What's new

[Release] unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

TonyK132

Senior Member
I thought I would try the command above. Here's what I got:

[email protected]:/tmp/home/root# unbound -v
[1600263847] unbound[4663:0] notice: Start of unbound 1.11.0.
Sep 16 07:44:07 unbound[4663:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953
Sep 16 07:44:07 unbound[4663:0] error: cannot open control interface 127.0.0.1 953
Sep 16 07:44:07 unbound[4663:0] fatal error: could not open ports

I presume this is not a good thing. How do I fix it? Could this be the reason that sometimes when I go to a new webpage that it literally takes 5-10 seconds to get a response?
 

Martineau

Part of the Furniture
I thought I would try the command above. Here's what I got:

[email protected]:/tmp/home/root# unbound -v
[1600263847] unbound[4663:0] notice: Start of unbound 1.11.0.
Sep 16 07:44:07 unbound[4663:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953
Sep 16 07:44:07 unbound[4663:0] error: cannot open control interface 127.0.0.1 953
Sep 16 07:44:07 unbound[4663:0] fatal error: could not open ports

I presume this is not a good thing. How do I fix it? Could this be the reason that sometimes when I go to a new webpage that it literally takes 5-10 seconds to get a response?
There is a difference between lower-case 'v' and upper-case 'V'

Lower-case 'v' will attempt to start a new (verbose/debugging?) instance of unbound which will fail (error: can't bind socket: Address already in use for 127.0.0.1 port 953) if unbound is already running.
 

Markster

Senior Member
I thought I would try the command above. Here's what I got:

[email protected]:/tmp/home/root# unbound -v
[1600263847] unbound[4663:0] notice: Start of unbound 1.11.0.
Sep 16 07:44:07 unbound[4663:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953
Sep 16 07:44:07 unbound[4663:0] error: cannot open control interface 127.0.0.1 953
Sep 16 07:44:07 unbound[4663:0] fatal error: could not open ports

I presume this is not a good thing. How do I fix it? Could this be the reason that sometimes when I go to a new webpage that it literally takes 5-10 seconds to get a response?
Probably what happened is you did the ep update while Unbound was running. I had the same error as you.
Even after rebooting the router I still was not able to get Unbound running so I did a re-install and that fixed the issues.
 

TonyK132

Senior Member
There is a difference between lower-case 'v' and upper-case 'V'

Lower-case 'v' will attempt to start a new (verbose/debugging?) instance of unbound which will fail (error: can't bind socket: Address already in use for 127.0.0.1 port 953) if unbound is already running.
Thanks. Next time, I'll research further to know what I was doing.

Probably what happened is you did the ep update while Unbound was running. I had the same error as you.
Even after rebooting the router I still was not able to get Unbound running so I did a re-install and that fixed the issues.
Yes, I may have done the ep update. I'll try a reboot and see if that clears up my long resolve host time.

Update: I rebooted but I'm still getting long "resolving host" times, occasionally on the order of 5-10 secs. Could I have a misconfiguration somewhere? I have the settings that unbound wants, but are there any others? What about the DNS for the VPN client that I running on my PC. I currently have that set to my router address of 192.168.2.1. Is there an interaction between unbound and Diversion and/or Skynet that needs to be manually configured? Is anyone else experiencing these long "resolving host" times?

Update: I think I found my error. I am running a VPN client in my PC not in the router. But I configured the DNS in the PC client to use the LAN IP address of my router. Wrong!! The VPN server has no way of knowing how to resolve 192.168.2.1, so I'm guessing the 5-10 sec time was their timeout before using their fallback DNS. Now that I have it configured to use the VPN's DNS while in the client, browsing is now nice and fast.
 
Last edited:

MartinDEE

Regular Contributor
Looks like Entware packages have had a update and now getting this


unbound-checkconf: error while loading shared libraries: libevent-2.1.so.7: cannot open shared object file: No such file or directory
 

L&LD

Part of the Furniture

gtqiiptzfsfcppfcs

New Around Here
Sorry for a stupid question:

Is unbound as a forwarder (when using DoT) faster than dnsmasq? (Because unbound keep cache while dnsmasq only keep the cache in the RAM?)

Sorry if I understand that incorrectly. Thanks
 

Martineau

Part of the Furniture
Is there a way I can ad more blocklist to Unbound? if so How?

Thanks
Use the 'Advanced' menu edit options.....option 'eb' ('/opt/share/unbound/configs/blockhost') or 'ecb' ('/opt/share/unbound/configs/blocksites')
Code:
i  = Update unbound and configuration ('/opt/var/lib/unbound/')             l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                         v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
x  = Stop unbound                                                           vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
                                                                            rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                                    oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                                     s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://10.88.8.1:80/)
                                                                            adblock = Install Ad Block [uninstall | update | track]
DisableFirefoxDoH = Disable Firefox DoH [yes | no]                          youtube = Install YouTube Ad Block [uninstall | update]
Stubby = Enable Stubby Integration                                          DoT = Enable DNS-over-TLS
                                                                            firewall = Enable DNS Firewall [disable | ?]
bind = BIND unbound to WAN [debug | disable | debug show]                   vpn = BIND unbound to VPN {vpnid [debug]} | [disable | debug show] e.g. vpn 1

scribe = Enable scribe (syslog-ng) unbound logging                          ad = Analyse Diversion White/Block lists ([ file_name [type=adblock] ])
dnsmasq = Disable dnsmasq [disable | interfaces | nointerfaces]             ea = Edit Ad Block Allowlist (eb=Blocklist; eca=Config-AllowSites; ecb=Config-BlockSites; el {Ad Block file})
dumpcache = [bootrest] (or Manually use restorecache after REBOOT)          ca = Cache Size Optimisation [ min | calc ]
                                                                            views = [? | uninstall] | {view_name [? | remove]} | {view_name [[type] domain_name[...] | IP_address[...]] [del]} ]

dig = {domain} [time] Show dig info e.g. dig asciiart.com                   lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu
dnsinfo = {dns} Show DNS Server e.g. dnsinfo                                dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links


[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]

A:Option ==>
 

New2This

Regular Contributor
I had the extra block list in diversion , I suppose there no reason to run both programs ? Or would diversion just interfere with unbound.
With adding host list to unbound, do they need to be in the same format 0.0.0.0
 
Last edited:

Martineau

Part of the Furniture

Slawek P

Regular Contributor
Hello, I am going to have another go at running unbound without diversion on my RT-AX88U.

I have two questions as I am struggling to find details:
  • I understand dnsmasq disable, but please advise what is the meaning/usage of two other dnsmasq options that are availble there: interfaces and nointerfaces
  • How do I import white list from diversion, I can see ad = Analyse Diversion White/Block lists ([ file_name [type=adblock] ]) but I do not understand the outcome of this action and meaning of file_name and type
Many thanks
 

Martineau

Part of the Furniture
Hello, I am going to have another go at running unbound without diversion on my RT-AX88U.

I understand dnsmasq disable, but please advise what is the meaning/usage of two other dnsmasq options that are availble there: interfaces and nointerfaces
When 'dnsmasq disable' is issued, unbound_manager will attempt to migrate any 'interface=' directives currently defined in 'dnsmasq.conf'

e.g. I use several custom VLANs (created using VLANSwitch.sh), so they are added to '/opt/share/unbound/configs/unbound.conf.localhosts'
Code:
# Replicate dnsmasq 'interface=' directives

server:

#interface: 10.88.101.1     # br1
#interface: 10.88.102.1     # br2
#interface: 10.88.103.1     # br3
#interface: 10.88.104.1     # br4
#interface: 10.88.105.1     # br5
#interface: 10.88.241.1     # wl0.1
#interface: 10.88.242.1     # wl0.2
#interface: 10.88.243.1     # wl0.3
#interface: 10.88.51.1      # wl1.1
#interface: 10.88.52.1      # wl1.2
#interface: 10.88.53.1      # wl1.3
interface: 10.88.20.1       # vlan20
interface: 10.88.30.1       # vlan30
interface: 10.88.50.1       # vlan50
interface: 10.88.40.1       # vlan40
interface: 10.88.200.1      # vlan200
#interface: 10.88.144.1     # vlan144
#interface: 10.88.123.1     # vlan123
#interface: 10.88.80.1      # vlan80
Unfortunately, unbound will not start if any of the defined interfaces do not (yet) physically exist, hence the option to use the 'nointerfaces'
NOTE: unbound_manager v3.17, now instructs unbound to ignore any (as yet) undefined interfaces by using the following in 'unbound.conf'
Code:
ip-freebind: yes      # Allow interfaces DOWN during say reboot.
so unbound will always start even if the interfaces do not physically exist.
How do I import white list from diversion, I can see ad = Analyse Diversion White/Block lists ([ file_name [type=adblock] ]) but I do not understand the outcome of this action and meaning of file_name and type
The 'ad' command will display something like this
Code:
e  = Exit Script [?]

A:Option ==> ad

Analyzing, please be patient.....may take 30 seconds

Analysed Diversion file: 'blockinglist'  Type=pixelserv, (Adblock Domains=165379) would add 1999 entries
Analysed Diversion file: 'blacklist'     Type=pixelserv, (Adblock Domains=165379) would add 2 entries
Analysed Diversion file: 'whitelist'     Type=URL, (Adblock URLs=19) would add 70 entries
or
Code:
e  = Exit Script [?]

A:Option ==> ad type=adblock

Analyzing, please be patient.....may take 30 seconds

Analysed Diversion file: 'blockinglist'  Type=adblock, (Adblock Domains=165379) would add 1997 entries
Analysed Diversion file: 'blacklist'     Type=adblock, (Adblock Domains=165379) would add 1 entries
Analysed Diversion file: 'whitelist'     Type=URL, (Adblock URLs=19) would add 70 entries
and three files are created
Code:
/opt/tmp/unbound-whitelist.add
/opt/tmp/unbound-blockinglist.add
/opt/tmp/unbound-blacklist.add
So the resulting files may be used (manually copy'n'paste) to either replicate the entries for unbound to use pixelserv (default), or more likely to include the entries in the Adblock files (type=adblock)

I don't use Diversion, so not sure if the conversion was/is still actually valid.

The optional filename is to allow analysing files other than the default Diversion files, such as a backup/archive etc.
 
Last edited:

glehel

Regular Contributor
we use the dns query via vpn, in the tests it displays its own private (WAN) ip address as the dns server and not the output ip address of the vpn. this is correct? so they practically know the original WAN ip address which I don't want. I use the internet via unbound with vpn. ad filtering is also important, so i don't use the vpn dns address.
 

gspannu

Regular Contributor
I am running Diversion & Unbound; but thinking of removing Diversion since Unbound does ad-blocking as well.
Few questions...
1) Diversion allows to choose different Adblock lists (small, medium, large, etc..) - can the same be done with Unbound? Some detailed instructions would be helpful.
2) It is very easy to find a blocked site in Diversion; especially by specific IP address - does Unbound do something similar? Can someone please explain in some detail - I have read the forum posts but can’t find detail or instructions to find blocked domains by a particular IP.
Thanks...
 

Jumpstarter

Senior Member
I am running Diversion & Unbound; but thinking of removing Diversion since Unbound does ad-blocking as well.
Few questions...
1) Diversion allows to choose different Adblock lists (small, medium, large, etc..) - can the same be done with Unbound? Some detailed instructions would be helpful.
2) It is very easy to find a blocked site in Diversion; especially by specific IP address - does Unbound do something similar? Can someone please explain in some detail - I have read the forum posts but can’t find detail or instructions to find blocked domains by a particular IP.
Thanks...
I find that my cache responses are always fresh, my pages load quickly and ad free. The only downside to using unbound as dnsmasq replacement is i am curious if it is compatible with aimesh.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top