[Release] unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

immi803

Regular Contributor
@juched
Log
Jul 14 01:00:48 unbound[13544:0] error: SERVFAIL <cmflashlight2.com. A IN>: all servers for this domain failed, at zone cmflashlight2.com.
Jul 14 01:00:48 unbound[13544:0] reply: 127.0.0.1 cmflashlight2.com. A IN SERVFAIL 1.371161 0 35
Jul 14 01:00:48 unbound[13544:0] query: 127.0.0.1 cmflashlight2.com. A IN
Jul 14 01:00:49 unbound[13544:0] error: SERVFAIL <cmflashlight2.com. A IN>: all servers for this domain failed, at zone cmflashlight2.com.
 

juched

Senior Member
@juched
Log
Jul 14 01:00:48 unbound[13544:0] error: SERVFAIL <cmflashlight2.com. A IN>: all servers for this domain failed, at zone cmflashlight2.com.
Jul 14 01:00:48 unbound[13544:0] reply: 127.0.0.1 cmflashlight2.com. A IN SERVFAIL 1.371161 0 35
Jul 14 01:00:48 unbound[13544:0] query: 127.0.0.1 cmflashlight2.com. A IN
Jul 14 01:00:49 unbound[13544:0] error: SERVFAIL <cmflashlight2.com. A IN>: all servers for this domain failed, at zone cmflashlight2.com.
Don’t think that has anything to do with the failure. Looks like a bad site.

Not sure why it is failing on the android device. How does it fail? Timeout or error message?
 

Wycleff

Occasional Visitor
Hmmm, sometimes after manual reboot of my Router, unbound is not automatically starting.
is there a way to fix this ?

Code:
Warning unbound not running!!
 

Mutzli

Very Senior Member
This afternoon we couldn't access some sites while others worked as normal. All we got was DNS errors in the log and "unable to connect" browser messages. I figured something must have happened to unbound. So I started with resetting unbound.conf to its default settings and rebooting the router but all to no avail. I wasted about 2 hours on different settings and reboots. Turns out that Cloudflare was down this afternoon and took with it the recursive Cloudflare DNS. Everything is working again once they fixed the issue.
 

jsbeddow

Senior Member
This afternoon we couldn't access some sites while others worked as normal. All we got was DNS errors in the log and "unable to connect" browser messages. I figured something must have happened to unbound. So I started with resetting unbound.conf to its default settings and rebooting the router but all to no avail. I wasted about 2 hours on different settings and reboots. Turns out that Cloudflare was down this afternoon and took with it the recursive Cloudflare DNS. Everything is working again once they fixed the issue.
Hmmm..are you sure you are using unbound as a true recursive DNS resolver, not simply using it as an alternative way of accessing Clouldflare DNS servers over DoT? If you were affected by the Clouldflare outage, I would think it is the latter case.
 

Rob Q

Regular Contributor
I'm confused. What advantages does this have compared to the default Merlin settings? I'm using my ISP's DNS servers.
 
Last edited:

QuikSilver

Very Senior Member
I'm confused. What advantages does this have compared to the default Merlin settings? I'm using my ISP's DNS servers.
You become your own recursive dns resolver. Less items going through google, your ISP, or any other dns server.
 

martinr

Part of the Furniture
I'm confused. What advantages does this have compared to the default Merlin settings? I'm using my ISP's DNS servers.
And less chance of your dns query being hijacked with Unbound as your recursive dns server? I use Unbound (together with Diversion and Skynet), but a comment made by someone a while back points to one possible disadvantage: by using something like Cloudflare or Quad9, you are getting the benefits of their “threat intelligence database”, which you wouldn’t get if you use Unbound as your recursive dns server. But if you’re also using Diversion and Skynet you may well be getting the same or maybe even better protection for all I know?

I’m keen to read what others make of my speculations.
 

martinr

Part of the Furniture
You become your own recursive dns resolver. Less items going through google, your ISP, or any other dns server.
Another advantage is that your queries are cached so next time you look up the same domain, the answer is instant. However, whether or not you’ll notice the site loading any quicker is debatable. (And you’ll want to refresh the cache occasionally anyway, to make sure it doesn’t harbour stale, out-of-date information.)

And another advantage: you start to learn and understand more about how dns works!
 

Chris0815

Regular Contributor
But if you’re also using Diversion and Skynet you may well be getting the same or maybe even better protection for all I know?
...and the RPZ (Firewall) feature that can be used with Ubound. You can adjust Unbound in many ways - this is not possible by other DNS-Servers.
 

raion969

Regular Contributor
Heyy after updating the flexqos script i am not able to start unbound again?
IT says unbound went awol after 1sec

Ok now i reinstalled it, it should work again.

But what did you mean in you post before on:

Also turn off auto on WAN to not use ISP DNS servers? What settings in the router is this ?
 
Last edited:

ARKASHA

Occasional Visitor
Is there a way to allow clients connected via VPN server for using unbound as dns server? Advertise DNS to clients option doesn't seem to work.
 

archiel

Regular Contributor
Is there a way to allow clients connected via VPN server for using unbound as dns server? Advertise DNS to clients option doesn't seem to work.
I am not sure if this is relevant, but I have found that setting up VPN Server with 2048 bit encryption does not work for me. Using 1024 bit is fine. I have setup 2 OpenVPN servers, both using TCP, with different Server Ports and VPN Subnet / Netmasks but otherwise identical apart from encryption level. Both have advertise DNS to clients On (and both have Client will use VPN to access = Both).

With 1024 I can see that the the clients are picking up the DNS via unbound and (Diversion does its stuff for ad blocking), however with 2048 I cannot browse at all.
 

ARKASHA

Occasional Visitor
I am not sure if this is relevant, but I have found that setting up VPN Server with 2048 bit encryption does not work for me. Using 1024 bit is fine. I have setup 2 OpenVPN servers, both using TCP, with different Server Ports and VPN Subnet / Netmasks but otherwise identical apart from encryption level. Both have advertise DNS to clients On (and both have Client will use VPN to access = Both).

With 1024 I can see that the the clients are picking up the DNS via unbound and (Diversion does its stuff for ad blocking), however with 2048 I cannot browse at all.
Yes, my settings are same as yours, just I forget to download a new .ovpn file. Now all is going through Unbound. ;)
 

Ubimo

Senior Member
I edited the config with vx and saved it.
Then I rl the config, but this happend:
Code:
unbound (pid 26144) is running... uptime: 0 Days, 00:14:28 version: 1.10.1 # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Mon Jul 20 21:48:21 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats)

e  = Exit Script [?]

A:Option ==> rl

Reloading 'unbound.conf' status=22:02:51 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=1464/1199 rrset.cache=6911/5842
ok
[1595275371] unbound-control[31221:0] fatal error: could not recv: Connection reset by peer
[1595275372] unbound-control[31235:0] error: connect: Connection refused for 127.0.0.1 port 953
[1595275372] unbound-control[31239:0] error: connect: Connection refused for 127.0.0.1 port 953
22:02:52 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2020-07-20 22:02:51) msg.cache=/1199 rrset.cache=/5842
[1595275372] unbound-control[31246:0] error: connect: Connection refused for 127.0.0.1 port 953



Warning unbound not running!! - Config last loaded info: # rgnldo Github Version=v1.10 Martineau update (Date Loaded by unbound_manager Mon Jul 20 22:02:50 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')         l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                     v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                     rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)       s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats)

e  = Exit Script [?]

A:Option ==> l

/opt/var/lib/unbound/unbound.log                Press CTRL-C to stop

Jul 20 22:02:51 unbound[26144:0] info: lower(secs) upper(secs) recursions
Jul 20 22:02:51 unbound[26144:0] info:    0.000000    0.000001 6
Jul 20 22:02:51 unbound[26144:0] info:    0.016384    0.032768 11
Jul 20 22:02:51 unbound[26144:0] info:    0.032768    0.065536 26
Jul 20 22:02:51 unbound[26144:0] info:    0.065536    0.131072 50
Jul 20 22:02:51 unbound[26144:0] info:    0.131072    0.262144 21
Jul 20 22:02:51 unbound[26144:0] info:    0.262144    0.524288 8
Jul 20 22:02:51 unbound[26144:0] info:    0.524288    1.000000 3
Jul 20 22:02:51 unbound[26144:0] notice: Restart of unbound 1.10.1.
Jul 20 22:02:51 unbound[26144:0] fatal error: Could not read config file: /unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf
Edit:
Found the error, I should've answered with y after saving the config to restart unbound
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top