Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Milan]

is there still a hidden advanced menu? I like additional tools from there ...

 

[LimJK]

I have just pushed a Hotfix.
I have made a typo 'interfaces:' should be 'interface:' when detecting duplicates.

Martineau,
Thanks ... I have just updated to v3.0.1 ... all is well so far.

However, I noticed that in unbound_manager (under amtm) when I type my input, such as "u" to update or other input, it gets executed straight away without giving me a chance to hit the "Enter" key , I thought it will be nice if accepting input field should be consistent for all the scripts within amtm. Thank you for considering.

I like the new menu / interaction within unbound_manager, sort of less confusing for me Thanks!

 

[Ubimo]

I'm kinda torn back and forth about the "new" interaction, not hitting enter after choosing a menu.
I like it, but as @LimJK already stated, the execution of scripts should be consistend throughout our routers.

 

[Martineau]

I've uploaded v3.01 and unbound.conf v1.08

(Everyone knows you should avoid a 'vX.00' software release like the proverbial............)

Version=3.01
Github md5=22e316f94dcbd1a0cbebeb06a330b147
​

EDIT: If upgrading from v2.18 please follow instruction in post #3

Use of the '1/i = Update unbound Installation' **Optional if already on v3.00** see Change Log

FIX: '2 = Uninstall unbound/unbound_mangler' command leaves orphaned Graphical Statistics TAB, with no way to reinstall in 'Easy' mode.
CHANGE: Improve the comments in 'unbound.conf' - some were misplaced or worded badly etc.

 

[Centrifuge]

Version=3.01

Thanks, stats are back in biz, and we're authoritative again. Good work on all of this.

 

[Jack Yaz]

FIX: '2 = Uninstall unbound/unbound_mangler'

Intentional typo? XD

Great stuff, v3.01 running well on my 86U

EDIT: How can I make the advanced menu the default? I can launch unbound_manager advanced from the CLI, but I must be missing a trick to make it persistent...

 

[Martineau]

How can I make the advanced menu the default? I can launch unbound_manager advanced from the CLI, but I must be missing a trick to make it persistent...

I decided to try and discourage most from using Advanced mode, but touch the appropriate file

 

[Martineau]

I'm kinda torn back and forth about the "new" interaction, not hitting enter after choosing a menu.
I like it, but as @LimJK already stated, the execution of scripts should be consistend throughout our routers.

There is no reason why a noob would need to be regularly camped in front of the 'Easy' menu?

So after the initial unbound install/configuration, probably the only time you would access the 'Easy' menu again would be because amtm directed you there due to a new version of 'update_manager' being available 'u', or to uninstall either of the two optional features or to remove unbound/unbound_manager entirely.

NOTE: Clearly the confirmation 'Are you sure?....' prompts prudently enforce the necessary ENTER key.

 

[Jack Yaz]

I decided to try and discourage most from using Advanced mode, but touch the appropriate file

Got it, working now

Thanks!

 

[Martineau]

During the update, I got an error message below that the 'SSL handshake failed'. The solution is not to reuse the unbound.conf and press enter to download the new unbound.conf.

Do you want to KEEP your current unbound configuration? ('20200412-071748_unbound.conf')

        Reply 'y' to KEEP or press [Enter] to use new downloaded 'unbound.conf'
y

Reloading 'unbound.conf' status=error: SSL handshake failed


error: SSL handshake failed

        ***ERROR unbound-control - failed'?

I can't recreate the issue.

    Options: Auto Reply='y' for User Selectable Options ('')

    [?] Router Graphical GUI statistics TAB installed
    [?] unbound-control FAST response ENABLED

Do you want to KEEP your current unbound configuration? ('20200412-122527_unbound.conf')

    Reply 'y' to KEEP or press [Enter] to use new downloaded 'unbound.conf'
y

Reloading 'unbound.conf' status=ok

=======================================================================================================================================================================================

unbound (pid 16962) is running... uptime: 0 Days, 00:00:21 version: 1.10.0 # rgnldo Github Version=v1.08 Martineau update (Date Loaded by unbound_manager Sun Apr 12 12:26:10 DST 2020)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')        l  = Show unbound log entries (lo=Enable Logging)

 

[juched]

Hello Martineau,

Can I suggest renaming the RPZ Firewall to DNS Firewall? This seems to be the industry name.

Secondly, if I add in a simple check if Unbound is running before calling reload zone, you could use my unbound_rpz.sh to enable this feature by simply downloading and running the script (you have the rpz: in the conf file already. It can be left in the file always without errors if the zone file doesn’t exist in disk. No need for URL: part at this point. Just name, zonefile and maybe log options. )

Uninstall would be to simply remove the cron job and delete that file.

Thoughts?

 

[Martineau]

Hello Martineau,

Can I suggest renaming the RPZ Firewall to DNS Firewall? This seems to be the industry name.

Secondly, if I add in a simple check if Unbound is running before calling reload zone, you could use my unbound_rpz.sh to enable this feature by simply downloading and running the script (you have the rpz: in the conf file already. It can be left in the file always without errors if the zone file doesn’t exist in disk. No need for URL: part at this point. Just name, zonefile and maybe log options. )

Uninstall would be to simply remove the cron job and delete that file.

Thoughts?

I've uploaded BETA 'unbound_manager' v3.02 and 'unbound.conf' v1.09 to support your proposal.

Try it out in 'Advanced' menu mode

e.g. update the 'unbound_manager.sh' script

e  = Exit Script

A:Option ==> uf dev

    unbound_manager.sh downloaded successfully Github 'dev/development' branch

unbound Manager UPDATE Complete! 22e316f94dcbd1a0cbebeb06a330b147

and you will need to retrieve the associated 'unbound.conf'

e  = Exit Script

A:Option ==> i dev

<snip>

Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
######################################################################################################################################################################################## 100.0%
Retrieving Custom unbound configuration
 unbound.conf downloaded successfully Github 'dev/development' branch
Checking IPv6.....
Customising unbound configuration Options:
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf


 Shutting down unbound...              done.
 Starting unbound...              done.

Checking status, please wait..... unbound OK

Auto install unbound Customisation complete 0 minutes and 21 seconds elapsed - Please wait for up to 10 seconds for status.....

I have replaced 'RPZ Firewall' references with 'DNS Firewall'

e  = Exit Script

A:Option ==> firewall

Do you want to enable DNS Firewall?

    Reply 'y' or press [Enter]  to skip
y
    unbound_rpz.sh downloaded successfully Github 'dev/development' branch
    rpzsites downloaded successfully Github 'dev/development' branch

Unbound-RPZ.sh - V1.0.1 running...
Attempting to Download 1 of 1 from .
######################################################################## 100.0%
Reload unbound for zone named rpz.urlhaus.abuse.ch
error no auth-zone rpz.urlhaus.abuse.ch

    unbound DNS Firewall ENABLED

e  = Exit Script

A:Option ==> ?

    Version=3.02
    Github                        md5=22e316f94dcbd1a0cbebeb06a330b147

<snip>

    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED
    [✔] DNS Firewall ENABLED

'rpz disable' turns off the 'DNS Firewall'

EDIT: The creation of the cron job in 'services-start' appears to have gone AWOL in your script...could have sworn that it was there before.

 

[Martineau]

FYI @juched

Can you look at suppressing the error messages when installing the Statistics GUI TAB:

e  = Exit Script

A:Option ==> sgui

unbound-control set_option 'extended-statistics yes' ok

Option Auto Reply 'y'   

    Installing @juched's GUI TAB to Graphically display unbound stats.....
    unbound_stats.sh downloaded successfully
    unboundstats_www.asp downloaded successfully

cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory

Mounting Unbound_Stats.sh WebUI page as user3.asp
Saving MD5 of installed file /jffs/addons/unbound/unboundstats_www.asp to /jffs/addons/unbound/www-installed.md5
Calculated Cache Hit Percentage: 92.13
Adding new value to DB...
Calculating Daily data...
Calculating Weekly and Monthly data...
Outputting histogram performance data...
Outputting answers data...

 

[Milan]

cant enable rpz firewall in 3.02 with dev conf file:

'unbound_rpz.sh' download FAILED with curl error 404

 

[juched]

FYI @juched

Can you look at suppressing the error messages when installing the Statistics GUI TAB:

e  = Exit Script

A:Option ==> sgui

unbound-control set_option 'extended-statistics yes' ok

Option Auto Reply 'y'  

    Installing @juched's GUI TAB to Graphically display unbound stats.....
    unbound_stats.sh downloaded successfully
    unboundstats_www.asp downloaded successfully

cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory

Mounting Unbound_Stats.sh WebUI page as user3.asp
Saving MD5 of installed file /jffs/addons/unbound/unboundstats_www.asp to /jffs/addons/unbound/www-installed.md5
Calculated Cache Hit Percentage: 92.13
Adding new value to DB...
Calculating Daily data...
Calculating Weekly and Monthly data...
Outputting histogram performance data...
Outputting answers data...

I fixed the error message. I also moved rpz script to master, so no need to use dev branch for that to work.

 

[Martineau]

cant enable rpz firewall in 3.02 with dev conf file:

'unbound_rpz.sh' download FAILED with curl error 404

As shown in post #1312 you need to enter the command as shown, as @juched is only hosting the 'rpz' scripts on his development GitHub

 

[Deleted member 62525]

I've uploaded BETA 'unbound_manager' v3.02 and 'unbound.conf' v1.09 to support your proposal.

Try it out in 'Advanced' menu mode

e.g. update the 'unbound_manager.sh' script

e  = Exit Script

A:Option ==> uf dev

    unbound_manager.sh downloaded successfully Github 'dev/development' branch

unbound Manager UPDATE Complete! 22e316f94dcbd1a0cbebeb06a330b147

and you will need to retrieve the associated 'unbound.conf'

e  = Exit Script

A:Option ==> i dev

<snip>

Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
######################################################################################################################################################################################## 100.0%
Retrieving Custom unbound configuration
 unbound.conf downloaded successfully Github 'dev/development' branch
Checking IPv6.....
Customising unbound configuration Options:
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf


 Shutting down unbound...              done.
 Starting unbound...              done.

Checking status, please wait..... unbound OK

Auto install unbound Customisation complete 0 minutes and 21 seconds elapsed - Please wait for up to 10 seconds for status.....

I have replaced 'RPZ Firewall' references with 'DNS Firewall'

e  = Exit Script

A:Option ==> rpz

Do you want to enable DNS Firewall?

    Reply 'y' or press [Enter]  to skip
y
    unbound_rpz.sh downloaded successfully Github 'dev/development' branch
    rpzsites downloaded successfully Github 'dev/development' branch

Unbound-RPZ.sh - V1.0.1 running...
Attempting to Download 1 of 1 from .
######################################################################## 100.0%
Reload unbound for zone named rpz.urlhaus.abuse.ch
error no auth-zone rpz.urlhaus.abuse.ch

    unbound DNS Firewall ENABLED

e  = Exit Script

A:Option ==> ?

    Version=3.02
    Github                        md5=22e316f94dcbd1a0cbebeb06a330b147

<snip>

    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED
    [✔] DNS Firewall ENABLED

'rpz disable' turns off the 'DNS Firewall'

EDIT: The creation of the cron job in 'services-start' appears to have gone AWOL in your script...could have sworn that it was there before.

This is great. Love the solution.

 

[L&LD]

Updated a few routers to the latest unbound_manager and ep (Entware) updates that became available in the last couple of days.

Steps to success outlined below.

• Assuming amtm v3.16 FW is currently running properly.
• Update unbound_manager to v3.01, 'u'.
• Stop unbound (new option '3').
• Exit to command prompt 'e' and issue the following command.

• opkg remove --force-depends libunbound

• in amtm update Entware packages with 'ep', Enter, '1', Enter, '1', Enter.
• Go to unbound_manager, '7'.
• Install the latest v3.01 with '1'.
• Don't enable logging (just hit enter).
• Enable optimizations 'y'.
• Don't enable Firefox (just hit enter).

Done.

HTH.

 

[martinr]

Updated a few routers to the latest unbound_manager and ep (Entware) updates that became available in the last couple of days.

Steps to success outlined below.

• Assuming amtm v3.16 FW is currently running properly.
• Update unbound_manager to v3.01, 'u'.
• Stop unbound (new option '3').
• Exit to command prompt 'e' and issue the following command.

• opkg remove --force-depends libunbound

• in amtm update Entware packages with 'ep', Enter, '1', Enter, '1', Enter.
• Go to unbound_manager, '7'.
• Install the latest v3.01 with '1'.
• Don't enable logging (just hit enter).
• Enable optimizations 'y'.
• Don't enable Firefox (just hit enter).

Done.

HTH.

I just knew I should have held off, waiting for your guide to appear.

 

[ColDen]

FYI @juched

Can you look at suppressing the error messages when installing the Statistics GUI TAB:

e  = Exit Script

A:Option ==> sgui

unbound-control set_option 'extended-statistics yes' ok

Option Auto Reply 'y'  

    Installing @juched's GUI TAB to Graphically display unbound stats.....
    unbound_stats.sh downloaded successfully
    unboundstats_www.asp downloaded successfully

cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory

Mounting Unbound_Stats.sh WebUI page as user3.asp
Saving MD5 of installed file /jffs/addons/unbound/unboundstats_www.asp to /jffs/addons/unbound/www-installed.md5
Calculated Cache Hit Percentage: 92.13
Adding new value to DB...
Calculating Daily data...
Calculating Weekly and Monthly data...
Outputting histogram performance data...
Outputting answers data...

Hi Martineau,

I have also noticed the following additional errors (in red boxes) with my RT-AC86U:

While Unbound seem to be correctly working, I am still wondering if the above reported issues may have prevented the script to correctly write back some important information for my .

Thanks,

Denis