Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

Skywise

Occasional Visitor
Did a search but nothing turned up - when enabling the adblocking on unbound, is there a way to allow a specific IP to bypass the blocklist? (EG, I've got a computer that needs access to some ad servers). I'm thinking it could be done with views but my attempts so far have all been futile.
Replying to myself here for the solution:
If you assign an IP to your clients you can specify DNS handling per client IP under Advanced Settings | LAN | DNSFilter tab.
Select the client's IP and specify "Router" to continue filtering through Unbound and its ad manager or specify another DNS group/preset in the drop down. (I select Quad9 for mine when i need to bypass ad-blocking and then re-set it for Router when I'm done)
 
Last edited:

Martineau

Part of the Furniture

Milan

Senior Member
Hi,

not sure if someone has similar issue - unbound is not logging query messages after some time, only script messages are in the log.
Restart will fix it always.

How to fix this ?
 

Martineau

Part of the Furniture
not sure if someone has similar issue - unbound is not logging query messages after some time, only script messages are in the log.
Restart will fix it always.
When the logging stops, does unbound still continue to resolve ?

Are you using the default logging.....
Code:
e  = Exit Script [?]

A:Option ==> lo

unbound logging (Loglevel=1) ENABLED

/opt/var/lib/unbound/unbound.log (Loglevel=1)        Press CTRL-C to stop

Apr 12 10:32:54 unbound[4975:0] query: 127.0.0.1 www.google.com. AAAA IN
Apr 12 10:32:54 unbound[4975:0] reply: 127.0.0.1 www.google.com. AAAA IN NOERROR 0.000000 1 32
Apr 12 10:32:55 unbound[4975:0] query: 127.0.0.1 amcrestview.com. A IN
Apr 12 10:32:55 unbound[4975:0] reply: 127.0.0.1 amcrestview.com. A IN NOERROR 0.000000 1 49
Apr 12 10:32:57 unbound[4975:0] query: 127.0.0.1 config.amcrestcloud.com. A IN
Apr 12 10:32:57 unbound[4975:0] reply: 127.0.0.1 config.amcrestcloud.com. A IN NOERROR 0.000000 1 73
Apr 12 10:32:57 unbound[4975:0] query: 127.0.0.1 www.google.com. AAAA IN
Apr 12 10:32:57 unbound[4975:0] reply: 127.0.0.1 www.google.com. AAAA IN NOERROR 0.000000 1 32
Apr 12 10:32:57 unbound[4975:0] query: 127.0.0.1 www.google.com. A IN
Apr 12 10:32:57 unbound[4975:0] reply: 127.0.0.1 www.google.com. A IN NOERROR 0.000000 1 48
Apr 12 10:33:02 unbound[4975:0] query: 127.0.0.1 www.google.com. AAAA IN
Apr 12 10:33:02 unbound[4975:0] reply: 127.0.0.1 www.google.com. AAAA IN NOERROR 0.000000 1 32
Apr 12 10:33:02 unbound[4975:0] query: 127.0.0.1 www.google.com. A IN
Apr 12 10:33:02 unbound[4975:0] reply: 127.0.0.1 www.google.com. A IN NOERROR 0.000000 1 48
or have you invoked the scribe menu option (syslog-ng)
Code:
e  = Exit Script [?]

A:Option ==> scribe

10:33:34 Checking 'unbound.conf' etc. for valid Syntax.....

    Non-Fatal:  unbound-checkconf[13773:0] warning: duplicate local-zone hottestpornactress.com. unbound-checkconf[13773:0] warning: duplicate local-zone freenudwebcam.com. unbound-checkconf[13773:0] warning: duplicate local-zone email.40iq.com. unbound-checkconf[13773:0] warning: duplicate local-zone beststreamingporn.com. unbound-checkconf[13773:0] warning: duplicate local-zone 76gmail.com. - no errors in /opt/var/lib/unbound/unbound.conf

10:34:02 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=15530/357 rrset.cache=23449/1571
10:34:02 Requesting unbound (S61unbound) restart.....
 Shutting down unbound...              done. 
 Starting unbound...              done. 
10:34:16 Checking status, please wait..... 
10:34:57 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2022-04-12 10:33:56) msg.cache=1/357 rrset.cache=346/1571
10:35:03 unbound OK

Created scribe 'unbound' file: Enabling syslog-ng logging (scribe).....10:35:04 Checking 'unbound.conf' etc. for valid Syntax.....


e  = Exit Script [?]

A:Option ==> lo

unbound logging (Loglevel=1) ENABLED

/opt/var/lib/unbound/unbound.log (Loglevel=1)        Press CTRL-C to stop

Apr 12 10:35:38 unbound[15273:0] info: histogram of recursion processing times
Apr 12 10:35:38 unbound[15273:0] info: [25%]=0.0946631 median[50%]=0.262144 [75%]=0.405132
Apr 12 10:35:38 unbound[15273:0] info: lower(secs) upper(secs) recursions
Apr 12 10:35:38 unbound[15273:0] info:    0.008192    0.016384 1
Apr 12 10:35:38 unbound[15273:0] info:    0.016384    0.032768 1
Apr 12 10:35:38 unbound[15273:0] info:    0.065536    0.131072 9
Apr 12 10:35:38 unbound[15273:0] info:    0.131072    0.262144 1
Apr 12 10:35:38 unbound[15273:0] info:    0.262144    0.524288 11
Apr 12 10:35:38 unbound[15273:0] info:    0.524288    1.000000 1
Apr 12 12:55:19 unbound_manager: 'lo':  =================================================================================== Started Loglevel=1
 

Milan

Senior Member
When the logging stops, does unbound still continue to resolve ?

Are you using the default logging.....
Code:
e  = Exit Script [?]

A:Option ==> lo

unbound logging (Loglevel=1) ENABLED

/opt/var/lib/unbound/unbound.log (Loglevel=1)        Press CTRL-C to stop

Apr 12 10:32:54 unbound[4975:0] query: 127.0.0.1 www.google.com. AAAA IN
Apr 12 10:32:54 unbound[4975:0] reply: 127.0.0.1 www.google.com. AAAA IN NOERROR 0.000000 1 32
Apr 12 10:32:55 unbound[4975:0] query: 127.0.0.1 amcrestview.com. A IN
Apr 12 10:32:55 unbound[4975:0] reply: 127.0.0.1 amcrestview.com. A IN NOERROR 0.000000 1 49
Apr 12 10:32:57 unbound[4975:0] query: 127.0.0.1 config.amcrestcloud.com. A IN
Apr 12 10:32:57 unbound[4975:0] reply: 127.0.0.1 config.amcrestcloud.com. A IN NOERROR 0.000000 1 73
Apr 12 10:32:57 unbound[4975:0] query: 127.0.0.1 www.google.com. AAAA IN
Apr 12 10:32:57 unbound[4975:0] reply: 127.0.0.1 www.google.com. AAAA IN NOERROR 0.000000 1 32
Apr 12 10:32:57 unbound[4975:0] query: 127.0.0.1 www.google.com. A IN
Apr 12 10:32:57 unbound[4975:0] reply: 127.0.0.1 www.google.com. A IN NOERROR 0.000000 1 48
Apr 12 10:33:02 unbound[4975:0] query: 127.0.0.1 www.google.com. AAAA IN
Apr 12 10:33:02 unbound[4975:0] reply: 127.0.0.1 www.google.com. AAAA IN NOERROR 0.000000 1 32
Apr 12 10:33:02 unbound[4975:0] query: 127.0.0.1 www.google.com. A IN
Apr 12 10:33:02 unbound[4975:0] reply: 127.0.0.1 www.google.com. A IN NOERROR 0.000000 1 48
or have you invoked the scribe menu option (syslog-ng)
Code:
e  = Exit Script [?]

A:Option ==> scribe

10:33:34 Checking 'unbound.conf' etc. for valid Syntax.....

    Non-Fatal:  unbound-checkconf[13773:0] warning: duplicate local-zone hottestpornactress.com. unbound-checkconf[13773:0] warning: duplicate local-zone freenudwebcam.com. unbound-checkconf[13773:0] warning: duplicate local-zone email.40iq.com. unbound-checkconf[13773:0] warning: duplicate local-zone beststreamingporn.com. unbound-checkconf[13773:0] warning: duplicate local-zone 76gmail.com. - no errors in /opt/var/lib/unbound/unbound.conf

10:34:02 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=15530/357 rrset.cache=23449/1571
10:34:02 Requesting unbound (S61unbound) restart.....
Shutting down unbound...              done.
Starting unbound...              done.
10:34:16 Checking status, please wait.....
10:34:57 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2022-04-12 10:33:56) msg.cache=1/357 rrset.cache=346/1571
10:35:03 unbound OK

Created scribe 'unbound' file: Enabling syslog-ng logging (scribe).....10:35:04 Checking 'unbound.conf' etc. for valid Syntax.....


e  = Exit Script [?]

A:Option ==> lo

unbound logging (Loglevel=1) ENABLED

/opt/var/lib/unbound/unbound.log (Loglevel=1)        Press CTRL-C to stop

Apr 12 10:35:38 unbound[15273:0] info: histogram of recursion processing times
Apr 12 10:35:38 unbound[15273:0] info: [25%]=0.0946631 median[50%]=0.262144 [75%]=0.405132
Apr 12 10:35:38 unbound[15273:0] info: lower(secs) upper(secs) recursions
Apr 12 10:35:38 unbound[15273:0] info:    0.008192    0.016384 1
Apr 12 10:35:38 unbound[15273:0] info:    0.016384    0.032768 1
Apr 12 10:35:38 unbound[15273:0] info:    0.065536    0.131072 9
Apr 12 10:35:38 unbound[15273:0] info:    0.131072    0.262144 1
Apr 12 10:35:38 unbound[15273:0] info:    0.262144    0.524288 11
Apr 12 10:35:38 unbound[15273:0] info:    0.524288    1.000000 1
Apr 12 12:55:19 unbound_manager: 'lo':  =================================================================================== Started Loglevel=1
using scribe and unbound is still resolving.
only logging is stoped.
 

JGrana

Very Senior Member
using scribe and unbound is still resolving.
only logging is stoped.
On both my AX88U and AX86 running unbound_manager 3.22, scribe is showing the logs.
 

Martineau

Part of the Furniture
using scribe and unbound is still resolving.
only logging is stoped.
If you restart scribe/syslog-ng, does the logging start to work?
I've noticed that occasionally, my SSH terminal session running
Code:
[ -n "$(ps | grep -v grep | grep -F "syslog-ng")" ] && { echo Syslog-ng; tail -F /opt/var/log/messages; } || { echo Syslog; tail -F /tmp/syslog.log; }
will stall - although it could be tail -F losing the location of the file with some message about it being relocated or something?..... due to logrotate?)

Perhaps you could try manually forcing unbound to dump/write data to its log file to see if they are perhaps being dropped when using scribe/syslog-ng?

What is the size of the log when it is found to have stopped?

Alternatively don't log unbound to scribe/syslog-ng to eliminate them as possible suspects, to see if you still lose logging.

IMHO, if unbound is working, then is constant logging really necessary/required?
(NL Labs state that it does impact performance, and is only truly useful to assist with diagnosing an issue.)
 

Domeus

New Around Here
The 'feature' has been available since v2.02?, but most aren't obsessed/fixated with cache....hence no auto-schedule


Ensure you are running in Advanced Menu mode; then check that auto-restore @boot is ENABLED
Code:
e  = Exit Script [?]

A:Option ==> dumpcache bootrest

07:56:55 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=8006/356 rrset.cache=14122/1639
    NOTE: unbound cache will be automatically RESTORED on REBOOT (see /jffs/scripts/post-mount)

'/jffs/scripts/post-mount'
Code:
# If unbound UP, reload the cache if file is less than 10 mins old - requires Entware's '/opt/bin/find'
FN="/opt/share/unbound/configs/cache.txt";if [ -n "$(pidof unbound)" ] && [ -s $FN ] && [ -n "$(/opt/bin/find $FN -type f -mmin -10)" ];then TIMESTAMP=$(date -r $FN "+%Y-%m-%d %H:%M:%S");unbound-control load_cache < $FN; rm $FN; logger -st "($(basename $0))" "unbound cache RESTORED from '$FN'" $TIMESTAMP;fi # unbound_manager

Now manually schedule the cache save (obviously you should really check to see if unbound is UP before attempting the save!)

Code:
cru a unbound_cache "*/1 * * * *" "unbound-control dump_cache > /opt/share/unbound/configs/cache.txt"
Code:
cru l

*/1 * * * * unbound-control dump_cache > /opt/share/unbound/configs/cache.txt #unbound_cache#
Check cron is dumping the cache to the file on schedule ...
Code:
watch ls -l /opt/share/unbound/configs/cache.txt

It works, but somehow it wont work after reboot. Cron job disappears after reboot. Any tips?

BEFORE:

1649866468114.png


AFTER REBOOT:

1649865525255.png

1649865581844.png
 
Last edited:

JGrana

Very Senior Member
Entware updates are imminent, including Unbound 1.15. Do yourselves a favor, and stop Unbound before upgrading Entware packages. Otherwise, there will be many posts complaining Unbound is broken after updating, etc.
Indeed. I did unbound_manager #3 (stop Unbound).
opkg update && opkg upgrade.
Ran scmerlin - reboot

Unbound wont start…
Time for some debugging…
 

JGrana

Very Senior Member
Unbound running again. The Entware update replaces the /opt/etc/init.d/S61unbound that unbound_manager creates with the standard file (and incorrect for use with unbound_mananger).
So, before doing the opkg upgrade, make a backup of your /opt/etc/init.d/S61unbound file and replace it after the upgrade.
Ubound still wont start - the upgrade changes the permissions in /opt/var/lib/unbound.
I did a chown -R nobody:nobody /opt/var/lib/unbound
Unbound and unbound_manager are now happy
(From what I can tell)
 

ugandy

Very Senior Member
this is what i do everytime there is an entware update:
uninstall unbound&ntpMerlin->updated entware -> install ntpMerlin&unbound
 

SomeWhereOverTheRainBow

Part of the Furniture
Unbound running again. The Entware update replaces the /opt/etc/init.d/S61unbound that unbound_manager creates with the standard file (and incorrect for use with unbound_mananger).
So, before doing the opkg upgrade, make a backup of your /opt/etc/init.d/S61unbound file and replace it after the upgrade.
Ubound still wont start - the upgrade changes the permissions in /opt/var/lib/unbound.
I did a chown -R nobody:nobody /opt/var/lib/unbound
Unbound and unbound_manager are now happy
(From what I can tell)
Hopefully @Martineau is able to adress this situation? Please?
this is what i do everytime there is an entware update:
uninstall unbound&ntpMerlin->updated entware -> install ntpMelin&unbound

You mean to tell me that unbound-manager does not have away to automate this update process where the permissions and init.d files are preserved/restored?
 

Stephen Harrington

Very Senior Member
uninstall unbound&ntpMerlin->updated entware -> install ntpMerlin&unbound

Slightly Off-Topic but curious @ugandy about the need for ntpMerlin uninstall/reinstall - where does that factor into the mix / and or what gets overwritten by the entware updates please?
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top