Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

Martineau

Part of the Furniture
Sorry but I cannot see how to get the Advanced menu.
from the Readme on Github

1639492777826.png
 

Martineau

Part of the Furniture

TonyK132

Senior Member

Attachments

  • Unbound Advanced Menu.PNG
    Unbound Advanced Menu.PNG
    81.9 KB · Views: 66
Last edited:

Martineau

Part of the Furniture
Looks that way. See attached Advanced menu.
OK, well I didn't write the GUI (nor do I use any of the additional User TABS), so I'll now leave it to the author... unless you can uninstall one of the other tabs to see if it is possible that you have exceeded the current TAB limit?

i.e. will it work if unbound Stats TAB occupies a single digit slot number, say slot 'user4.asp' etc.
 

kfahoo

Occasional Visitor
OK, but does the output shown in
remain the same?
looks fine now
Code:
The following name servers are used for lookup of google.com.
;rrset 2038 4 0 2 0
google.com.     2038    IN      NS      ns2.google.com.
google.com.     2038    IN      NS      ns1.google.com.
google.com.     2038    IN      NS      ns3.google.com.
google.com.     2038    IN      NS      ns4.google.com.
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      A       216.239.38.10
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      AAAA    2001:4860:4802:38::a
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      A       216.239.36.10
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      AAAA    2001:4860:4802:36::a
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      A       216.239.32.10
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      AAAA    2001:4860:4802:32::a
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      A       216.239.34.10
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      AAAA    2001:4860:4802:34::a
Delegation with 4 names, of which 0 can be examined to query further addresses.
It provides 8 IP addresses.
2001:4860:4802:34::a    rto 267 msec, ttl 560, ping 23 var 61 rtt 267, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.34.10           not in infra cache.
2001:4860:4802:32::a    rto 329 msec, ttl 575, ping 5 var 81 rtt 329, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.32.10           not in infra cache.
2001:4860:4802:36::a    rto 355 msec, ttl 562, ping 7 var 87 rtt 355, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.36.10           not in infra cache.
2001:4860:4802:38::a    rto 279 msec, ttl 562, ping 23 var 64 rtt 279, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.38.10           not in infra cache.
 

Martineau

Part of the Furniture
looks fine now
Code:
The following name servers are used for lookup of google.com.
;rrset 2038 4 0 2 0
google.com.     2038    IN      NS      ns2.google.com.
google.com.     2038    IN      NS      ns1.google.com.
google.com.     2038    IN      NS      ns3.google.com.
google.com.     2038    IN      NS      ns4.google.com.
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      A       216.239.38.10
;rrset 2038 1 0 1 0
ns4.google.com. 2038    IN      AAAA    2001:4860:4802:38::a
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      A       216.239.36.10
;rrset 2038 1 0 1 0
ns3.google.com. 2038    IN      AAAA    2001:4860:4802:36::a
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      A       216.239.32.10
;rrset 2038 1 0 1 0
ns1.google.com. 2038    IN      AAAA    2001:4860:4802:32::a
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      A       216.239.34.10
;rrset 2038 1 0 1 0
ns2.google.com. 2038    IN      AAAA    2001:4860:4802:34::a
Delegation with 4 names, of which 0 can be examined to query further addresses.
It provides 8 IP addresses.
2001:4860:4802:34::a    rto 267 msec, ttl 560, ping 23 var 61 rtt 267, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.34.10           not in infra cache.
2001:4860:4802:32::a    rto 329 msec, ttl 575, ping 5 var 81 rtt 329, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.32.10           not in infra cache.
2001:4860:4802:36::a    rto 355 msec, ttl 562, ping 7 var 87 rtt 355, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.36.10           not in infra cache.
2001:4860:4802:38::a    rto 279 msec, ttl 562, ping 23 var 64 rtt 279, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
216.239.38.10           not in infra cache.
As I have no access to IPv6 (or any of the hybrid 6in4 etc.) could you provide info on what changed?
 

kfahoo

Occasional Visitor
As I have no access to IPv6 (or any of the hybrid 6in4 etc.) could you provide info on what changed?
e.g. there was no access to ipv6 only services like
Code:
ping ipv6.google.com
ping: bad address 'ipv6.google.com'
and now
Code:
ping ipv6.google.com
PING ipv6.google.com (2a00:1450:401b:805::200e): 56 data bytes
64 bytes from 2a00:1450:401b:805::200e: seq=0 ttl=115 time=45.940 ms
 

Martineau

Part of the Furniture
e.g. there was no access to ipv6 only services like
Code:
ping ipv6.google.com
ping: bad address 'ipv6.google.com'
and now
Code:
ping ipv6.google.com
PING ipv6.google.com (2a00:1450:401b:805::200e): 56 data bytes
64 bytes from 2a00:1450:401b:805::200e: seq=0 ttl=115 time=45.940 ms
Clearly the root cause was your environment was configured as IPv4 only?, so I would like you to explain what you did to Enable IPv6...or was it PEBCAK ?
 

TonyK132

Senior Member
OK, well I didn't write the GUI (nor do I use any of the additional User TABS), so I'll now leave it to the author... unless you can uninstall one of the other tabs to see if it is possible that you have exceeded the current TAB limit?

i.e. will it work if unbound Stats TAB occupies a single digit slot number, say slot 'user4.asp' etc.
Is there a way to cause unbound to load earlier than some of the other scripts that also use a user number, or possibly a way to add the scripts in a defined sequence to work around unbound's restrictions?

Will you pass this thread to the author of the GUI so he can fix this?

Update: I disabled ScMerlin, then rebooted the router. After about 15 min, still no Unbound GUI. I did a screen capture of the menutree, see attached. Then I went into Unbound from amtm, saw that the GUI was NOT ENABLED, enabled it, then did another screen capture of the menutree. Also see that attached.

Since I am only installing scripts from amtm, can't you replicate this problem on your system?


Update 2: I just did a 2nd reboot of the router but after Unbound was using user8. In this case, the Unbound GUI did load automatically. So Unbound will not load the GUI if the previous time the user number was double-digit even if the current user number is not double-diigit.
 

Attachments

  • Menutree_js after ScMerlin uninstalled - after GUI enabled.PNG
    Menutree_js after ScMerlin uninstalled - after GUI enabled.PNG
    47.1 KB · Views: 57
  • Menutree_js after ScMerlin uninstalled - still no Unbound GUI.PNG
    Menutree_js after ScMerlin uninstalled - still no Unbound GUI.PNG
    44.1 KB · Views: 57
Last edited:

kfahoo

Occasional Visitor
Clearly the root cause was your environment was configured as IPv4 only?, so I would like you to explain what you did to Enable IPv6...or was it PEBCAK ?
I had connectivity via ipv6, I was able to connect to ipv6 services typing ip but it wasn't able to do it using fqdn (unbound wasn't resolving AAAA records), at the end I redownloaded conf file
 

here1310

Regular Contributor
@TonyK132: i solved this for me by adjusting the start order in the post-mount-script....

Code:
#!/bin/sh
swapon /tmp/mnt/sda1/myswap.swp # Skynet
. /jffs/addons/diversion/mount-entware.div # Added by amtm
cru a logrotate "5 0 * * * /opt/sbin/logrotate /opt/etc/logrotate.conf >> /opt/tmp/logrotate.daily 2>&1" # added by scribe
#
#
/jffs/addons/unbound/unbound_stats.sh startup "[email protected]" & # Unbound_Stats.sh
#
/jffs/scripts/uiScribe startup "[email protected]" & # uiScribe
/jffs/scripts/uiDivStats startup "[email protected]" & # uiDivStats
#
/jffs/scripts/ntpmerlin startup "[email protected]" & # ntpMerlin
#
/jffs/scripts/spdmerlin startup "[email protected]" & # spdMerlin
/jffs/scripts/connmon startup "[email protected]" & # connmon
/jffs/scripts/dn-vnstat startup "[email protected]" & # dn-vnstat
#
/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager
 

TonyK132

Senior Member
@TonyK132: i solved this for me by adjusting the start order in the post-mount-script....

Code:
#!/bin/sh
swapon /tmp/mnt/sda1/myswap.swp # Skynet
. /jffs/addons/diversion/mount-entware.div # Added by amtm
cru a logrotate "5 0 * * * /opt/sbin/logrotate /opt/etc/logrotate.conf >> /opt/tmp/logrotate.daily 2>&1" # added by scribe
#
#
/jffs/addons/unbound/unbound_stats.sh startup "[email protected]" & # Unbound_Stats.sh
#
/jffs/scripts/uiScribe startup "[email protected]" & # uiScribe
/jffs/scripts/uiDivStats startup "[email protected]" & # uiDivStats
#
/jffs/scripts/ntpmerlin startup "[email protected]" & # ntpMerlin
#
/jffs/scripts/spdmerlin startup "[email protected]" & # spdMerlin
/jffs/scripts/connmon startup "[email protected]" & # connmon
/jffs/scripts/dn-vnstat startup "[email protected]" & # dn-vnstat
#
/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager
Thanks, that solved my problem. It also gives me the benefit of giving some control of the order of the tabs in the AddOn menu.
 

pigcanswim

Occasional Visitor
I seems to be having issues with unbound not correctly probing domains that are blocked by default.
I've already added said 'blocked domains' to the whitelist however sometimes unbound seems to fail for no reason and my current method of solving this issue is to ssh into the router and reload my unbound config before it start working again. I've been doing this for the past few month pretty much daily. Not sure why does it fail every night.
Is there anything I should do or try to solve this problem or any way for me to automate the reloading of config for unbound?
 

Starrbuck

Senior Member
So I've had YouTube Ad Blocking enabled for several days. I have the below number of domains identified, but I am still seeing ads. How long does it take before it blocks ads?

Code:
 [✔] YouTube Ad Blocking (Forcing to use YT IP 172.217.131.200, No. of YouTube Video Ad domains=224)
 

pigcanswim

Occasional Visitor
So I've had YouTube Ad Blocking enabled for several days. I have the below number of domains identified, but I am still seeing ads. How long does it take before it blocks ads?

Code:
 [✔] YouTube Ad Blocking (Forcing to use YT IP 172.217.131.200, No. of YouTube Video Ad domains=224)
I guess you still have a long way to go as I have diversion YT ad blocking enabled and it current have 4129 registered
 

SignOut

New Around Here
In addition to running diversion + skynet on my router, I also have a pihole on a separate device. If I run unbound on merlin, would it affect my pihole setting? Alternatively, do I need to tweak unbound settings on my router to take the pihole into account? Of course I will use unbound just for DNS and not for adblocking.

Thanks for your help!
 

jfree23

Occasional Visitor
Just getting started running unbound (and possibly Diversion) on my AX86U, 386.4 RMerlin code. Installed via amtm and seems to be working OK, but I have questions about what I am seeing, and I hope someone can help a new user :)

1. In the dnsmasq and unbound logs, I see a fairly high rate of queries for names on my local lan. The A queries are answered by dnsmasq as expected, but the AAAA queries seem to be forwarded from dnsmasq to unbound and upwards to the root servers, getting an (expected) NXDOMAIN reply. My understanding was that dnsmasq would not forward queries to the local lan devices? Is that behavior different or expected for these IPv6 address queries? Is there a setting or config in dnsmasq to prevent this?
2. nslookups to local lan devices only show IPv4 address, not IPv6. Is that expected or related to #1 above?
3. unbound cache hit rates are kind of low, around 58%, is that also an artifact of this "extra" local AAAA query traffic?
4. Is there any definitive guidance about how to set the basic router GUI DNS settings for unbound? I have read MANY postings here, but still wonder if I have something set wrong to cause this. IPv6 DNS server? WAN DNS server? LAN DHCP DNS? I have tried to follow all the threads, and also thought many of these are not relevant once unbound takes control.
5. Is there a description of the data flows for DNS requests when
 

Ubimo

Very Senior Member
I would love to see a scheduled, periodic save feature of the cache.
So when my router unexpectetly reboots, I won't lose all the cache.
Sometimes I reboot the router and forget about unbound and its cache.
 

Martineau

Part of the Furniture
I would love to see a scheduled, periodic save feature of the cache.
So when my router unexpectetly reboots, I won't lose all the cache.
Sometimes I reboot the router and forget about unbound and its cache.
The 'feature' has been available since v2.02?, but most aren't obsessed/fixated with cache....hence no auto-schedule


Ensure you are running in Advanced Menu mode; then check that auto-restore @boot is ENABLED
Code:
e  = Exit Script [?]

A:Option ==> dumpcache bootrest

07:56:55 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=8006/356 rrset.cache=14122/1639
    NOTE: unbound cache will be automatically RESTORED on REBOOT (see /jffs/scripts/post-mount)

'/jffs/scripts/post-mount'
Code:
# If unbound UP, reload the cache if file is less than 10 mins old - requires Entware's '/opt/bin/find'
FN="/opt/share/unbound/configs/cache.txt";if [ -n "$(pidof unbound)" ] && [ -s $FN ] && [ -n "$(/opt/bin/find $FN -type f -mmin -10)" ];then TIMESTAMP=$(date -r $FN "+%Y-%m-%d %H:%M:%S");unbound-control load_cache < $FN; rm $FN; logger -st "($(basename $0))" "unbound cache RESTORED from '$FN'" $TIMESTAMP;fi # unbound_manager

Now manually schedule the cache save (obviously you should really check to see if unbound is UP before attempting the save!)

Code:
cru a unbound_cache "*/1 * * * *" "unbound-control dump_cache > /opt/share/unbound/configs/cache.txt"
Code:
cru l

*/1 * * * * unbound-control dump_cache > /opt/share/unbound/configs/cache.txt #unbound_cache#
Check cron is dumping the cache to the file on schedule ...
Code:
watch ls -l /opt/share/unbound/configs/cache.txt
 
Last edited:

pinkgrae

Regular Contributor
Hi @Martineau - love the script and it's been running great for many moons. Currently trying to enable the self same 'feature', but can't seem to get past step one. Instead of

Code:
e  = Exit Script [?]
A:Option ==> dumpcache bootrest
07:56:55 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=8006/356 rrset.cache=14122/1639
NOTE: unbound cache will be automatically RESTORED on REBOOT (see /jffs/scripts/post-mount)

I get

Code:
e  = Exit Script [?]
E:Option ==> dumpcache bootrest
Invalid Option "dumpcache bootrest" Please enter a valid option

New to this and finding my feet so please bear with me, but I'm a bit stumped...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top