Unbound - Authoritative Recursive Caching DNS Server

[rgnldo]

This is what I get executing the command in Terminal LAN:

You tried to use another computer. Weird.

 

[Chris0815]

You tried to use another computer. Weird.

I only have this "old" MacBook Pro 2010 here - can this be the reason?!?
Windows is not executing the dig command to show query time.

 

[rgnldo]

I only have this "old" MacBook Pro 2010 here - can this be the reason?!?
Windows is not executing the dig command to show query time.

Is weird. Something wrong. For me, there is always a logic. Don't be formatting. Take your time to analyze possible problems.

 

[Chris0815]

Is weird. Something wrong. For me, there is always a logic. Don't be formatting. Take your time to analyze possible problems.

Hey rgnldo!
Investigating the issue at the Mac himself was the right advice...

Dig the first time...

; <<>> DiG 9.10.6 <<>> smallnetbuilder.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8676
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;smallnetbuilder.com.        IN    A

;; ANSWER SECTION:
smallnetbuilder.com.    1200    IN    A    104.26.9.114
smallnetbuilder.com.    1200    IN    A    104.26.8.114

;; Query time: 75 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 15:34:51 CEST 2020
;; MSG SIZE  rcvd: 80

Dig the second time...

; <<>> DiG 9.10.6 <<>> smallnetbuilder.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7475
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;smallnetbuilder.com.        IN    A

;; ANSWER SECTION:
smallnetbuilder.com.    1196    IN    A    104.26.9.114
smallnetbuilder.com.    1196    IN    A    104.26.8.114

;; Query time: 4 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Apr 14 15:34:55 CEST 2020
;; MSG SIZE  rcvd: 80

Looks much better now! This was achieved by deactivating the Mac OS internal firewall. The firewall on the Mac was not adjusted before in any special way, just switched to "on". Big influence...
Thank you for being so patient and sorry for posting this issue in the unbound forum... (the issue seems to be linked to my Mac....) But I am really very happy to know where the high query time was coming from.

 

[rgnldo]

deactivating the Mac OS internal firewall.

Yes. Something was going on. Next time, try not to format. Disable services in stages.
Now reorganize your VPN and other services. Go by parts. Soon you will get the knowledge.

 

[rgnldo]

Thank you for being so patient and sorry for posting this issue in the unbound forum

Your post was correct. Whenever possible and available, we will help.

 

[Chris0815]

Whenever possible and available, we will help.

Thanks a lot! - I am very happy having found this forum here and people helping that much - and in very short time! This stuff is new for me - but I got interested in all theses possibilities to improve security and speed - I was not aware of these things some weeks before... Thanks!

 

[CardcaptorRLH85]

I'm getting a weird error message when trying to install Unbound.

Bad address
[1587834413] unbound-checkconf[4520:0] fatal error: control-key-file: "(null)" does not exist

I've checked the configuration file and the line

control-key-file: "/opt/var/lib/unbound/unbound_control.key"

is there and that file does exist. I have no idea what's going on.

EDIT: I've noticed that the numbers in both the "Bad address" section and the "unbound-checkconf" sections seem to change every time I try this again. For example, I just got the following error

Bad address
[1587835034] unbound-checkconf[7853:0] fatal error: control-key-file: "(null)" does not exist

 

[dave14305]

I'm getting a weird error message when trying to install Unbound.



I've checked the configuration file and the line is there and that file does exist. I have no idea what's going on.

EDIT: I've noticed that the numbers in both the "Bad address" section and the "unbound-checkconf" sections seem to change every time I try this again. For example, I just got the following error

Remove the carriage return from the config file between : and the “

The first number is the time in epoch format. The second is likely the process number.

 

[CardcaptorRLH85]

Remove the carriage return from the config file between : and the “

The first number is the time in epoch format. The second is likely the process number.

I've removed the whitespace between the : and the " but, I'm still seeing the same error.

EDIT: Here's the full error.

Bad address
[1587842639] unbound-checkconf[24663:0] fatal error: control-key-file: "(null)" does not exist

***ERROR requested re(Start) of unbound ABORTed! - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

 

[dave14305]

I've removed the whitespace between the : and the " but, I'm still seeing the same error.

EDIT: Here's the full error.

Maybe post in the Unbound Manager thread: https://www.snbforums.com/threads/r...ility-for-unbound-recursive-dns-server.61669/

 

[jim trudel]

when using unbound, in the config file, I ve put many dns servers, quad9, cleanbrowsing and adguard, the system choose the fastest or it is in the order I entered it?

thanks

 

[rgnldo]

when using unbound, in the config file, I ve put many dns servers, quad9, cleanbrowsing and adguard, the system choose the fastest or it is in the order I entered it?

thanks

Take the test here and you will see the sequence. https://www.dnsleaktest.com/

 

[jim trudel]

Take the test here and you will see the sequence. https://www.dnsleaktest.com/

Finally I tested it and it's weird but even if I alternate the next DNS with we quad9, nextdns stays first in the test

Envoyé de mon SM-G960W en utilisant Tapatalk

 

[r0bbieNZ]

hi forgive me not reading through the 70 pages, but I would like to try Unbound for the caching and prefetching but use my ISP dns servers instead of bypassing them

What are the steps to do this?

Thanks

 

[QuikSilver]

hi forgive me not reading through the 70 pages, but I would like to try Unbound for the caching and prefetching but use my ISP dns servers instead of bypassing them

What are the steps to do this?

Thanks

I may be wrong but I believe the purpose of Unbound is to NOT use someone else's DNS servers. Unbound allows you to become your own DNS server. If that is correct then this is not what you are looking for.

 

[SomeWhereOverTheRainBow]

I may be wrong but I believe the purpose of Unbound is to NOT use someone else's DNS servers. Unbound allows you to become your own DNS server. If that is correct then this is not what you are looking for.

I concur as you would be caching data that has already been cached by you isp and / or manipulated along the way. @r0bbieNZ

 

[K-2SO]

I may be wrong but I believe the purpose of Unbound is to NOT use someone else's DNS servers. Unbound allows you to become your own DNS server. If that is correct then this is not what you are looking for.

And this is exactly how Unbound should work as Resolver. https://www.dnsleaktest.com/ should show own IP address as DNS. We run Netgate SG-3100 in the office and no external DNS resolvers are used in Unbound configuration. I don't know how this works on routers, but the quotes below sound like Forwarder to me.

when using unbound, in the config file, I ve put many dns servers, quad9, cleanbrowsing and adguard, the system choose the fastest or it is in the order I entered it?

Take the test here and you will see the sequence. https://www.dnsleaktest.com/

 

[rgnldo]

I don't know how this works on routers, but the quotes below sound like Forwarder to me.

specific servers for default forward zones that are outside of the local machine and outside of the local network add a forward zone with the name.

forward-zone:
  name: "."
  forward-addr: x.x.x.x
  forward-addr: x.x.x.x

It is a resource widely used in unbound.

The unbound advantage is the options, glue, harden, performance, scalability. These features improve security in a DNS resolver.

 

[dave14305]

Wow, Unbound is developing DNS-over-HTTPS support...this is for incoming requests from clients.