dave14305
Part of the Furniture
The startup script is also used as the shutdown script, but the log command doesn’t differentiate its text whether it’s a start or stop. So it was likely stopping.
Unbound - Authoritative Recursive Caching DNS Server
- Thread starter rgnldo
- Start date
- Status
Martineau
Part of the Furniture
Yes
dave14305
Part of the Furniture
Wanted: someone to carry this idea across the finish line. I enjoyed learning how to get this far, but I don't have the dev chops to see this through to the end. I envisioned a UI that would not require any CLI interaction after the initial install. In the end, my eyes were bigger than my stomach. If anyone wants to pick this up, please feel free. @Martineau @juched
Source is available at https://github.com/dave14305/Unbound-Merlin-UI
Source is available at https://github.com/dave14305/Unbound-Merlin-UI
rgnldo
Very Senior Member
Excellent job. I hope it moves forward with FW Merlin, facilitating the end user's access to unbound in a friendly way.
rgnldo
Very Senior Member
From what I notice, there are great advances, contributors of excellent knowledge and an installer script capable of facilitating the installation of unbound for the end user. This thread will no longer be focused on installing unbound, the script_installer unbound_manager will take care of this task. We will discuss various issues related to unbound and etc.
I've been a little busy lately. When it comes to adblock development, I'm almost finished with the new, cleaner script, with cname cloaking block support, with stub-zones, and auth-zone blocking. It will still take a while. So far, super efficient.
I've been a little busy lately. When it comes to adblock development, I'm almost finished with the new, cleaner script, with cname cloaking block support, with stub-zones, and auth-zone blocking. It will still take a while. So far, super efficient.
Last edited:
Mutzli
Very Senior Member
Martineau
Part of the Furniture
So exactly what technical show-stopper prevents you from completing this admirable project?Wanted: someone to carry this idea across the finish line. I enjoyed learning how to get this far, but I don't have the dev chops to see this through to the end. I envisioned a UI that would not require any CLI interaction after the initial install. In the end, my eyes were bigger than my stomach. If anyone wants to pick this up, please feel free. @Martineau @juched
Source is available at https://github.com/dave14305/Unbound-Merlin-UI
rgnldo
Very Senior Member
I've been analyzing your work, in your repository. I installed it. My conclusion: man, exceptional work. This work must be appreciated by the FW Merlin development team. I already knew about the OpenWRT forum, but I didn't expect this adaptation for FW Merlin. It is a bold initiative, with a GUI frontend, which probably took days of thinking and repeating. My congratulations, @dave14305. With this project of yours, you will shake up a lot of things around here. Success.
Last edited:
dave14305
Part of the Furniture
Thank you. If not for the OpenWRT script, I wouldn't have imagined how to do this behind the scenes.I've been analyzing your work, in your repository. I installed it. My conclusion: man, exceptional work. This work must be appreciated by the FW Merlin development team. I already knew about the OpenWRT forum, but I didn't expect this adaptation for FW Merlin. It is a bold initiative, with a GUI frontend, which probably took days of thinking and repeating. My congratulations, @dave14305. With this project of yours, you will shake up a lot of things around here. Success.
I pushed an update to the script because I realized I hadn't cleaned up my work in progress. As it stands now, the UI and script will generate a new conf file and reload unbound and dnsmasq after hitting Apply.
Figuring out how to position this within the growing ecosystem of unbound_manager and Unbound Stats is the real hurdle.
D
Deleted member 62525
Guest
You did a great job!! It seams lots of existing menu functionality is now in the new screen. Makes it so much easier to manage and configure vs editing unbound.conf using current menu.
I would imagine that we keep going with your GUI admin page since users would definitely prefer that. Stats GUI page can be a separate add on. Not everyone would install it I imagine. All we would need to do is use the main menu to do initial download with default config and install your admin page.
rgnldo
Very Senior Member
I imagined the same situation as when you want to enable Download Master.
Would you mind sharing how you managed this? I'm trying to setup a standalone Unbound with adblocking on a Pi and it would help a lot, or will you publish it later to be included with the unbound addon?
rgnldo
Very Senior Member
My script is focused on another project that I contribute. There is an adblock script that I collaborated with unbound_manager script. See what you can do based on the scripts.
Last edited:
Ok but the cname cloak blocking etc isn't part of the unbound manager script I suppose? May I ask which other project it is you're working on? Link?
D
Deleted member 62525
Guest
Over the past few weeks I have been running Unbound with a good success. As with everything I do I try to understand more and more about Unbound and for my setup how to configure it properly in my environment. I try to be lean on what code or service I run and in my example I decided to run Skynet, Unbound with Ad blocking and VPN Client (Split tunnel).
Because I run Open VPN client (NordVPN) for some devices I wanted to learn more about Unbound config with VPN. Not a lot of help out there but I found one on NordVPN site that was about configuring some other router with VPN and Unbound. The suggestion was by Nord to configure VPN (just as we do on Asus) and later followed by recommendation to configure Unbound for ALL interfaces. This made sense to me since vpn client when started creates additional tun interfaces.
That got me thinking what is the reason we default to 127.0.0.1. Is that related to Skynet or are there other reasons? I could not find any detailed answers on this forum hence the post. For my curiosity, I switched Unbound interface to 0.0.0.0 and so far 24 hr is running fine and maybe even better than expected . My VPN Client DNS is set to Disabled as I want to use Unbound DNS for all devices.
So far with interface: 0.0.0.0@53535 things are working and all the clients including VPN devices use Unbound.
The important question, is it safe to run Unbound on 0.0.0.0 and if not why?
Because I run Open VPN client (NordVPN) for some devices I wanted to learn more about Unbound config with VPN. Not a lot of help out there but I found one on NordVPN site that was about configuring some other router with VPN and Unbound. The suggestion was by Nord to configure VPN (just as we do on Asus) and later followed by recommendation to configure Unbound for ALL interfaces. This made sense to me since vpn client when started creates additional tun interfaces.
That got me thinking what is the reason we default to 127.0.0.1. Is that related to Skynet or are there other reasons? I could not find any detailed answers on this forum hence the post. For my curiosity, I switched Unbound interface to 0.0.0.0 and so far 24 hr is running fine and maybe even better than expected . My VPN Client DNS is set to Disabled as I want to use Unbound DNS for all devices.
So far with interface: 0.0.0.0@53535 things are working and all the clients including VPN devices use Unbound.
The important question, is it safe to run Unbound on 0.0.0.0 and if not why?
dave14305
Part of the Furniture
We default Unbound to 127.0.0.1 because it always sits behind dnsmasq. Clients will query dnsmasq and dnsmasq will forward to Unbound. This allows the benefit of dnsmasq with Diversion and local hostname resolution. Therefore it was unnecessary to have Unbound listen on all interfaces.
Most clients won't know how to resolve against Unbound on port 53535 on a LAN interface. They will use port 53. If you configure your VPN to use the router IP as the DNS, then you will get the benefits. Using 0.0.0.0 tells Unbound to listen on all interfaces (including the WAN interface), but your firewall and Unbound access-control statements should prevent external access.
D
Deleted member 62525
Guest
I used unbound_manager gui, did vx to modify the unbound.conf and followed that with rs to do restart. I am assuming that "rs" command will also update dnsmasq and restart dnsmasq.
I tested all my network clients and browsing is not an issue, also tested DNS leaks and it all passed. It got me thinking that for many users that install Unbound+AdBlocker and don't have a need for dnsmasq DNS resolving names to IP on local network, dnsmasq DNS could be disabled.
I could set dnsmasq port=0 and configure Unbound on interface 0.0.0.0@53. I would only use dnsmasq for local DHCP.
- Status
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| L | Unbound + Wireguard: is this combination possible at all? | Asuswrt-Merlin | 6 | |
| J | DNS rewrite for internal clients to resolve hostname via adguard home and unbound | Asuswrt-Merlin | 12 |
Similar threads
-
Unbound + Wireguard: is this combination possible at all?
- Started by louisschneider
- Replies: 6
-
DNS rewrite for internal clients to resolve hostname via adguard home and unbound
- Started by jata
- Replies: 12