Unbound Unbound built in Adblocker

wbennett77

Regular Contributor
Good day,

Currently running Unbound and Diversion and I am just wondering if anybody has tried the adblocker that is offered in Unbound? If so, how effective is it compared to Diversion and what would be the advantage of one over the other? Thanks!
 

SomeWhereOverTheRainBow

Part of the Furniture
Good day,

Currently running Unbound and Diversion and I am just wondering if anybody has tried the adblocker that is offered in Unbound? If so, how effective is it compared to Diversion and what would be the advantage of one over the other? Thanks!
Diversion is better. Not because of convention means, but because the blocked entries are handled first in DNSMASQ, without being forwarded to UNBOUND. If using Adblock on unbound, blocked entries first start off as request from DNSMASQ, that get forwarded to UNBOUND, and then blocked. So in this regard the entries are placed in memory twice before they are finally blocked. The way around this is to place UNBOUND on port 53 with unbound manager. DNSMASQ gets pushed out of the way, and all dns request go straight to unbound. Maybe @Martineau might have the time to explain how to enable this unique PORT 53 feature of unbound manager.
 

Martineau

Part of the Furniture
The way around this is to place UNBOUND on port 53 with unbound manager. DNSMASQ gets pushed out of the way, and all dns request go straight to unbound. Maybe @Martineau might have the time to explain how to enable this unique PORT 53 feature of unbound manager.
In unbound_manager Advanced menu mode
Code:
unbound (pid nnnnn) is running... uptime: 0 Days, 00:00:00 version: 1.16.1 # Version=v1.13 Martineau update (Date Loaded by unbound_manager ddd mmm dd hh:mm:ss IST yyyy)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')     l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                 v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
x  = Stop unbound                                                   vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
                                                                    rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                            oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                             s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats)
                                                                    adblock = Install Ad Block [uninstall | update | track]
DisableFirefoxDoH = Disable Firefox DoH [yes | no]                  youtube = Install YouTube Ad Block [uninstall | update]
Stubby = Enable Stubby Integration                                  DoT = Enable DNS-over-TLS
                                                                    firewall = Enable DNS Firewall [disable | ?]
bind = BIND unbound to WAN [debug | disable | debug show]           vpn = BIND unbound to VPN {vpnid [debug]} | [disable | debug show] e.g. vpn 1

scribe = Enable scribe (syslog-ng) unbound logging          
dnsmasq = Disable dnsmasq [disable | interfaces | nointerfaces]     
dumpcache = [bootrest] (or Manually use restorecache after REBOOT)  ca = Cache Size Optimisation [ min | calc ]
                                                                    views = [? | uninstall] | {view_name [? | remove]} | {view_name [[type] domain_name[...] | IP_address[...]] [del]} ]
                                                                    safesearch = Enable Safe Search [disable | status | ? ] e.g. redirect google.com to forcesafesearch.google.com 

dig = {domain} [time] Show dig info e.g. dig asciiart.com           lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu 
dnsinfo = {dns} Show DNS Server e.g. dnsinfo                        dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links


[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]

A:Option ==>

use the following command

Code:
[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]

A:Option ==> dnsmasq disable

    If you currently use or rely on dnsmasq features such as Diversion/x3mRouting etc., then re-consider.

        Warning IPv6 not fully supported.

    Do you still want to DISABLE dnsmasq?

    Reply 'y' or press [Enter]  to skip
y

hh:mm:ss Configuring unbound to be the primary DNS for ALL LAN Clients.....

hh:mm:ss Converting dnsmasq 'address=/' and 'server=/' directives to 'unbound'.....
hh:mm:ss Converting dnsmasq 'interface=/' directives to 'unbound'.....

hh:mm:ss Checking 'include: unbound.conf.localhosts' .....
Adding 'include: "/opt/share/unbound/configs/unbound.conf.localhosts" to '/opt/var/lib/unbound/unbound.conf'

hh:mm:ss Restarting dnsmasq
Done.
hh:mm:ss Checking 'unbound.conf' for valid Syntax.....
hh:mm:ss Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=26/26 rrset.cache=122/122
hh:mm:ss Requesting unbound (S61unbound) restart.....

Done.
 Shutting down unbound...              done. 
 Starting unbound...              done. 
hh:mm:ss Checking status, please wait..... 
hh:mm:ss Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2022-09-26 hh:mm:ss) msg.cache=0/26 rrset.cache=0/122
hh:mm:ss unbound OK
Code:
e  = Exit Script [?]

A:Option ==> ?

    Version=3.23bE                              (Change Log: https://github.com/MartineauUK/Unbound-Asuswrt-Merlin/commits/dev/unbound_manager.sh)
    Local                                       md5=4053f901cb7c209260604fb07477be19
    Github                                      md5=6b4a500c071bcbb3f4a6e9596a178d43
    /jffs/addons/unbound/unbound_manager.md5    md5=4053f901cb7c209260604fb07477be19

    Router Configuration recommended pre-reqs status:

    [✔] Swapfile=2097148 kB
    
<snip>

    [✔] unbound Logging
    [✔] unbound CPU/Memory Performance tweaks
    [✔] unbound-control FAST response ENABLED
    [✔] Unbound is the Primary DNS for ALL LAN Clients (dnsmaq DNS features DISABLED e.g. IPSET auto-populate)
    
<snip>
 

SomeWhereOverTheRainBow

Part of the Furniture
In unbound_manager Advanced menu mode
Code:
unbound (pid nnnnn) is running... uptime: 0 Days, 00:00:00 version: 1.16.1 # Version=v1.13 Martineau update (Date Loaded by unbound_manager ddd mmm dd hh:mm:ss IST yyyy)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')     l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                 v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
x  = Stop unbound                                                   vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
                                                                    rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                            oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                             s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats)
                                                                    adblock = Install Ad Block [uninstall | update | track]
DisableFirefoxDoH = Disable Firefox DoH [yes | no]                  youtube = Install YouTube Ad Block [uninstall | update]
Stubby = Enable Stubby Integration                                  DoT = Enable DNS-over-TLS
                                                                    firewall = Enable DNS Firewall [disable | ?]
bind = BIND unbound to WAN [debug | disable | debug show]           vpn = BIND unbound to VPN {vpnid [debug]} | [disable | debug show] e.g. vpn 1

scribe = Enable scribe (syslog-ng) unbound logging          
dnsmasq = Disable dnsmasq [disable | interfaces | nointerfaces]     
dumpcache = [bootrest] (or Manually use restorecache after REBOOT)  ca = Cache Size Optimisation [ min | calc ]
                                                                    views = [? | uninstall] | {view_name [? | remove]} | {view_name [[type] domain_name[...] | IP_address[...]] [del]} ]
                                                                    safesearch = Enable Safe Search [disable | status | ? ] e.g. redirect google.com to forcesafesearch.google.com 

dig = {domain} [time] Show dig info e.g. dig asciiart.com           lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu 
dnsinfo = {dns} Show DNS Server e.g. dnsinfo                        dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links


[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]

A:Option ==>

use the following command

Code:
[Enter] Leave Advanced Tools Menu

e  = Exit Script [?]

A:Option ==> dnsmasq disable

    If you currently use or rely on dnsmasq features such as Diversion/x3mRouting etc., then re-consider.

        Warning IPv6 not fully supported.

    Do you still want to DISABLE dnsmasq?

    Reply 'y' or press [Enter]  to skip
y

hh:mm:ss Configuring unbound to be the primary DNS for ALL LAN Clients.....

hh:mm:ss Converting dnsmasq 'address=/' and 'server=/' directives to 'unbound'.....
hh:mm:ss Converting dnsmasq 'interface=/' directives to 'unbound'.....

hh:mm:ss Checking 'include: unbound.conf.localhosts' .....
Adding 'include: "/opt/share/unbound/configs/unbound.conf.localhosts" to '/opt/var/lib/unbound/unbound.conf'

hh:mm:ss Restarting dnsmasq
Done.
hh:mm:ss Checking 'unbound.conf' for valid Syntax.....
hh:mm:ss Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=26/26 rrset.cache=122/122
hh:mm:ss Requesting unbound (S61unbound) restart.....

Done.
 Shutting down unbound...              done. 
 Starting unbound...              done. 
hh:mm:ss Checking status, please wait..... 
hh:mm:ss Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2022-09-26 hh:mm:ss) msg.cache=0/26 rrset.cache=0/122
hh:mm:ss unbound OK
Code:
e  = Exit Script [?]

A:Option ==> ?

    Version=3.23bE                              (Change Log: https://github.com/MartineauUK/Unbound-Asuswrt-Merlin/commits/dev/unbound_manager.sh)
    Local                                       md5=4053f901cb7c209260604fb07477be19
    Github                                      md5=6b4a500c071bcbb3f4a6e9596a178d43
    /jffs/addons/unbound/unbound_manager.md5    md5=4053f901cb7c209260604fb07477be19

    Router Configuration recommended pre-reqs status:

    [✔] Swapfile=2097148 kB
    
<snip>

    [✔] unbound Logging
    [✔] unbound CPU/Memory Performance tweaks
    [✔] unbound-control FAST response ENABLED
    [✔] Unbound is the Primary DNS for ALL LAN Clients (dnsmaq DNS features DISABLED e.g. IPSET auto-populate)
    
<snip>
Thank you for providing this valuable knowledge. For this is truly the primary way to benefit from using unbound adblock, or any other unbound manager advanced features such as statistics in the UI.
 

JGrana

Very Senior Member
Would doing this have any issues with YazDHCP? I know that YazDHCP does make some changes to dnsmasq.conf.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top