Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Lurkmaster]

I also wanted to add that when I experienced issues with amtm and unbound menus the internet access is working just fine.
For whatever reason amtm would give me "err upd" for all packages and unbound menu took minutes to come up but it was hanging.

@Markster The exact conditions you report with amtm errs happened to me a couple days ago. I did three things that seem to have resolved it all, although it could have only been one of them since I did them all at once.

1) Changed the attribute num_threads to 2 (from 1) in my unbound.config and reloaded.
This gave me two unbound software threads.
2) Enabled (changed to yes) Tools->Other settings->Wan: Use local caching DNS server as system resolver. This gave me a resolver on the router at 127.0.0.1 (as seen elsewhere in this thread).
3) Against all my nature as a 27+ year unix sysadmin, I rebooted the router 3 times in succession, waiting ~15 minutes between each one. What this gives me over just one reboot I have no idea, maybe nothing. This came from giving @L&LD the benefit of the doubt.

Now I have clean and fast amtm function with no errors.

 

[bluzfanmr1]

Out of curiosity, I was testing, with unbound enabled, the response times of the root servers (a.root-servers.net - m.root-servers.net) from my location. I found that, just like any DNS server, the responses vary wildly.

Does anyone know if unbound takes note of the fastest server(s) and uses those? Is this a relevant method to test unbound?

 

[Deleted member 62525]

@Markster The exact conditions you report with amtm errs happened to me a couple days ago. I did three things that seem to have resolved it all, although it could have only been one of them since I did them all at once.

1) Changed the attribute num_threads to 2 (from 1) in my unbound.config and reloaded.
This gave me two unbound software threads.
2) Enabled (changed to yes) Tools->Other settings->Wan: Use local caching DNS server as system resolver. This gave me a resolver on the router at 127.0.0.1 (as seen elsewhere in this thread).
3) Against all my nature as a 27+ year unix sysadmin, I rebooted the router 3 times in succession, waiting ~15 minutes between each one. What this gives me over just one reboot I have no idea, maybe nothing. This came from giving @L&LD the benefit of the doubt.

Now I have clean and fast amtm function with no errors.

Thankx, I will followup when home. Appreciate it.

 

[SomeWhereOverTheRainBow]

Oh look it already is on supported routers

View attachment 21428

P.S. Why can't you name the router/firmware you are using?

Is it ILLEGAL perchance?

While name=${illegal_purchase}, do
Sleep 1
Done

 

[Deleted member 62525]

@Markster The exact conditions you report with amtm errs happened to me a couple days ago. I did three things that seem to have resolved it all, although it could have only been one of them since I did them all at once.

1) Changed the attribute num_threads to 2 (from 1) in my unbound.config and reloaded.
This gave me two unbound software threads.
2) Enabled (changed to yes) Tools->Other settings->Wan: Use local caching DNS server as system resolver. This gave me a resolver on the router at 127.0.0.1 (as seen elsewhere in this thread).
3) Against all my nature as a 27+ year unix sysadmin, I rebooted the router 3 times in succession, waiting ~15 minutes between each one. What this gives me over just one reboot I have no idea, maybe nothing. This came from giving @L&LD the benefit of the doubt.

Now I have clean and fast amtm function with no errors.

The recommendation for Tools->Other->WAN: Use Local Caching for DNS was to set it to No.
Ok, so I have switched it to Yes and ssh to my router and amtm and unbound menu is snappy again without errors. I will watch it for few days and see how it goes.

Thanks Lurkmaster

 

[Deleted member 62525]

FYI, found these urls that are vary good at testing DNS.

1. https://cmdns.dev.dns-oarc.net/
2. https://www.dns-oarc.net/oarc/services/dnsentropy
3. https://anonymster.com/dns-leak-test/

enjoy

 

[Val D.]

So, after 30 pages of setting things up and testing, whats the community preference - Unbound as local resolver or Unbound as forwarder with DoT? I don't have an ASUS router to test at the moment, but what produces better results on a router hardware? I've been using both variants on my pfSense box, the speed visually is the same, both have pros and cons privacy wise. Currently it is set as forwarder with DoT to Cloudflare, they have 6 servers in my city, as fast as they can possibly be.

Special thanks to @rgnldo and @Martineau for making things possible on a consumer router and to all other actively testing, hosting, bug reporting, etc. SNB community members. This is really a great team work example.

 

[Treadler]

So, after 30 pages of setting things up and testing, whats the community preference - Unbound as local resolver or Unbound as forwarder with DoT? I don't have an ASUS router to test at the moment, but what produces better results on a router hardware? I've been using both variants on my pfSense box, the speed visually is the same, both have pros and cons privacy wise. Currently it is set as forwarder with DoT to Cloudflare, they have 6 servers in my city, as fast as they can possibly be.

Special thanks to @rgnldo and @Martineau for making things possible on a consumer router and to all other actively testing, hosting, bug reporting, etc. SNB community members. This is really a great team work example.

IMHO, run Unbound as recursive dns. (Stubby not integrated).

Once the local cache gets populated, things get very speedy. Not that there are any issues from the get go.

I don’t do any manual messing with the defaults (no. of threads etc.).
Tried some, no apparent difference from bog standard.

FWIW I’m using the Adblock supplied with Unbound as well. So far, so good. Diversion is a hard act to follow though.......

I hear you re Cloudflare, they have recently fired up near me. I still think Unbound has the edge though.

Your experience may differ.

 

[Centrifuge]

2) Enabled (changed to yes) Tools->Other settings->Wan: Use local caching DNS server as system resolver. This gave me a resolver on the router at 127.0.0.1 (as seen elsewhere in this thread).

In the help popup in the gui, this diverts queries to the local dnsmasq for caching and resolution, and only effects router queries not client queries. It also says do not enable unless you use a script that explicitly requires it (like what script). The unbound_manager script requires that it be disabled during install, so a little confused. If it's left disabled does that mean unbound will resolve router queries anyway, and why would queries resolved by unbound be a problem for amtm? I'm ready to go yes, just don't understand why this would help.

 

[Treadler]

In the help popup in the gui, this diverts queries to the local dnsmasq for caching and resolution, and only effects router queries not client queries. It also says do not enable unless you use a script that explicitly requires it (like what script). The unbound_manager script requires that it be disabled during install, so a little confused. If it's left disabled does that mean unbound will resolve router queries anyway, and why would queries resolved by unbound be a problem for amtm? I'm ready to go yes, just don't understand why this would help.

Ive broken the rules & changed to “yes”, nothing untoward seen (yet?).

 

[dave14305]

If it's left disabled does that mean unbound will resolve router queries anyway, and why would queries resolved by unbound be a problem for amtm? I'm ready to go yes, just don't understand why this would help.

When it’s set to No, you have to be sure you have valid WAN DNS servers setup in the GUI. And it’s probably better to leave DNS Privacy disabled because it adds another entry to the resolv.conf the router would use for its own lookups.

So if setting it to Yes fixes the issue, then something about your WAN DNS settings (apart from Unbound) are unable to resolve the necessary hostnames.

 

[Kingp1n]

When it’s set to No, you have to be sure you have valid WAN DNS servers setup in the GUI. And it’s probably better to leave DNS Privacy disabled because it adds another entry to the resolv.conf the router would use for its own lookups.

So if setting it to Yes fixes the issue, then something about your WAN DNS settings (apart from Unbound) are unable to resolve the necessary hostnames.

@dave14305 ...should "connect to DNS server automatically" be set to: yes while using unbound? I currently have it to 'no' and under WAN DNS I have manually set cloudflare DNS (1.1.1.1 and 1.0.0.1), however when I do a nslookup when set to no it does not use server 127.0.0.1 but cloudflares.

 

[dave14305]

should "connect to DNS server automatically" be set to: yes while using unbound?

It doesn’t matter. If set to No, make sure you’re using good reliable DNS servers.

 

[L&LD]

The recommendation for Tools->Other->WAN: Use Local Caching for DNS was to set it to No.
Ok, so I have switched it to Yes and ssh to my router and amtm and unbound menu is snappy again without errors. I will watch it for few days and see how it goes.

Thanks Lurkmaster

I had a similar issue. The real solution (for myself) is to find faster DNS servers for the WAN section. you don't have that set to 'Auto', do you?

 

[Deleted member 62525]

I had a similar issue. The real solution (for myself) is to find faster DNS servers for the WAN section. you don't have that set to 'Auto', do you?

WAN Auto is set to "No". Once I set Tools->Others-> WAN: Use local DNS to Yes everything is working fine so far and no issues.
Reading many threads I guess there is a misunderstanding about this flag. For unbound it should be set to Yes.

 

[L&LD]

No, I mean to set 'Connect to DNS servers Automatically' set to 'No' and choose DNS servers (i.e. CloudFlare, Quad9, etc.).

Read what @dave14305 posted above.

Then choose WAN DNS servers manually and set 'Use Local DNS...' to 'No', as recommended.

 

[Kingp1n]

No, I mean to set 'Connect to DNS servers Automatically' set to 'No' and choose DNS servers (i.e. CloudFlare, Quad9, etc.).

Read what @dave14305 posted above.

Then choose WAN DNS servers manually and set 'Use Local DNS...' to 'No', as recommended.

@L&LD, by following your instructions, when doing a nslookup, the servers used show as cloudflare (1.1.1.1) vs 127.0.0.1. However if you changed to yes under use local caching DNS (under tools)....the server now shows 127.0.0.1....guess it depends what each user is looking for.

 

[L&LD]

nslookup from where? A client or the router running Unbound?

 

[Kingp1n]

Network Tools > Network Analysis > Method. Choose nslookup from drop down tab

By gng here thru router...I looked up ibm.com as an example

 

[L&LD]

@Kingp1n, then it's by using the router...

And what shows when using a client device on that unbound network?