What's new

Unbound - Authoritative Recursive Caching DNS Server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
unbound-control remotely configures unbound, without the need to restart the unbound daemon.
With the advancement of unbound development, I checked.
When describing:
directory: "/opt/var/lib/unbound
There is no need to add paths to the file.
Code:
    # ROOT Server's
    root-hints: "root.hints"

    # DNSSEC
    module-config: "validator iterator"
    auto-trust-anchor-file: "root.key"

    # Adblock blacklist
    include: "adblock/adservers"

    remote-control:
    control-enable: yes
    control-interface: 127.0.0.1
and many other news
 
I have a Plex media server running on a machine that only gets to wan through a VPN. With unbound installed , I can no longer access Plex on local lan. If I go back to regular dns with dot , all access is normal again.vI suspect there is a way to make it all work but have no idea where to start.

Sent from my Pixel 4 XL using Tapatalk
 
Plex media server running on a machine
try
Code:
private-domain: "plex.direct"
or
Code:
local-zone: "plex.direct" redirect
local-data: "plex.direct 3600 IN A <internal-ip>"
 
You might also need a line added to /jffs/configs/dnsmasq.conf.add:
Code:
rebind-domain-ok=/plex.direct/
I also run a Plex server that is on a machine not running through a VPN for wan. This one worked just fine with nothing added to unbound. Will these config changes mess it up ? Or should I add the config lines twice with both lan ip addresses ?

Sent from my Pixel 4 XL using Tapatalk
 
The more you insist on reconciling dnsmasq's DNS guidelines, the less we will have unbound. Better to opt for dnsmasq.
The correct is:
Code:
private-domain: "plex.direct"
 
Or should I add the config lines twice with both lan ip addresses ?
If you are not having an IP address problem, simply add:
Code:
private-domain: "plex.direct"
There will be no problem adding.
 
The more you insist on reconciling dnsmasq's DNS guidelines, the less we will have unbound. Better to opt for dnsmasq.
The correct is:
Code:
private-domain: "plex.direct"
I’m not sure who you’re replying to, but if you whitelist the domain in unbound for plex.direct, you must make similar adjustments so dnsmasq does not reject the response it receives from unbound, if dnsmasq Rebind protection is enabled.
 
if dnsmasq Rebind protection is enabled.
The installer script is intended to recommend disabling dns-rebind protection from dnsmasq in the GUI. It is another problem if it is activated.
 
Well , that went bad. I managed to screw router up and am starting over.

Sent from my Pixel 4 XL using Tapatalk
 
Work fine with
Code:
private-domain: "plex.direct"
PLEX requires the PLEX Client. After installing and logging in, restart your device.

Captura-de-Tela-2020-01-26-a-s-15-54-34.png


Complicated to support proprietary solutions, with connectivity specific to the service. This is the last time I do it.
I added the line with dnsmasq.conf.add. I then no longer have wan access from any device on the network. In my attempt to remove the line from dnsmasq.conf , I screwed something up because I lost all gui router access. I then wiped router and started fresh again.

I am a novice when it comes to scripts so , I need to practice more. I am at work now but may try again later tonight.
I have been a Plex user for years.... pretty familiar with it.
Thank you.
I appreciate your help.

Sent from my Pixel 4 XL using Tapatalk
 
Unbound is really doing a great job for me!
 

Attachments

  • 0F554605-6638-4460-88A6-2B6B94217D19.jpeg
    0F554605-6638-4460-88A6-2B6B94217D19.jpeg
    35.7 KB · Views: 242
So, if I were to take the leap & install unbound, do I get to keep IPv6, Dnssec, Diversion, Pixelserv, Skynet, DoT?

Comments advice also on, Dns filter = yes + “router”, also the
Wan: Use local caching DNS server as system resolver (default: No).

Im starting from 1st base here, so any guidance would be much appreciated.:D
 
So, if I were to take the leap & install unbound, do I get to keep IPv6, Dnssec, Diversion, Pixelserv, Skynet, DoT?

Comments advice also on, Dns filter = yes + “router”, also the
Wan: Use local caching DNS server as system resolver (default: No).
You can keep the items bolded as-is. DNSSEC is provided by Unbound, but has to be neutered in dnsmasq in order to disable the dnsmasq cache. So far, so good.

DoT is possible with Unbound, but you would give up the ability to be your own recursive resolver, which IMO is the beauty of Unbound. If you require encrypted DNS out to the internet, you might not want to bother with Unbound.

I tried to abandon Unbound a couple weeks ago, but I decided that I just didn’t want to trust any other public DNS resolver anymore, so I’m back.

I’m drafting ideas on how to replace dnsmasq as the LAN-facing DNS server, in favor of Unbound. It’s tricky to do it right, if it can be done at all.
 
You can keep the items bolded as-is. DNSSEC is provided by Unbound, but has to be neutered in dnsmasq in order to disable the dnsmasq cache. So far, so good.

DoT is possible with Unbound, but you would give up the ability to be your own recursive resolver, which IMO is the beauty of Unbound. If you require encrypted DNS out to the internet, you might not want to bother with Unbound.

I tried to abandon Unbound a couple weeks ago, but I decided that I just didn’t want to trust any other public DNS resolver anymore, so I’m back.

I’m drafting ideas on how to replace dnsmasq as the LAN-facing DNS server, in favor of Unbound. It’s tricky to do it right, if it can be done at all.

Many thanks!
I can still keep Dns filter = router? (I would assume so....)
 
I installed Unbound and all seems to be working great. Web browsing seems to be much snappier.
Did I need to uninstall Dnscrypt proxy first. I didnt and it seems that Dnscrypt proxy is still alive since I get the round robin entries for server with lowest initial latency in my syslog.
 
I’m drafting ideas on how to replace dnsmasq as the LAN-facing DNS server, in favor of Unbound. It’s tricky to do it right, if it can be done at all.
Hi @dave14305,

I'll have to jump on this project soon once I finish up my current development project. In the x3mRouting project, I use the IPSET feature available in dnsmasq to collect IP addresses for domain names and populate IPSET lists. This feature will probably not work if dnsmasq is disconnected from unbound. It may also have an impact for Diversion users as well since it is tightly integrated with dnsmasq.

Anyway, good to see the contributions of everyone to get Unbound implemented on Asuswrt-Merlin.
 
Status
Not open for further replies.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top