Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[skeal]

Unbound isn’t really aware of your VPN. It just sits behind dnsmasq, so anything that would normally use your router for DNS will go through Unbound.

If Unbound is working properly, it should show your WAN IP as DNS server in leak tests.

You’ve had quite a streak of bad luck this week.

Thanks for the tip about WAN IP being DNS in this leak test. I got it now. Yeah what a week, now I'm waiting on a RMA for my AX88U.

 

[L&LD]

Hi L&LD - you have this mentioned twice above

1. rrset-cache-slabs:
   1. This should be close to the number of Cores and must be a power of 2. For the RT-AX88U: 4.

Thanks for catching that!

Instant karma! (For being first on @Martineau's 'hall of fame'.

I will be editing that post later. Soon, some sleep and then a pot of coffee when I wake up.

 

[Kingp1n]

Thanks for the tip about WAN IP being DNS in this leak test. I got it now. Yeah what a week, now I'm waiting on a RMA for my AX88U.

@skeal, under VPN client tab under Accept DNS Configuration, what's the outcome when you try the setting to "strict" and input the remark below: dhcp-option DNS 1.1.1.1 under custom configuration? Just curious what you get.

 

[skeal]

@skeal, under VPN client tab under Accept DNS Configuration, what's the outcome when you try the setting to "strict" and input the remark below: dhcp-option DNS 1.1.1.1 under custom configuration? Just curious what you get.

The result is my own public IP.

 

[skeal]

@skeal, under VPN client tab under Accept DNS Configuration, what's the outcome when you try the setting to "strict" and input the remark below: dhcp-option DNS 1.1.1.1 under custom configuration? Just curious what you get.

The secret is to use dnsfilter to designate alternative dns through the tunnel and outside the tunnel.

 

[skeal]

@skeal, under VPN client tab under Accept DNS Configuration, what's the outcome when you try the setting to "strict" and input the remark below: dhcp-option DNS 1.1.1.1 under custom configuration? Just curious what you get.

Oh and leave dns accept set to disabled in the vpn client and set individual dns if desired for the device in dnsfilter.

 

[skeal]

Ok stupid question number uh...2, unbound has dnssec built in, what about DoT?

 

[dave14305]

Ok stupid question number uh...2, unbound has dnssec built in, what about DoT?

It does, but it changes unbound from a recursive resolver to just another forwarder like stubby.

EDIT: with this my 2,000th post, I am now part of the furniture. Please remember me as I was, not as a nice Chesterfield or an ottoman.

 

[skeal]

It does, but it changes unbound from a recursive resolver to just another forwarder like stubby.

EDIT: with this my 2,000th post, I am now part of the furniture. Please remember me as I was, not as a nice Chesterfield or an ottoman.

For you my friend anything but hey, being an ottoman isn't that bad! Nice accomplishment! You are a smart guy sir!

 

[skeal]

It does, but it changes unbound from a recursive resolver to just another forwarder like stubby.

EDIT: with this my 2,000th post, I am now part of the furniture. Please remember me as I was, not as a nice Chesterfield or an ottoman.

Do you have to select the integrate with stubby option during the install?

 

[dave14305]

Do you have to select the integrate with stubby option during the install?

No, I’ve always felt that is a less-than-desirable integration. To make unbound do DoT, you would add a forward zone to the DoT provider of choice. I don’t even recommend that though.

forward-zone:
    name: "."
    forward-addr: 1.1.1.1@853#cloudflare-dns.com
    forward-tls-upstream: yes

 

[skeal]

No, I’ve always felt that is a less-than-desirable integration. To make unbound do DoT, you would add a forward zone to the DoT provider of choice. I don’t even recommend that though.

forward-zone:
    name: "."
    forward-addr: 1.1.1.1@853#cloudflare-dns.com
    forward-tls-upstream: yes

So basically defaults is just fine then? With the exception of the above mentioned memory hacks?

 

[dave14305]

So basically defaults is just fine then? With the exception of the above mentioned memory hacks?

Yes. Works fine for me. I would not go down the road of using Stubby or AdBlock or Firefox DoH because the firmware or Diversion already handles those very well.

 

[RMerlin]

Recent versions of the firmware allow you to assign a specific DNS server to your DHCP reservations. That's how I have my mobile devices routed through Pi-Hole, but keep everything else going through the regular DNS servers.

 

[Jack Yaz]

Recent versions of the firmware allow you to assign a specific DNS server to your DHCP reservations. That's how I have my mobile devices routed through Pi-Hole, but keep everything else going through the regular DNS servers.

Pi-Hole and not Diversion?

 

[RMerlin]

Pi-Hole and not Diversion?

I only want these two mobile devices behind it, and I wanted something more capable than my router. My Xen server runs the Pi-Hole VM, and its i5 5200U can easily handle anything that I throw at it without putting any strain on my router's weaker CPU.

 

[^Tripper^]

Been sitting on the fence about unbound for awhile and finally decided to jump in since I’m on the .15 beta anyways. Happy to report everything seems stable on my 86U so far. And, dare I say it, the interweb seems snappier!

 

[thelonelycoder]

For those expecting amtm support soon for Unbound
The good: Unbound will make it into amtm at some point in the future.
The bad: At the moment I have to concentrate on more pressing matters regarding my own scripts, they have precedence at the moment.
I am a one man show and have only limited resources. I hope you folks understand and let me code in peace.
Thanks

 

[JemTheWire]

Understandably your own scripts take priority.
Unbound in AMTM would be a 'nice to have' but it is just that, 'nice to have'.

Thank you for your hard work. It is most appreciated.

 

[Mutzli]

Is it normal that after updating the firmware or rebooting the router you have to reconfigure the unbound installation to get it working again?
As reported above, after rebooting the router my clients had no internet access. Running i = Update unbound Installation fixed the problem.