What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

have you tried the "sgui" command?
Thanks for the reply, you do you make such command, from the unbound script or from Putty?

I have done it via the unbound_manager advanced option and still unsuccessful (viewed no error comments via sgui). I guest that I will need the assistance of @Martineau then.
 
Last edited:
Go figure...

As I was switching between Cake and FlexDoS to test my upload/download speed under both options (was also rebooting just to make sure that the tests were not interfering each other) I checked again my Addons and noticed that the unbound GUI tab was back :p

1617483067384.png


1617483145508.png


Now everything is working back as prior 386.2...

I have spoken too fast, after having running the unbound Manager to check the status, I have noticed that option 6 was again showing "Install Graphical Statistics GUI Add-on TAB" and guest what:

1617483858803.png


1617483898486.png


Well back to square one...
 
Last edited:
I'm having trouble re-installing unbound after uninstalling. I get the following error during install, just after I "enter" to disable logging:

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

or 'e' exit; then issue debug command

unbound -dv

It seems I have a similar problem as post 145 in this thread. I tried the manual solution ( http://www.snbforums.com/threads/un...estions-discussion-thread-2.67968/post-676058 ) but did not work for me.

Any other tips? I thought about starting over with my attached USB drive but saw it was mentioned I need to do a full reset on the router as well. I'd like to avoid that, but wouldn't mind redoing the USB drive, amtm, entware, etc.
 
I'm having trouble re-installing unbound after uninstalling. I get the following error during install, just after I "enter" to disable logging:

***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

or 'e' exit; then issue debug command

unbound -dv

It seems I have a similar problem as post 145 in this thread. I tried the manual solution ( http://www.snbforums.com/threads/un...estions-discussion-thread-2.67968/post-676058 ) but did not work for me.

Any other tips? I thought about starting over with my attached USB drive but saw it was mentioned I need to do a full reset on the router as well. I'd like to avoid that, but wouldn't mind redoing the USB drive, amtm, entware, etc.
Ensure you have updated the Entware libraries, then you should install unbound.
Worst case scenario is that you may need to reboot, but I doubt a full reset is necessary to correct the unbound issue.
 
Ensure you have updated the Entware libraries, then you should install unbound.
Worst case scenario is that you may need to reboot, but I doubt a full reset is necessary to correct the unbound issue.

Entware update did the trick!
 
Is there a way to keep unbound cache after restart?
On the Advanced menu you can use the dumpcache command, then immediately after the reboot use the restorecache command

Code:
i  = Update unbound and configuration ('/opt/var/lib/unbound/')        l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                    v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
x  = Stop unbound                                                      vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration [filename]
                                                                       rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                               oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                                s  = Show unbound Extended statistics (s=Summary Totals; sa=All; http://10.88.8.1:80/user1.asp)
                                                                       adblock = Install Ad Block [uninstall | update | track]
DisableFirefoxDoH = Disable Firefox DoH [yes | no]                     youtube = Install YouTube Ad Block [uninstall | update]
Stubby = Enable Stubby Integration                                     DoT = Enable DNS-over-TLS
                                                                       firewall = Enable DNS Firewall [disable | ?]
bind = BIND unbound to WAN [debug | disable | debug show]              vpn = BIND unbound to VPN {vpnid [debug]} | [disable | debug show] e.g. vpn 1

scribe = Enable scribe (syslog-ng) unbound logging                     ad = Analyse Diversion White/Block lists ([ file_name [type=adblock] ])
dnsmasq = Disable dnsmasq [disable | interfaces | nointerfaces]        ea = Edit Ad Block Allowlist (eb=Blocklist; eca=Config-AllowSites; ecb=Config-BlockSites; el {Ad Block file})
dumpcache = [bootrest] (or Manually use restorecache after REBOOT)     ca = Cache Size Optimisation [ min | calc ]

<snip>

Alternatively you can use the dumpcache bootrest command and the file will automatically be restored (then immediately deleted) from the post-mount script.

However, be aware that the cache contents will probably be stale if the reboot process isn't completed within say 5-10mins, so perhaps a different technique should be used i.e. seed the cache during the reboot with your custom destination targets, but I doubt this is worth the effort.
 
I wrote a script a while ago to deal with automatic save/restore of unbounds cache. Like @Martineau warns, it only restores on a reboot/startup if the saved cache is 10 mins or less old.

Here is the script (not pretty but works):

Code:
#!/bin/sh
# ubcash - automatic save and restore of unbound cache

case "$1" in
        restore)
        for i in 1 2 3 4 5 6 7 8 9 10; do  # wait for ubound to start (around a minute)
        if [ `pgrep -x "unbound"` ]; then
                rtime=`date | awk '{print $4}'`
                rhour=$(date -d $rtime +%s)
                ftime=`ls -e /jffs/scripts/uncache.txt | awk '{print $9}'`
                fhour=$(date -d $ftime +%s)
                dhour=$(($fhour + 600))  # cache valid time - 10 mins

                if [ $dhour -lt $rhour ]; then
                        logger -t ubcash "Unbound cache too old, no restore"
                        exit;
                else
                        logger -t ubcash "Restored Unbound Cache" ;
                        unbound-control load_cache < /jffs/scripts/uncache.txt

                fi
                break
        else
                sleep 5 # wait for ubound to start
        fi
        done
        ;;

        save)
        logger -t ubcash "Saving Unbound Cache"
        unbound-control dump_cache > /jffs/scripts/uncache.txt ;;
        *) echo "Usage: ubcash [save] [restore]" ; exit 1
         ;;
esac

I add this line to services-stop to save the cache

/jffs/scripts/ubcash save

And this line to services-start to attempt a restore

/jffs/scripts/ubcash restore & # Restore Unbound cache if not too old

Note that it runs in the background - it needs to wait for unbound to start and needs to be unblocking

Optionally you can add a cron job that does a periodic save on the off chance the router crashes (and services-stop is not called). Note that it only runs a few times and hour - so the cache could be stale when the router restarts.

I add this cron job to services-start

cru a UpdateCache "0,15,30,45 * * * * /jffs/scripts/ubcash save"
 
Go figure...

As I was switching between Cake and FlexDoS to test my upload/download speed under both options (was also rebooting just to make sure that the tests were not interfering each other) I checked again my Addons and noticed that the unbound GUI tab was back :p

View attachment 32776

View attachment 32777

Now everything is working back as prior 386.2...

I have spoken too fast, after having running the unbound Manager to check the status, I have noticed that option 6 was again showing "Install Graphical Statistics GUI Add-on TAB" and guest what:

View attachment 32778

View attachment 32779

Well back to square one...
My issue, with the disappearing unbound GUI tab and the "Help & Support" tab,that was also no longer responding, have been finally resolved today after @juched pushed v1.4.1 and that I ran the sgui command from unbound Manager.

The only newly (today) remaining issue, is with the "System Log" display of the "unboung.log":

1617840874018.png


Unfortunately I cannot access the listed directory while the USB drive is mounted and would welcome some directive on how to do so or a solution to enable the proper display of the "unboung.log". Note that I can see the content of the log from option L which list a different directory:

1617843023943.png


Thanks
 
Last edited:
My issue, with the disappearing unbound GUI tab and the "Help & Support" tab,that was also no longer responding, have been finally resolved today after @juched pushed v1.4.1 and that I ran the sgui command from unbound Manager.

The only newly (today) remaining issue, is with the "System Log" display of the "unboung.log":

View attachment 32913

Unfortunately I cannot access the listed directory while the USB drive is mounted and would welcome some directive on how to do so or a solution to enable the proper display of the "unboung.log". Note that I can see the content of the log from option L which list a different directory:

View attachment 32914

Thanks
That should be set by going to the unbound_manager advanced, option3, then scribe. After it has run you should see
Code:
# integration LOG's
#
verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config (v3.06 now deletes this if size grows > 10MB)
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
log-queries: yes
log-replies: yes
use-syslog: yes                            # v1.02 @Martineau Recommended to let scribe/syslog-ng handle the log(s)
#log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
with option v
 
In Unbound, I cannot get the GUI option to work. In the menu, option 6 says Install GUI AddOn tab, but when I do that, it appears like it is installing, but then displays the menu again with the same option 6 to install the GUI and the AddOn tab does not have Unbound. What do I need to do get the GUI installed?

Update: I uninstalled connmon, rebooted the router, then the Unbound tab appeared. Then I reinstalled connmon and now I have both back. So Unbound being on the AddOn tab was blocked by connmon?
 
Last edited:
In Unbound, I cannot get the GUI option to work. In the menu, option 6 says Install GUI AddOn tab, but when I do that, it appears like it is installing, but then displays the menu again with the same option 6 to install the GUI and the AddOn tab does not have Unbound. What do I need to do get the GUI installed?
I had the same issue. Try a reboot if you haven't. That worked for me.
 
I had the same issue. Try a reboot if you haven't. That worked for me.
A simple reboot did not work. I had to uninstall connmon, then reboot, then finally Unbound showed up.

Update: I had to reboot again, and sure enough, both connmom and unbound were again not in the AddOn tab. Based on what I did before, here is the sequence that gets both back in the AddOn tab:

1. Uninstall connmon
2. reboot the router
3. From AMTM, stop unbound
4. Wait 5 secs, then restart unbound
5. Refresh browser tab. Verify unbound is now in the AddOn tab
6. From AMTM, reinstall connmon
7. Re-set up connmon as you want. For me, that means changing the ping IP addr, and the storage to USB
8. Refresh browser tab. Verify that both unbound and connmon are now in the AddOn tab. Good to go!!
 
Last edited:
In Unbound, I cannot get the GUI option to work. In the menu, option 6 says Install GUI AddOn tab, but when I do that, it appears like it is installing, but then displays the menu again with the same option 6 to install the GUI and the AddOn tab does not have Unbound. What do I need to do get the GUI installed?

Update: I uninstalled connmon, rebooted the router, then the Unbound tab appeared. Then I reinstalled connmon and now I have both back. So Unbound being on the AddOn tab was blocked by connmon?
unbound gui was late to the party to update to the new Addons tab code, probably a stale remnant pre-fix not properly solved by upgrading unbound gui

New installs with every other scripts that use Addons area updated should now be fine though
 
Last edited:
That should be set by going to the unbound_manager advanced, option3, then scribe. After it has run you should see
Code:
# integration LOG's
#
verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config (v3.06 now deletes this if size grows > 10MB)
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
log-queries: yes
log-replies: yes
use-syslog: yes                            # v1.02 @Martineau Recommended to let scribe/syslog-ng handle the log(s)
#log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
with option v
Thanks archiel, everything is now working fine.
 
unbound gui was late to the party to update to the new Addons tab code, probably a stale remnant pre-fix not properly solved by upgrading unbound gui

New installs with every other scripts that use Addons area updated should now be fine though
Is it possible to rearrange and lock-in the order of the tabs on the AddOns page? This might solve 2 problems for me: 1. The order would be constant across multiple reboots. Currently it seems that the 1st script to get its brains during a boot gets the 1st slot, etc. I would prefer that scMerlin was always 1st, then ntpMerlin, then connmon, then vn-stat, then unbound, then help, but I realize this is my preferred order and others might prefer something different. For me, it would be OK to modify a config file somewhere to define this order. 2. This might also solve the problem of unbound stomping on connmon and causing neither to display on the AddOn tab.
 
Is there a tutorial/ cookbook for Unbound and Manager beginners? It may be over my head, but heck, every script I'm using is.
tia,
jts
 
I wrote a script a while ago to deal with automatic save/restore of unbounds cache. Like @Martineau warns, it only restores on a reboot/startup if the saved cache is 10 mins or less old.
I'm wondering how people deal with firmware upgrades. Every time I do one, my graphs look like this:
1618582851276.png


It sounds like if I remembered to "dumpcache" I could save the cache? (Remembering being a different challenge ;))

The other thing I wonder is whether the graph itself could allow only showing data from a configured range? Then I could hide the <65% values and see more of the "real" cache hit percent over time. Without something like that (or for me to remember!) my 30 day graph perpetually resembles a square wave.

As a side question, is 80% reasonable? Or should I look at increasing my cache size? It improved quite a bit after a recent update where the TTL was bumped :cool: but always looking for more...

Thanks!
 
As a side question, is 80% reasonable? Or should I look at increasing my cache size? It improved quite a bit after a recent update where the TTL was bumped :cool: but always looking for more...
Think about that. 80% cache hits means 4/5 or 8/10 or 80/100 etc DNS queries are local and do not require an external trip. That should speed up your network, don't you think?

The more important thing to pay attention to is the time chart - sorry, Performance Histogram: it shows how long it takes for a DNS query to be answered by unbound. the 0-1usec spike should be sizable (the tallest/longest), and the majority of the other bars (assuming you're not using the Pie Chart option) should be on the faster side. (my next tallest spike is 16-32ms, and then 32-65ms followed by 65-131ms... 0-1usec is roughtly 2x as tall, but it's an order of magnitude faster. not unremarkable in the least, that)

{I've always had a problem with the binning: how results are sorted and reported, but that's out of @Martineau 's hands IIRC. what I never asked them, however, is if the 0s of the x- and y- axes could be placed at an origin when viewed horizontally, to make it easier to eyeball and say "it looks like most of the DNS lookups by my network are completed below yyy time" (and I would use the second tallest spike of the histogram to estimate a median/average lookup time for that statement). (the scale is lost when set to vertical on mine) <== This is picking nits and pointing out my wishes and not criticizing. It works quite well, thank you very much...don't go messing with this to appease me and my brain. If there's a small chorus of agreement and these can easily be changed/fixed, that's another matter; one that's entirely within their purview to reject}
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top