Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

[Vertron]

I've taken screenshots to show this issue. Only happens when using Unbound and devices set to WAN. If just using Diversion on it's own, all ads are blocked.

Device set to WAN:

Device set to VPN:
(VPN Accept DNS Configuration is set to disabled too, so DNS requests are going through Unbound)

 

[chongnt]

I've taken screenshots to show this issue. Only happens when using Unbound and devices set to WAN. If just using Diversion on it's own, all ads are blocked.

Device set to WAN:
View attachment 35705


Device set to VPN:
(VPN Accept DNS Configuration is set to disabled too, so DNS requests are going through Unbound)
View attachment 35706

I still doubt if this is something to do with your VPN provider. Is it possible to just use mobile data and dial VPN directly from your device and see if you can get the same behavior with Device to VPN via router?

 

[Vertron]

I still doubt if this is something to do with your VPN provider. Is it possible to just use mobile data and dial VPN directly from your device and see if you can get the same behavior with Device to VPN via router?

I've just tested this and some ads are coming through when just using the NordVPN app and on mobile data:

If you uninstall Unbound and use a public DNS instead like Quad 9, then all ads are now blocked for devices set to WAN and VPN. I don't think the VPN itself is blocking these ads.

 

[chongnt]

I've just tested this and some ads are coming through when just using the NordVPN app and on mobile data:

View attachment 35709


If you uninstall Unbound and use a public DNS instead like Quad 9, then all ads are now blocked for devices set to WAN and VPN. I don't think the VPN itself is blocking these ads.

I too use NordVPN. With mobile data alone all the ads are loaded. With mobile data and NordVPN, less ads are loaded. And I have not turn on CyberSec. It seems NordVPN does block some ads?
When connect to router and routed via VPN, the amount of ads displayed are somewhat similar. When device route to WAN, it definitely has more ads. To me, NordVPN does make some difference.
I have not try stop unbound. It is interesting to know that all the ads are blocked when you switched quad9. I have the impression quad9 and google 8.8.8.8 do not block ads.

 

[DAVID LONG]

Why? Is an Antivirus program flagging the site?

It appears to be a legitimate site to test adblocking.

I get redirected to this site...

Click "Allow" if you are not a robot (beta-news.org)

Something wrong on my end?

 

[Vertron]

I get redirected to this site...

Click "Allow" if you are not a robot (beta-news.org)

Something wrong on my end?

That means you failed the ad block test lol. You got redirected by an advert.

 

[Vertron]

I too use NordVPN. With mobile data alone all the ads are loaded. With mobile data and NordVPN, less ads are loaded. And I have not turn on CyberSec. It seems NordVPN does block some ads?
When connect to router and routed via VPN, the amount of ads displayed are somewhat similar. When device route to WAN, it definitely has more ads. To me, NordVPN does make some difference.
I have not try stop unbound. It is interesting to know that all the ads are blocked when you switched quad9. I have the impression quad9 and google 8.8.8.8 do not block ads.

Yeah NordVPN blocks a small about of ads but not many. Try this test: Ad Block Test D3Ward

I get 15% blocked when using NordVPN on its own and 92% when Diversion is enabled.

Yes it blocks ads when you disable Unbound and use Quad9 but don't forget it's going through Diversion first, that is what's blocking the ads, not Quad9.

 

[chongnt]

Yeah NordVPN blocks a small about of ads but not many. Try this test: Ad Block Test D3Ward

I get 15% blocked when using NordVPN on its own and 92% when Diversion is enabled.

Yes it blocks ads when you disable Unbound and use Quad9 but don't forget it's going through Diversion first, that is what's blocking the ads, not Quad9.

I have use this new link before and updated diversion blacklist. I get 100% on both WAN and VPN. Diversion is working as expected. I can see the blocking logs.
This is different from previous adblock test page, I don't see blocking logs. It appears to me it is non blockable by Diversion. Why there is different with WAN and VPN? From my brief test, the difference is NordVPN does block some ads on that page.
Have you try disable both Unbound and Diversion while using Quad9 DNS on the earlier page?
By the way, are you using 9.9.9.9? I put this as my WAN DNS, stopped unbound, diversion is enabled. When routed through WAN, all ads are loaded with that page. I could not replicate what you see that all ads are blocked.

 

[Vertron]

I have use this new link before and updated diversion blacklist. I get 100% on both WAN and VPN. Diversion is working as expected. I can see the blocking logs.
This is different from previous adblock test page, I don't see blocking logs. It appears to me it is non blockable by Diversion. Why there is different with WAN and VPN? From my brief test, the difference is NordVPN does block some ads on that page.
Have you try disable both Unbound and Diversion while using Quad9 DNS on the earlier page?
By the way, are you using 9.9.9.9? I put this as my WAN DNS, stopped unbound, diversion is enabled. When routed through WAN, all ads are loaded with that page. I could not replicate what you see that all ads are blocked.

That is very strange, perhaps you are right, that would explain it. Did you block all ads using that extreme test when going through the VPN like I did too then?

I didn't just disable Unbound, I uninstalled it, Unbound manager and x3mrouting too. I also deleted all custom scripts. Ad blocking worked for me after I did this. As soon as I reinstalled Unbound, it broke again.

Mine is now acting differently since this morning, I wonder if someone has read these posts and fixed something in the background? I'm now blocking all ads using the extreme test for both WAN and VPN. Are you now blocking ads using that test now too? https://canyoublockit.com/extreme-test/

I wonder if you're right, Diversion (with Unbound installed) not working properly for that site.

 

[chongnt]

That is very strange. Did you block all ads using that extreme test when going through the VPN like I did too then?

I didn't just disable Unbound, I uninstalled it, Unbound manager and x3mrouting too. I also deleted all custom scripts. Ad blocking worked for me after I did this. As soon as I reinstalled Unbound, it broke again.

Mine is now acting differently since this morning, I wonder if someone has read these posts and fixed something in the background? I'm now blocking all ads using the extreme test for both WAN and VPN. Are you now blocking ads using that test now too? https://canyoublockit.com/extreme-test/

Another strange think I've notice is if you do the simple test on that site, ads are showing for both WAN and VPN: https://canyoublockit.com/testing/

I highly doubt my VPN was blocking the ads, otherwise it would have blocked them using that simple test too.

I wonder if you're right, Diversion (with Unbound installed) not working properly for that site for some reason? But why and what other sites does it not work on?

No, I still get ads when going through VPN, but less ads. Based on the observation, NordVPN did block some ads on that page. What else they block we don't know.
I really don't think that page is a good measure to test diversion. It could be embedded ads like ads in YouTube which is not what Diversion meant to block. Something like ublock origin will do a much better job for that.
The other page https://d3ward.github.io/toolz/src/adblock or https://ads-blocker.com/testing/ should be a good one. You can easily test it out by disable/enable diversion.

 

[Vertron]

No, I still get ads when going through VPN, but less ads. Based on the observation, NordVPN did block some ads on that page. What else they block we don't know.
I really don't think that page is a good measure to test diversion. It could be embedded ads like ads in YouTube which is not what Diversion meant to block. Something like ublock origin will do a much better job for that.
The other page https://d3ward.github.io/toolz/src/adblock or https://ads-blocker.com/testing/ should be a good one. You can easily test it out by disable/enable diversion.

That's the difference then, mine blocked all ads when going through the VPN. It's strange though that it's now suddenly blocking ads for devices set to WAN too doing that extreme test.

Yes you're right, other sites appear to show consistent results so it's a better way to test if it's working or not in this case.

 

[chongnt]

That's the difference then, mine blocked all ads when going through the VPN. It's strange though that it's now suddenly blocking ads for devices set to WAN too doing that extreme test.

Yes you're right, other sites appear to show consistent results so it's a better way to test if it's working or not in this case.

I have a brief look at the log when visiting that page, and noticed some hosts are requested. These are not in my diversion blocklist and gets resolved by unbound.
The beauty of Diversion is we can manually add what site to be in blacklist. I noticed that https://github.com/0Zinc/easylists-for-pihole/blob/master/easylist.txt has most of it covers. If you really want I think can try add this in your diversion blocking list. But if you don't see ads in your normal usage I don't think you need to add every list out there.

 

[Vertron]

I have a brief look at the log when visiting that page, and noticed some hosts are requested. These are not in my diversion blocklist and gets resolved by unbound.
The beauty of Diversion is we can manually add what site to be in blacklist. I noticed that https://github.com/0Zinc/easylists-for-pihole/blob/master/easylist.txt has most of it covers. If you really want I think can try add this in your diversion blocking list. But if you don't see ads in your normal usage I don't think you need to add every list out there.

Thanks, I've added that to my Diversion host list.

 

[Zim]

Don't know what this means. Please help.

I installed and configured Unbound Manager and things were working fine yesterday. Today, I restarted the router and Unbound stopped working. I keep getting this error "unbound-checkconf: symbol lookup error: /opt/lib/libunbound.so.8: undefined symbol: nsec3_hac_type"

Not know what this means, I tried uninstalling Unbound and reinstalling, but I get the same error, even at installation. I have tried both options - enabling and not enabling logging.

 

[chongnt]

Don't know what this means. Please help.

I installed and configured Unbound Manager and things were working fine yesterday. Today, I restarted the router and Unbound stopped working. I keep getting this error "unbound-checkconf: symbol lookup error: /opt/lib/libunbound.so.8: undefined symbol: nsec3_hac_type"
View attachment 35736

Not know what this means, I tried uninstalling Unbound and reinstalling, but I get the same error, even at installation. I have tried both options - enabling and not enabling logging.
View attachment 35737

Did you make any changes to unbound.conf? From the first image looks like invalid configuration file. Perhaps can try unbound_manager option 1 = Update unbound files and configuration and get a fresh copy of configuration file to try again?

 

[Martineau]

Don't know what this means. Please help.

I installed and configured Unbound Manager and things were working fine yesterday. Today, I restarted the router and Unbound stopped working. I keep getting this error "unbound-checkconf: symbol lookup error: /opt/lib/libunbound.so.8: undefined symbol: nsec3_hac_type"

Not know what this means, I tried uninstalling Unbound and reinstalling, but I get the same error, even at installation. I have tried both options - enabling and not enabling logging.
View attachment 35737

You should check the Entware library module version for a mismatch
Use commands:

opkg list-installed | grep libunbound

unbound-control status

All previous unbound_manager external module/symbol issues have been resolved by refreshing Entware e.g.

Unbound - unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

This thread is for the discussion topic : unbound_manager script. As per the GitHub Hints/Tips: Differences between the operational modes Easy mode Advanced Mode 'Easy' mode - you have limited Install options: i.e. Advanced Options Stubby Integration DoT installs are not available...

www.snbforums.com

i.e. Try

opkg remove --force-depends libunbound

then use the unbound_manager Update menu option or uninstall/reinstall unbound_manager

 

[Vertron]

I have a brief look at the log when visiting that page, and noticed some hosts are requested. These are not in my diversion blocklist and gets resolved by unbound.
The beauty of Diversion is we can manually add what site to be in blacklist. I noticed that https://github.com/0Zinc/easylists-for-pihole/blob/master/easylist.txt has most of it covers. If you really want I think can try add this in your diversion blocking list. But if you don't see ads in your normal usage I don't think you need to add every list out there.

The ads came back on that site when doing that test, my browser probably cached the ad blocked page, which is why it appeared to work.

Anyway I've found out if you use the large block list instead of the medium one then all ads are truely blocked on that canyoublockit site (WAN and VPN), including some other ad heavy sites that weren't fully blocking before too.

The only issue with this large block list is it takes my ram usage from 60% to 95%, I'm worried it will use my swap file more and wear my SD card more quickly. Is it recommended not to use this list and go with a smaller one instead?

Update:
I reverted back to the medium list and added AdGuard as a host, all ads appear to be blocking still after deleting the browser cache: https://v.firebog.net/hosts/AdguardDNS.txt

 

[chongnt]

The ads came on that site when doing that test, my browser probably cached the ad blocked page, which is why it appeared to work.

Anyway I've found out if you use the large block list instead of the medium one then all ads are truely blocked on that canyoublockit site (WAN and VPN), including some other ad heavy sites that weren't fully blocking before too.

The only issue with this large block list is it takes my ram usage from 60% to 95%, I'm worried it will use my swap file more and wear my SD card more quickly. Is it recommended not to use this list and go with a smaller one instead?

Update:
I reverted back to the medium list and added AdGuard as a host, all ads appear to be blocking still after deleting the browser cache: https://v.firebog.net/hosts/AdguardDNS.txt

Glad you got it the way you want. The adguard list (37k) has three times more hosts compared to https://raw.githubusercontent.com/0Zinc/easylists-for-pihole/master/easylist.txt (12k). Not sure why this list does not work for you. Did you put the raw text file link earlier?

 

[Vertron]

Glad you got it the way you want. The adguard list (37k) has three times more hosts compared to https://raw.githubusercontent.com/0Zinc/easylists-for-pihole/master/easylist.txt (12k). Not sure why this list does not work for you. Did you put the raw text file link earlier?

Thank you, yeah it didn't catch all the ads it seems. I had 5 additional host files too. Now with just the AdGuard list, they are all blocked.

 

[Kingp1n]

Thank you, yeah it didn't catch all the ads it seems. I had 5 additional host files too. Now with just the AdGuard list, they are all blocked.

Dumb question but how do u add it this list?