Unbound Unbound GUI Stats including Top Blocked, Top Replies, Today's Replies

[Martineau]

Add statements like these to unbound.conf in the server: section:

local-data: "checkip.synology.com. A 0.0.0.0"
local-data: "www.google.com. A 216.239.38.120"

Better still, if using 'unbound_manager' advise OP to add them to

/opt/share/unbound/configs/unbound.conf.add

e.g.

local-data: "checkip.synology.com. A 0.0.0.0"
local-data: "www.google.com. A 216.239.38.120"

then they will not be lost if ever 'unbound_manager' is reinstalled or updated.

 

[tomsk]

This is great work, but i hope if this does make it into the main branch that those that prefer to have dnsmasq/pixelserv through division do the ad blocking can have that option and still use your existing or future stats UI

 

[juched]

This is great work, but i hope if this does make it into the main branch that those that prefer to have dnsmasq/pixelserv through division do the ad blocking can have that option and still use your existing or future stats UI

Yes, the existing GUI does still work just the client would show all requests coming from the same IP as all come from the router locally.

 

[rgnldo]

To you, with the request for review:

logger -t "(dnsmasq.postconf)" "Updating $CONFIG for unbound....."                        # unbound_manager
if [ -n "$(pidof unbound)" ];then
    pc_delete "servers-file" $CONFIG
    pc_delete "no-negcache" $CONFIG
    pc_append "dhcp-option=lan,6,192.168.44.4,0.0.0.0" $CONFIG
    pc_append "dhcp-option=lan,42,192.168.44.4,0.0.0.0" $CONFIG
    #pc_delete "domain-needed" $CONFIG
    #pc_delete "bogus-priv" $CONFIG
    # By design, if GUI DNSSEC ENABLED then attempt to modify 'cache-size=0' results in dnsmasq start-up fail loop
    #       dnsmasq[15203]: cannot reduce cache size from default when DNSSEC enabled
    #       dnsmasq[15203]: FAILED to start up
    if [ -n "$(grep "^dnssec" $CONFIG)" ];then
        pc_delete "dnssec" $CONFIG
        logger -t "(dnsmasq.postconf)" "**Warning: Removing 'dnssec' directive from 'dnsmasq' to allow DISABLE cache (set 'cache-size=0')"
    fi
    pc_replace "cache-size=1500" "cache-size=0" $CONFIG
    UNBOUNDLISTENADDR="127.0.0.1#53535"

"UNBOUNDLISTENADDR" should also be changed, right?




how can you solve the "rest" of dnsmasq.conf.add with unbound?

local or vpn-client-connection

interface=wg*

adresse=/checkip.synology.com/0.0.0.0

adresse=/.ftl.ddnss.de/ftl.ddnss.de/svr.home/svr.local/192.168.44.2 (local)
adresse=/.dd.ddnss.de/dd.ddnss.de/svr.home/svr.local/192.168.77.2 (vpn-connection)

Adresse=/www.google.com/216.239.38.120
Adresse=/www.google.de/216.239.38.120
Adresse=/www.bing.com/204.79.197.220
Adresse=/www.duckduckgo.com/176.34.155.20

If you want the unbound to read local domains, you must remove all
Adresse and domain-need option and add as dave14305 instructed.

 

[rgnldo]

@juched
some touches.

/jffs/configs/dnsmasq.conf.add

port=0
dhcp-option=lan,6,0.0.0.0

/jffs/scripts/unbound.postconf

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
logger -t "(dnsmasq.postconf)" "Updating $CONFIG for unbound....."
if [ -n "$(pidof unbound)" ];then
        pc_delete "servers-file" $CONFIG
        pc_delete "no-negcache" $CONFIG
        pc_delete "domain-needed" $CONFIG
        pc_replace "cache-size=1500" "cache-size=0" $CONFIG
fi

Since you are working with RPZ, it may be useful for you.
https://www.mypdns.org/w/rpzunbound/
There is no need for the option: rpz-action-override: NXDOMAIN
unbound will download the zones

In particular, I prefer to use the rules of Suricata.

 

[amplatfus]

Hi,

I am so happy that I have found this thread.
I have tried to apply some configs in order to activate all trhe charts in dedicated page from the Asus Merlin Addons page.
But, untill now I didn't manage to do it.

Could you please help me is pssible with what configuration should work after install Unbound?

Much appreciated,
amplatfus

 

[QuikSilver]

Hi,

I am so happy that I have found this thread.
I have tried to apply some configs in order to activate all trhe charts in dedicated page from the Asus Merlin Addons page.
But, untill now I didn't manage to do it.

Could you please help me is pssible with what configuration should work after install Unbound?

Much appreciated,
amplatfus

Might want to take your question to the new Unbound thread.

Unbound - unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

ORIGINAL THREAD: https://www.snbforums.com/threads/unbound_manager-manager-installer-utility-for-unbound-recursive-dns-server.61669 I apologize for being so bold as to create a second "general" thread but it seems perhaps more logical than a million tiny ones...

www.snbforums.com

 

[Martineau]

Hi,

I am so happy that I have found this thread.
I have tried to apply some configs in order to activate all trhe charts in dedicated page from the Asus Merlin Addons page.
But, untill now I didn't manage to do it.

Could you please help me is pssible with what configuration should work after install Unbound?

Much appreciated,
amplatfus

You probably need to issue these unbound_manager Advanced mode commands

scribe
sgui
firewall
adblock track

then if you don't want to wait for the top of the hour GUI Tab refresh/update you may issue

/jffs/addons/unbound/unbound_log.sh

/jffs/addons/unbound/unbound_stats.sh generate

To verify the settings, usually the following directives in 'unbound.conf' are uncommented:

verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config (v3.06 now deletes this if size grows > 10MB)
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
log-queries: yes
log-replies: yes
use-syslog: yes                            # v1.02 @Martineau Recommended to let scribe/syslog-ng handle the log(s)
log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config

 

[iTyPsIDg]

You probably need to issue these unbound_manager Advanced mode commands

scribe
sgui
firewall
adblock track

then if you don't want to wait for the top of the hour GUI Tab refresh/update you may issue

/jffs/addons/unbound/unbound_log.sh

/jffs/addons/unbound/unbound_stats.sh generate

To verify the settings, usually the following directives in 'unbound.conf' are uncommented:

verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config (v3.06 now deletes this if size grows > 10MB)
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
log-queries: yes
log-replies: yes
use-syslog: yes                            # v1.02 @Martineau Recommended to let scribe/syslog-ng handle the log(s)
log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config

This answered my question here. Might I ask, would you mind adding that to the beginning of the thread? I didn't run firewall or adblock track since I'm not using them, but this helped solve the problem I was having. Thank you!