Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Martineau]

Anyone ever seen this error msg:

unbound-checkconf: error while loading shared libraries: libevent-2.1.so.7: cannot open shared object file: No such file or directory

I'm basically trying to install unbound to test something.

See 13th Sep. 2020 Entware fix

 

[zaxcom]

so I am trying to re-install to go into advanced mode. But no matter what I try I get a standard install. I am not getting the option to use an i as an option mode. In fact my menu shows a 1. See attached. So entering i all or i 5 results in an error.

Any ideas on this?

 

[heysoundude]

Any ideas on this?

try unbound_manager advanced at the command line

 

[zaxcom]

I cant, when I use the "i" command it to do an advanced install it says error. only allows standard

 

[heysoundude]

just install unbound, follow the prompts in the script, and then issue unbound_manager advanced at the command line.
It's there by default with each install, but the interface only shows you the basics unless you specifically tell it you want to be advanced (outside of amtm)
It discourages messing with the config (when it just simply works automagically) unless you absolutely have to and have a really good idea of what you're doing.

 

[zaxcom]

I guess I am not being clear. When the install page comes up I get a box that gives me options to to the advanced install. All the commands according to the Wiki page should start with the letter i. But in my window I don't see a letter i as an option, it actually shows a 1. So entering a command such as i 5 comes back as an error. If I type just the letter i it acts as though I typed a 1and does a standard install, never giving me an option to do anything else.

 

[zaxcom]

Ok, stupidity on my part, I thought I had to enter the command while still in Unbound on terminal. Backed out of amtm and was able to enter the correct command.

So now back to the original question, confirming that Unbound is using the Root Servers for IPv6 and not my ISP. I entered s query and got this.


Thanks to all of your for your patience with me on this. I don't muck around in terminal too much beyond following prewritten scripts.

 

[heysoundude]

look at your unbound.conf file option 'v' in advanced
scroll down a bit and you should see "Integration IPv6" and do-ip6:yes

 

[zaxcom]

look at your unbound.conf file option 'v' in advanced
scroll down a bit and you should see "Integration IPv6" and do-ip6:yes

Sure do, thx

 

[Slawek P]

So your num.query.ipv6 stats metric is now no longer 0 ?

Yes ipv6 counter works -it counts query hitting unbound via IPv6.

But I can't find optimal interface/allow ipv6 settings for unbound.conf.
Strangly my windows client nslookup is now getting ipv6 dns queries refused. And I do know why exactly - it worked yesterday, *sigh*.
Also I do not quite understand what is Asus router broadcasting logic for DNS IPv6, sometimes 2a00:: address gets included, but sometimes only broadcasts IPv4 DNS server.
I have also tried interface: fe80::1 in unbound.conf, but that did not work and neither is brodcasted to clients

 

[gspannu]

Ok, stupidity on my part, I thought I had to enter the command while still in Unbound on terminal. Backed out of amtm and was able to enter the correct command.

Can you elaborate how you eventually entered the command? I assume you entered the command on the ssh prompt.
Can you send a screenshot of your command?

 

[Martineau]

Can you elaborate how you eventually entered the command? I assume you entered the command on the ssh prompt.
Can you send a screenshot of your command?

There is a link in Post #1 to the Github unbound_manager 'Read me', and if you scroll down you can see two methods providing instructions on how to switch between 'Easy' and 'Advanced' menu mode

 

[zaxcom]

I did the s query again today and IPv6 still shows 0. If I go to IPv6 test sites they report my connection is fully running IPv6, but it looks like none of my DNS queries are using it.

 

[dave14305]

I did the s query again today and IPv6 still shows 0. If I go to IPv6 test sites they report my connection is fully running IPv6, but it looks like none of my DNS queries are using it.

If dnsmasq is still enabled, all queries forwarded from dnsmasq to Unbound will be over the IPv4 loopback interface, so there would be no incoming IPv6 queries from Unbound’s point of view.

 

[zaxcom]

If dnsmasq is still enabled, all queries forwarded from dnsmasq to Unbound will be over the IPv4 loopback interface, so there would be no incoming IPv6 queries from Unbound’s point of view.

ahhh. So to turn off masq or not. I don't know enough about the pros/cons of that.

 

[Mutzli]

I did the s query again today and IPv6 still shows 0. If I go to IPv6 test sites they report my connection is fully running IPv6, but it looks like none of my DNS queries are using it.

If you want to check if unbound handles your IPv6 correctly you can temporarily forward your DNS to an external DNS like Cloudflare. Activate a forward-zone in unbound.conf, for example:

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
forward-zone:#DoT                                                    # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Save unbound.conf and restart unbound. Now you can track your IP traffic with tcpdump:

tcpdump -ni eth0 -p port 53 or port 853

This should show you all IPv6 requests handled as a full IPv6 call and response. Don't forget to switch back or your DNS will be handled by the forwarder and not unbound.

 

[zaxcom]

ok, something to try this evening after work. thx

 

[dave14305]

ok, something to try this evening after work. thx

Run this site test: https://cmdns.dev.dns-oarc.net/
It will test IPv6 transport.

 

[zaxcom]

Looks good.

 

[dave14305]

Looks good.

Click on the Transport circle and it will show that it tested IPv6 lookups.