What's new

Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Here are the contents of that file -
Code:
rpz:
name: rpz.urlhaus.abuse.ch
#url: "https://urlhaus.abuse.ch/downloads/rpz/"
zonefile: /opt/var/lib/unbound/rpz.urlhaus.abuse.ch.zone
rpz-log: yes
rpz-log-name: "rpz.urlhaus.abuse.ch"
rpz-action-override: nxdomain
And?
 
I thought you wanted me to check the RPZ zone configuration file referred to in the 'include' message so this is it? File is there, why isn't the firewall working?
 
I thought you wanted me to check the RPZ zone configuration file referred to in the 'include' message so this is it? File is there, why isn't the firewall working?
It's working now, not sure what was going on before. Thanks for your help.

Nov 22 17:57:46 RT-AC68U-20E0 unbound: [6063:0] info: RPZ applied [rpz.urlhaus.abuse.ch] alatieq.com. nxdomain 192.168.1.8@55448 alatieq.com. A IN
Nov 22 17:57:46 RT-AC68U-20E0 unbound: [6063:0] reply: 192.168.1.8 alatieq.com. A IN NXDOMAIN 0.000000 1 29
 
How do I make the Graphical Display option sticky? After I enable it, later when the router reboots, that option goes back to disabled, requiring me to go back into amtm to reenable it. But for the time that it is off, I do not have statistics, even if I do an Update Stats.

Update: I tried 3.23bC to see if it fixed this problem but it did not. Is there something I need to add to a config file to have this option enabled after a reboot?
 
Last edited:
I just did my weekly login to amtm and hit option u to update and got this error:
Code:
 ! unbound Manager: raw.githubusercontent.com unreachable

 Update(s) aborted, could not retrieve version

@Martineau - AC86, current Merlin release (386.3_2)...are you cooking something up?
 
I just did my weekly login to amtm and hit option u to update and got this error:
Code:
 ! unbound Manager: raw.githubusercontent.com unreachable

Update(s) aborted, could not retrieve version

@Martineau - AC86, current Merlin release (386.3_2)...are you cooking something up?
The stable version v3.22 was last updated 10 months ago.

The dev version v3.23bB contains a couple of fixes/enhancement and was last updated 8 days ago.

You cannot retrieve the dev version via amtm, you will need to manually issue
Code:
e  = Exit Script [?]

E:Option ==> uf dev
and since amtm is not aware of manually applied dev versions, it should revert back to the stable version

e.g. works for me....
Code:
 amtm 3.2.0 FW             by thelonelycoder
RT-AC86U (aarch64) FW-386.4 @ 192.168.1.1
    The Asuswrt-Merlin Terminal Menu        

5  open     scribe                    v2.4.3

7  open     unbound Mgr    v3.23bA   <- v3.22
<snip>

Third party script update(s) available! Use
the scripts own update function to update.
_____________________________________________

Enter option  7

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23bA by Martineau                     |
|                                                                      |
+======================================================================+
unbound (pid 3131) is running... uptime: 0 Days, 05:50:14 version: 1.13.2 # Version=v1.13 Martineau update (Date Loaded by unbound_manager Mon Nov 1 16:59:06 GMT 2021)

1  = Update unbound files and configuration                   5  = Uninstall Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                           6  = Uninstall Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                             7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                                  8  = Install YouTube Ad blocker
                                                              9  = Install Safe Search e.g. google.com->forcesafesearch.google.com

?  = About Configuration                  
v  = View ('/opt/var/lib/unbound/unbound.conf')      

e  = Exit Script [?]

E:Option ==> u

    unbound_manager.sh downloaded successfully

unbound Manager UPDATE Complete! 6b4a500c071bcbb3f4a6e9596a178d43

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.22 by Martineau                       |
|                                                                      |
+======================================================================+
 
Last edited:
The latest version of unbound_manager for me is 3.23bB.
Unbenannt.PNG
 
Last edited:
I have a doubt, that unbound_manager does not save the cache properly.
The larger the cache gets, the lesser is saved when "rs".

Code:
11:51:43 Checking 'unbound.conf' etc. for valid Syntax.....
11:51:43 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=5110/4640 rrset.cache=8250/7570
11:51:43 Requesting unbound (S61unbound) restart.....
Shutting down unbound...              done.
Starting unbound...              done.
11:51:45 Checking status, please wait.....
11:51:47 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2021-11-28 11:51:43) msg.cache=0/4640 rrset.cache=0/7570
11:51:47 unbound OK
 
The stable version v3.22 was last updated 10 months ago.

The dev version v3.23bB contains a couple of fixes/enhancement and was last updated 8 days ago.

You cannot retrieve the dev version via amtm, you will need to manually issue
Code:
e  = Exit Script [?]

E:Option ==> uf dev
and since amtm is not aware of manually applied dev versions, it should revert back to the stable version

e.g. works for me....
Code:
 amtm 3.2.0 FW             by thelonelycoder
RT-AC86U (aarch64) FW-386.4 @ 192.168.1.1
    The Asuswrt-Merlin Terminal Menu       

5  open     scribe                    v2.4.3

7  open     unbound Mgr    v3.23bA   <- v3.22
<snip>

Third party script update(s) available! Use
the scripts own update function to update.
_____________________________________________

Enter option  7

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23bA by Martineau                     |
|                                                                      |
+======================================================================+
unbound (pid 3131) is running... uptime: 0 Days, 05:50:14 version: 1.13.2 # Version=v1.13 Martineau update (Date Loaded by unbound_manager Mon Nov 1 16:59:06 GMT 2021)

1  = Update unbound files and configuration                   5  = Uninstall Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                           6  = Uninstall Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                             7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                                  8  = Install YouTube Ad blocker
                                                              9  = Install Safe Search e.g. google.com->forcesafesearch.google.com

?  = About Configuration                 
v  = View ('/opt/var/lib/unbound/unbound.conf')     

e  = Exit Script [?]

E:Option ==> u

    unbound_manager.sh downloaded successfully

unbound Manager UPDATE Complete! 6b4a500c071bcbb3f4a6e9596a178d43

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.22 by Martineau                       |
|                                                                      |
+======================================================================+
v3.22 is what I'm running - wasn't trying to go to dev version, just checking my "up-to-dateness"
Tried a 'u' in amtm again just now and the error is gone...must've been a github hiccup
I know it has been a while since an update - that's why I check on a regular basis for everything - to make sure that I've the latest release versions. the event I experienced caused me to ponder the possibility you were pushing a new version
 
I have a doubt, that unbound_manager does not save the cache properly.
The larger the cache gets, the lesser is saved when "rs".

Code:
11:51:43 Checking 'unbound.conf' etc. for valid Syntax.....
11:51:43 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=5110/4640 rrset.cache=8250/7570
11:51:43 Requesting unbound (S61unbound) restart.....
Shutting down unbound...              done.
Starting unbound...              done.
11:51:45 Checking status, please wait.....
11:51:47 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2021-11-28 11:51:43) msg.cache=0/4640 rrset.cache=0/7570
11:51:47 unbound OK
NOTE: As stated in the unbound-control manual

1638170910060.png


I have stated in previous posts, that to eliminate any possibility of stale/invalid cache entries being restored, ideally the 'debugging' Cache load feature should really be removed from unbound_manager in favour of a custom cache seeding script that is invoked when starting unbound but currently for most users it works and provides a benefit.

However, your doubt's valid, the reported restored Cache metrics is technically correct but clearly misleading, consequently I have uploaded unbound_manager Beta v3.23bC to the Github dev branch to correct the report - i.e. the restored cache metric is not actually 0.

To Upgrade/test use
Code:
e  = Exit Script [?]

A:Option ==> uf dev
 
Last edited:
Starting seeing adds after rebooting router so decide to troubleshoot.
Now looks like unbound won’t start. rs hangs at this message. @Martineau
S61unbound: Waiting for NTP to sync before starting Unbound...
 
Starting seeing adds after rebooting router so decide to troubleshoot.
Now looks like unbound won’t start. rs hangs at this message. @Martineau
S61unbound: Waiting for NTP to sync before starting Unbound...
Which version of unbound_manager are you running?
 
I can't immediately think of anything in Beta v3.23bX that can/would impact/influence the external NTP sync (nor indeed the S61unbound script)

Hopefully the router is showing the correct time, and nvram get ntp_ready = 1 when the rs command fails?

Presumably you have rebooted and unbound still fails to start because nvram get ntp_ready = 0 ?

Perhaps you can search the 'Failed to sync NTP thread' and try the suggested workarounds?
 
I can't immediately think of anything in Beta v3.23bX that can/would impact/influence the external NTP sync (nor indeed the S61unbound script)

Hopefully the router is showing the correct time, and nvram get ntp_ready = 1 when the rs command fails?

Presumably you have rebooted and unbound still fails to start because nvram get ntp_ready = 0 ?

Perhaps you can search the 'Failed to sync NTP thread' and try the suggested workarounds?
Started working after another reboot. Yes I did reboot before. Yes nvram get ntp_ready = 1 when it failed to restart. I will do some more research as saw NTP fail message in skynet logs just before but unbound is working fine now and yes router time was also correct.
 
@Martineau
Sorry, me again.
I still think, that unbound_manager isn't restoring all of the saved cache, see:
Code:
A:Option ==> rs

21:07:15 Checking 'unbound.conf' etc. for valid Syntax.....
21:07:15 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=1299/1171 rrset.cache=1975/1879
21:07:15 Requesting unbound (S61unbound) restart.....
Shutting down unbound...              done.
Starting unbound...              done.
21:07:16 Checking status, please wait.....
21:07:19 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2021-12-03 21:07:15) msg.cache=1060/1060 rrset.cache=1850/1850
21:07:19 unbound OK
The numbers of the restore are way lower then the saved ones.
I'm using unbound_manager 3.23bC
 
Last edited:
I still think, that unbound_manager isn't restoring all of the saved cache, see:
<sigh>

This has been discussed ad nauseam, and I repeat is outside of my control :rolleyes:.

i.e. You can manually (outside of unbound_manager) dump/restore the unbound cache using the debugging commands and there is inevitably a drop in the number of reported cached entries.
The numbers of the restore are way lower then the saved ones.
IMHO I'm not sure that 'way lower' is an appropriate statement

i.e.

msg cache has reduced by 19.1%
rrset cache has reduced by 6.3%

based on your reported metrics shown below:
Code:
A:Option ==> rs

21:07:15 Checking 'unbound.conf' etc. for valid Syntax.....
21:07:15 Saving unbound cache to '/opt/share/unbound/configs/cache.txt' msg.cache=1299/1171 rrset.cache=1975/1879
21:07:15 Requesting unbound (S61unbound) restart.....
Shutting down unbound...              done.
Starting unbound...              done.
21:07:16 Checking status, please wait.....
21:07:19 Restoring unbound cache from '/opt/share/unbound/configs/cache.txt' (2021-12-03 21:07:15) msg.cache=1060/1060 rrset.cache=1850/1850
21:07:19 unbound OK
Feel free to raise your complaint with the unbound authors on their GitHub

Issues · NLnetLabs/unbound · GitHub
 
Last edited:
No issues here. Do you diversion or Skynet? That could be another possibility.
I've made some research whitelisting monster.com in Slynet and disabling it at all. No result. Seems unbound fails to ressolve the host for some reason.
Can it be caused on my home IP basis? Because installation in other country really works well.

If so - how to overcome it?
 
Last edited:
How do I make the Graphical Display option sticky? After I enable it, later when the router reboots, that option goes back to disabled, requiring me to go back into amtm to reenable it. But for the time that it is off, I do not have statistics, even if I do an Update Stats.

Update: I tried 3.23bC to see if it fixed this problem but it did not. Is there something I need to add to a config file to have this option enabled after a reboot?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top