unbound to use a client vpn connection (vpn 5), this had picked up the internal VPN interface (10.8.0.5) and everything worked. However when I rebooted the router this morning, after first dismounting the USB drive, everything seemed okay at first until I saw I could not connect to any sites and unbound was reporting SERVFAIL on all enquiries.

On investigation the cause was that the internal IP address for vpn 5 had changed after the reboot (10.8.1.8), but unbound was still trying to use the old (and now defunct) address. I was able to fix this by running unbound_manager advanced, then vpn 5 which then updated the address, but how can I make sure that this does not re-occur - ideally if I am using the vpn routing options then unbound should rerun the vpn command as it starts-up to pick up any changes?

you need to setup 3 scripts. search this thread for "route-pre-down"

i have x3mRouting installed via amtm, so i already had
/jffs/scripts/x3mRouting/openvpn-event


then i added:
/jffs/scripts/x3mRouting/vpnclient2-route-pre-down

#!/bin/sh
/jffs/addons/unbound/unbound_manager.sh vpn=disable

/jffs/scripts/x3mRouting/vpnclient2-up

#!/bin/sh
/jffs/addons/unbound/unbound_manager.sh vpn=2 delay=9 &

the name of the 2 scripts must reflect the vpn ID you use
remember to "chmod +x" the scripts

with the above 3 scripts in place, unbound will channel through the vpn when vpn starts, and stop channeling if vpn goes down.

 

[archiel]

you need to setup 3 scripts. search this thread for "route-pre-down"

i have x3mRouting installed via amtm, so i already had
/jffs/scripts/x3mRouting/openvpn-event


then i added:
/jffs/scripts/x3mRouting/vpnclient2-route-pre-down

#!/bin/sh
/jffs/addons/unbound/unbound_manager.sh vpn=disable

/jffs/scripts/x3mRouting/vpnclient2-up

#!/bin/sh
/jffs/addons/unbound/unbound_manager.sh vpn=2 delay=9 &

the name of the 2 scripts must reflect the vpn ID you use
remember to "chmod +x" the scripts

with the above 3 scripts in place, unbound will channel through the vpn when vpn starts, and stop channeling if vpn goes down.

Added, rebooted, all fine - Thank you.

 

[immi803]

Not sure. This ad blocker was based on findings from the Pi-hole community. My first thought was the IP selected as gone bad, meaning the server it is directing all traffic to may be gone, causing issues. However you do Chrome works fine.

What happens when you disable the youtube ad blocker? does it start working on Android again? Any unbound log entries of interest while running android ad blocker?

Anyone else having Android issues with youtube ad blocker enabled?

Yes, you're right, removing YouTube ad blocker fixed the issue
I thoroughly enjoyed YouTube ad blocker until this issue aroused, any solutions to made it work again without such issue?

 

[juched]

Yes, you're right, removing YouTube ad blocker fixed the issue
I thoroughly enjoyed YouTube ad blocker until this issue aroused, any solutions to made it work again without such issue?

Any log entries in unbound while it fails?

Can you also try "youtube update" to have it select a different IP to see if that helps?

 

[immi803]

Any log entries in unbound while it fails?

Can you also try "youtube update" to have it select a different IP to see if that helps?

Tried different ip and it fails again

 

[immi803]

@juched
Log

Spoiler: Fail Log YouTube

Jul 14 01:00:48 unbound[13544:0] error: SERVFAIL <cmflashlight2.com. A IN>: all servers for this domain failed, at zone cmflashlight2.com.
Jul 14 01:00:48 unbound[13544:0] reply: 127.0.0.1 cmflashlight2.com. A IN SERVFAIL 1.371161 0 35
Jul 14 01:00:48 unbound[13544:0] query: 127.0.0.1 cmflashlight2.com. A IN
Jul 14 01:00:49 unbound[13544:0] error: SERVFAIL <cmflashlight2.com. A IN>: all servers for this domain failed, at zone cmflashlight2.com.