Unbound config file edit

zeby

New Around Here
I am trying to configure Unbound on a AX58U merlin router while running PiHole on a Pi4B 8Gb running Diet Pi. I have both programs installed and running but now my lack of skills is showing and I can't figure out how to use Nano to add a line in unbound.conf so I can point my PiHole towards Unbound. I am currently ssh'ing into the router and then AMTM. From there I am using option 7 to bring up Unbound and then v to view the config file but am unable to to make entries here in the server section of the file. May someone point me in the right direction please.
 

Martineau

Part of the Furniture
I am trying to configure Unbound on a AX58U merlin router while running PiHole on a Pi4B 8Gb running Diet Pi. I have both programs installed and running but now my lack of skills is showing and I can't figure out how to use Nano to add a line in unbound.conf so I can point my PiHole towards Unbound. I am currently ssh'ing into the router and then AMTM. From there I am using option 7 to bring up Unbound and then v to view the config file but am unable to to make entries here in the server section of the file. May someone point me in the right direction please.
Use command
Code:
e  = Exit Script [?]

E:Option ==> vx

All Advanced menu commands:

Code:
i  = Update unbound and configuration ('/opt/var/lib/unbound/')     l  = Show unbound log entries (lo=Enable FULL Logging [log_level])
z  = Remove unbound/unbound_manager                                 v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
x  = Stop unbound                                                   vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration [filename]
                                                                    rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                            oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                             s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://10.88.8.1:80/user1.asp)
                                                                    adblock = Install Ad Block [uninstall | update | track]
DisableFirefoxDoH = Disable Firefox DoH [yes | no]                  youtube = Install YouTube Ad Block [uninstall | update]
Stubby = Enable Stubby Integration                                  DoT = Enable DNS-over-TLS
                                                                    firewall = Enable DNS Firewall [disable | ?]
bind = BIND unbound to WAN [debug | disable | debug show]           vpn = BIND unbound to VPN {vpnid [debug]} | [disable | debug show] e.g. vpn 1

scribe = Enable scribe (syslog-ng) unbound logging          
dnsmasq = Disable dnsmasq [disable | interfaces | nointerfaces]     
dumpcache = [bootrest] (or Manually use restorecache after REBOOT)  ca = Cache Size Optimisation [ min | calc ]
                                                                    views = [? | uninstall] | {view_name [? | remove]} | {view_name [[type] domain_name[...] | IP_address[...]] [del]} ]
                                                                    safesearch = Enable Safe Search [disable | status | ? ] e.g. redirect google.com to forcesafesearch.google.com 
                                                                    localhost = Add { domain_name {IP_address | del} }

dig = {domain} [time] Show dig info e.g. dig asciiart.com           lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu 
dnsinfo = {dns} Show DNS Server e.g. dnsinfo                        dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links


[Enter] Leave Advanced Tools Menu
 
Last edited:

zeby

New Around Here
I've been at it for awhile in all sorts of different ways and reboots etc. but when I enter the code vx in it takes me to the same screen showing the version changes. It's rather obvious to me now that I simply can't get to that advanced menu to make the changes needed. Ugh...day three of trying to get this to work but at least now I know about that vx command with the advanced menu options.
Should I start from a clean slate again perhaps?
 

Martineau

Part of the Furniture
I've been at it for awhile in all sorts of different ways and reboots etc. but when I enter the code vx in it takes me to the same screen showing the version changes. It's rather obvious to me now that I simply can't get to that advanced menu to make the changes needed. Ugh...day three of trying to get this to work but at least now I know about that vx command with the advanced menu options.
Should I start from a clean slate again perhaps?
The vx command should be available in Easy menu mode o_O

However, you can exit amtm, then request unbound_manager to start in Advanced menu mode:
Code:
unbound_manager advanced

Failing that; try simply invoking nano
Code:
nano /opt/var/lib/unbound/unbound.conf
 

zeby

New Around Here
After a bit and a clean reinstall I was able to edit the config script as needed in the server section however it looks like I have another hiccup in the hops from the router to the the Pi-hole and back into the router as needed for unbound.
I tried inputting the Pi-hole IP into the lan setting and then have the Pi-hole forward the upstream DNS requests to my routers IP and port as configured in the server section in the Unbound config. In the wan section I inputted cloudflare so the router itself would have an initial DNS setting however I cannot get Pi-hole to recognize my upstream routers ip and port number for unbound so Pi-hole reverts to the previous settings. ..............

Not exactly sure what I did but I have Pi-hole working with it's IP set under LAN settings for the DHCP and then cloudflare set up under WAN settings with DNS filter being off. I do have an internet connection this way and Pi-hole is working however Unbound is showing no activity in gui.

My ultimate goal is unbound on the router and Pihole on the Pi4 and it is oh so close now. Any idea what I am missing on this next step?
 

dave14305

Part of the Furniture
Any idea what I am missing on this next step?
What is the interface: config in unbound.conf? It needs to listen on the router LAN IP, and allow access from the LAN subnet.

Post your config from Unbound and Pi-Hole. LAN IPs aren’t secret or sensitive.
 
Last edited:

zeby

New Around Here
Forgive me for being so computer illiterate but I am getting it I believe. lol

If there is a different way to post the config that is more appropriate just give me the heads up!

My LAN IP is my Pi-hole under DHCP server and my WAN is cloudflare. DNS filter is turned off as it dropped the internet connection completely.


Screenshot 2022-03-08 165125.jpg
Screenshot 2022-03-08 165335.jpg
 

dave14305

Part of the Furniture
In Pi-Hole, set Custom 1 to 192.168.50.1#53535
 

zeby

New Around Here
Thank you so much!! I was trying to use the @ symbol as well as the : symbol for the port number but didn't think of the # symbol.

I have a few other things to iron out but this completed the reason of this post which was Pi-hole on the Pi4 and Unbound on the router.
It does appear that everything is fully operational and routed as it should be now.
 

dave14305

Part of the Furniture
You can probably re-enable DNS Filter with Global mode set to Router, to force everything to Pi-Hole. Before, your Pi-Hole traffic would have been coming back to the router on plain port 53, and DNS Filter would have redirected it right back to Pi-Hole, creating a loop.

Normally, you would need to add a client rule to set the Pi-Hole IP to “No Filtering” but since Pi-Hole is forwarding on a non-standard DNS port (53535), it is safe in your specific configuration.
 

zeby

New Around Here
I re-enabled DNS Filter this morning with no ill effects.

Pi-hole is working fine other than showing the IP instead of device name but I feel the router is perhaps best to remain the DHCP server in my use case due to using other scripts.

Unbound this morning is up to a 78% cache hit and this is with the Pi-hole cache still enabled.

So far no complaints from the other half with all the different device's and general network use seems more responsive.
 

dave14305

Part of the Furniture
Pi-hole is working fine other than showing the IP instead of device name but I feel the router is perhaps best to remain the DHCP server in my use case due to using other scripts.
Add the DNS Filter client rule for Pi-Hole to have “No Filtering” and then setup Conditional Forwarding in the Pi-Hole to forward 192.168.50.0/24 to 192.168.50.1. That should let the Pi-Hole pickup the names from the router’s dnsmasq.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top