Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[ugandy]

bummer. github is having trouble. and i got this:

A:Option ==> uf

Forced Update

'unbound_manager.sh' download FAILED with curl error 500

Rerun unbound_manager nochk and select the Remove unbound/unbound_manager option


Router Configuration recommended pre-reqs status:

[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Entware NTP server is running
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO

Options: Auto Reply='y' for User Selectable Options ('1 4 5') unbound Logging,Performance Tweaks,Firefox DoH

[✔] unbound Logging
[✔] unbound CPU/Memory Performance tweaks
[✔] Firefox DNS-over-HTTPS (DoH) DISABLE/Blocker
[✔] Router Graphical GUI statistics TAB installed
[✔] unbound-control FAST response ENABLED
[✔] unbound requests via VPN Client 2 (10.120.10.32) tunnel ENABLED


cromo@RT-AX88U-8158:/tmp/home/root# unbound_manager advanced
/opt/bin/unbound_manager: line 1: 500:: not found
cromo@RT-AX88U-8158:/tmp/home/root#
cromo@RT-AX88U-8158:/tmp/home/root# unbound_manager nochk
/opt/bin/unbound_manager: line 1: 500:: not found
cromo@RT-AX88U-8158:/tmp/home/root#


unbound process is still up, but i need to redownload the unbound_manager script


fixed.

update should check success download prior to modifying unbound_manager.sh

manually downloaded script from github

repeated "uf" all ok. unbound.log still reporting queries. original behavior not reproduceable

 

[glehel]

in my case, i was missing the /jffs/scripts/openvpn-event file, that i was able to create, after searching the forum on the topic of vpn events. other than that , with the latest hotfix, works great thanks!
[edit] i also added:
/opt/etc/syslog-ng.d/openvpn and /opt/etc/logrotate.d/openvpn for easier event tracking
[edit2]
i'd say that to add this to the easy menu, maybe the creation of these scripts needs to be automated

openvpn-event file what's the content?

 

[ugandy]

openvpn-event file what's the content?

cromo@RT-AX88U-8158:/tmp/home/root# cat /jffs/scripts/openvpn-event
#!/bin/sh
###########################################################################################################
# Script: openvpn-event
# VERSION=1.0.1
# Author: John9527, Martineau, Xentrk
# Last Updated Date: 13-October-2019
#
# Description:
# Original Script by John9527:
# https://www.snbforums.com/threads/f...lts-releases-v39e3.18914/page-238#post-294825
#
# Updated Script by John9527
# https://www.snbforums.com/threads/s...pn-port-5060-blocked.41585/page-2#post-352772
#
# Implemented additional patches suggested by Martineau
# https://www.snbforums.com/threads/s...pn-port-5060-blocked.41585/page-2#post-352834
# https://www.snbforums.com/threads/x...swrt-merlin-firmware.57793/page-7#post-520433
#
# Modified by Xentrk for x3mRouting project
############################################################################################################
# shellcheck disable=SC2154
# shellcheck disable=SC2048
# shellcheck disable=SC2086

PROJECT_REPO="/jffs/scripts/x3mRouting"
PROJECT_REPO="/jffs/scripts"

scr_name="$(basename "$0")[$$]"

#Determine Caller

case "$1" in
"tun11")
vpn_name="client1"
;;
"tun12")
vpn_name="client2"
;;
"tun13")
vpn_name="client3"
;;
"tun14")
vpn_name="client4"
;;
"tun15")
vpn_name="client5"
;;
"tun21")
vpn_name="server1"
;;
"tun22")
vpn_name="server2"
;;
*)
vpn_name=""
;;
esac

# Call appropriate script based on script_type
vpn_script_name="vpn$vpn_name-$script_type"
vpn_script_log="/tmp/vpn${vpn_name}_state"

# Check script state
vpn_script_state=$(cat $vpn_script_log 2>/dev/null)
if [ "$vpn_script_name" = "$vpn_script_state" ]; then
echo "VPN script $vpn_script_name already run" | logger -t "$scr_name"
exit 0
fi

# Execute and log script state
if [ -f "$PROJECT_REPO/$vpn_script_name" ]; then
echo "$vpn_script_name" >"$vpn_script_log"
echo "Running $PROJECT_REPO/$vpn_script_name $*" | logger -t "$scr_name"
sh "$PROJECT_REPO/$vpn_script_name" $*
else
echo "Script not defined for event: $vpn_script_name" | logger -t "$scr_name"
echo "${vpn_script_name}-NOSCRIPT" >"$vpn_script_log" # (or nvram set vpn_script_state="${vpn_script_name}-NOSCRIPT"")
exit 0
fi

exit 0

 

[Kingp1n]

openvpn-event file what's the content?

@ugandy, I really appredciate this...one last request..what is the content in OpenVPN under these 2 folders:

/opt/etc/syslog-ng.d/openvpn and /opt/etc/logrotate.d/openvpn

 

[ugandy]

@ugandy, I really appredciate this...one last request..what is the content in OpenVPN under these 2 folders:

/opt/etc/syslog-ng.d/openvpn and /opt/etc/logrotate.d/openvpn

those you can copy from
/opt/share/syslog*/examples/ and /opt/share/logrotate*/examples/
respectively

 

[juched]

This is what I am getting

ASUSWRT-Merlin RT-AX88U 384.16_0 Sun Apr 5 17:38:13 UTC 2020
admin@JUANDOASUS:/tmp/home/root# cru l
00 2 * * Fri sh /opt/share/diversion/file/update-bl.div reset #Diversion_UpdateBL#
20 5 * * * sh /opt/share/diversion/file/rotate-logs.div #Diversion_RotateLogs#
20 17 * * * diversion count_ads count #Diversion_CountAds#
25 17 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#
15 1 * * Mon sh /jffs/scripts/firewall update #Skynet_autoupdate#
0 * * * * sh /jffs/scripts/firewall save #Skynet_save#
54 */12 * * * sh /jffs/scripts/firewall debug genstats #Skynet_genstats#
0 * * * * /jffs/scripts/uiDivStats generate #uiDivStats#
5 0 * * * /opt/sbin/logrotate /opt/etc/logrotate.conf >> /opt/tmp/logrotate.daily 2>&1 #logrotate#
30 3 * * * /jffs/scripts/FreshJR_QOS -check #FreshJR_QOS#

I checked Unbound and the last update was this morning ... when I pushed the manual updated for the stats.

View attachment 22901

Odd, seems you do not have either the log or the stats scheduled. This is fixed by running:

/jffs/addons/unbound/unbound_stats.sh install

Let me know if that gets stats going every hour. This should have been called by unbound_manager.sh, perhaps during upgrade something is missed... hmm..

 

[juched]

juched, Regarding the advanced statistics, I get the following picture. If I look to the posts in this thread, it seems that I missed something.

View attachment 22905

View attachment 22907

I installed the GUI again, changed the logs in the unbound.config and did a restart of unbound.
Here also my configuration regarding logs, I tried even to activate everything but no effect until now...

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
log-queries: yes
log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Let scribe/syslog-ng handle the log as it gets erased daily if Ad Block enabled :-(
log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

Any idea what I can change?

OK, your logs seems to be an a different format. Can you push a snippet of your unbound.log? I think I focused on when syslog is used, perhaps without it on your system it is different. You should be able to find your logs at /opt/var/lib/unbound/unbound.log.

The other option would be to try turning on scribe. and using the "scribe" command in unbound_manager (advanced mode) to output to the System log.

Thanks.

 

[Chris0815]

OK, your logs seems to be an a different format. Can you push a snippet of your unbound.log? I think I focused on when syslog is used, perhaps without it on your system it is different. You should be able to find your logs at /opt/var/lib/unbound/unbound.log.

The other option would be to try turning on scribe. and using the "scribe" command in unbound_manager (advanced mode) to output to the System log.

Thanks.

/opt/var/lib/unbound/unbound.log

Apr 21 21:41:36 unbound[4774:0] reply: 127.0.0.1 api-glb-bln.smoot.apple.com. A IN NOERROR 0.000000 1 61
Apr 21 21:41:37 unbound[4774:0] query: 127.0.0.1 xp.itunes-apple.com.akadns.net. A IN
Apr 21 21:41:37 unbound[4774:0] query: 127.0.0.1 de.wikipedia.org. A IN
Apr 21 21:41:37 unbound[4774:0] reply: 127.0.0.1 xp.itunes-apple.com.akadns.net. A IN NOERROR 0.254379 0 136
Apr 21 21:41:38 unbound[4774:0] reply: 127.0.0.1 de.wikipedia.org. A IN NOERROR 0.375796 0 79
Apr 21 21:41:39 unbound[4774:0] query: 127.0.0.1 login.wikimedia.org. A IN
Apr 21 21:41:39 unbound[4774:0] query: 127.0.0.1 upload.wikimedia.org. A IN
Apr 21 21:41:39 unbound[4774:0] query: 127.0.0.1 meta.wikimedia.org. A IN
Apr 21 21:41:39 unbound[4774:0] reply: 127.0.0.1 login.wikimedia.org. A IN NOERROR 0.169683 0 72
Apr 21 21:41:39 unbound[4774:0] reply: 127.0.0.1 meta.wikimedia.org. A IN NOERROR 0.169483 0 71
Apr 21 21:41:39 unbound[4774:0] reply: 127.0.0.1 upload.wikimedia.org. A IN NOERROR 0.170487 0 54
Apr 21 21:41:39 unbound[4774:0] query: 127.0.0.1 pd.itunes.apple.com. A IN
Apr 21 21:41:39 unbound[4774:0] reply: 127.0.0.1 pd.itunes.apple.com. A IN NOERROR 0.132009 0 176
Apr 21 21:41:41 unbound[4774:0] query: 127.0.0.1 www.google.de. A IN
Apr 21 21:41:41 unbound[4774:0] reply: 127.0.0.1 www.google.de. A IN NOERROR 0.080037 0 47
Apr 21 21:41:42 unbound[4774:0] query: 127.0.0.1 ssl.gstatic.com. A IN
Apr 21 21:41:43 unbound[4774:0] query: 127.0.0.1 consent.google.com. A IN
Apr 21 21:41:43 unbound[4774:0] reply: 127.0.0.1 ssl.gstatic.com. A IN NOERROR 0.301190 0 49
Apr 21 21:41:43 unbound[4774:0] reply: 127.0.0.1 consent.google.com. A IN NOERROR 0.145632 0 52
Apr 21 21:41:43 unbound[4774:0] query: 127.0.0.1 www.gstatic.com. A IN
Apr 21 21:41:43 unbound[4774:0] reply: 127.0.0.1 www.gstatic.com. A IN NOERROR 0.059007 0 49
Apr 21 21:41:44 unbound[4774:0] query: 127.0.0.1 www.apple.com. A IN
Apr 21 21:41:44 unbound[4774:0] reply: 127.0.0.1 www.apple.com. A IN NOERROR 0.000000 1 182
Apr 21 21:41:45 unbound[4774:0] query: 127.0.0.1 apis.google.com. A IN
Apr 21 21:41:45 unbound[4774:0] reply: 127.0.0.1 apis.google.com. A IN NOERROR 0.116229 0 70
Apr 21 21:41:47 unbound[4774:0] query: 127.0.0.1 securemetrics.apple.com. A IN
Apr 21 21:41:47 unbound[4774:0] info: securemetrics.apple.com. always_nxdomain 127.0.0.1@38278 securemetrics.apple.com. A IN
Apr 21 21:41:47 unbound[4774:0] reply: 127.0.0.1 securemetrics.apple.com. A IN NXDOMAIN 0.000000 1 41
Apr 21 21:41:57 unbound[4774:0] query: 127.0.0.1 www.googletagservices.com. A IN
Apr 21 21:41:57 unbound[4774:0] info: www.googletagservices.com. always_nxdomain 127.0.0.1@33217 www.googletagservices.com. A IN
Apr 21 21:41:57 unbound[4774:0] reply: 127.0.0.1 www.googletagservices.com. A IN NXDOMAIN 0.000000 1 43
Apr 21 21:41:57 unbound[4774:0] query: 127.0.0.1 cdn.staticneo.com. A IN
Apr 21 21:41:57 unbound[4774:0] reply: 127.0.0.1 cdn.staticneo.com. A IN NOERROR 0.000000 1 67
Apr 21 21:41:57 unbound[4774:0] query: 127.0.0.1 emoji.tapatalk-cdn.com. A IN
Apr 21 21:41:57 unbound[4774:0] reply: 127.0.0.1 emoji.tapatalk-cdn.com. A IN NOERROR 0.000000 1 72
Apr 21 21:41:57 unbound[4774:0] query: 127.0.0.1 uploads.tapatalk-cdn.com. A IN
Apr 21 21:41:57 unbound[4774:0] reply: 127.0.0.1 uploads.tapatalk-cdn.com. A IN NOERROR 0.000000 1 74
Apr 21 21:41:57 unbound[4774:0] query: 127.0.0.1 www.google-analytics.com. A IN
Apr 21 21:41:57 unbound[4774:0] info: google-analytics.com. always_nxdomain 127.0.0.1@25901 www.google-analytics.com. A IN
Apr 21 21:41:57 unbound[4774:0] reply: 127.0.0.1 www.google-analytics.com. A IN NXDOMAIN 0.000000 1 42
Apr 21 21:41:57 unbound[4774:0] query: 127.0.0.1 clarium.global.ssl.fastly.net. A IN
Apr 21 21:41:57 unbound[4774:0] reply: 127.0.0.1 clarium.global.ssl.fastly.net. A IN NOERROR 0.000000 1 63
Apr 21 21:41:58 unbound[4774:0] query: 127.0.0.1 c.amazon-adsystem.com. A IN
Apr 21 21:41:58 unbound[4774:0] info: c.amazon-adsystem.com. always_nxdomain 127.0.0.1@46691 c.amazon-adsystem.com. A IN
Apr 21 21:41:58 unbound[4774:0] reply: 127.0.0.1 c.amazon-adsystem.com. A IN NXDOMAIN 0.000000 1 39
Apr 21 21:41:58 unbound[4774:0] query: 127.0.0.1 ib.adnxs.com. A IN
Apr 21 21:41:58 unbound[4774:0] info: ib.adnxs.com. always_nxdomain 127.0.0.1@37425 ib.adnxs.com. A IN
Apr 21 21:41:58 unbound[4774:0] reply: 127.0.0.1 ib.adnxs.com. A IN NXDOMAIN 0.000000 1 30
Apr 21 21:41:58 unbound[4774:0] query: 127.0.0.1 pagead2.googlesyndication.com. A IN
Apr 21 21:41:58 unbound[4774:0] info: pagead2.googlesyndication.com. always_nxdomain 127.0.0.1@46256 pagead2.googlesyndication.com. A IN
Apr 21 21:41:58 unbound[4774:0] reply: 127.0.0.1 pagead2.googlesyndication.com. A IN NXDOMAIN 0.000000 1 47

So installing scribe can avoid this topic?

 

[figorr]

Odd, seems you do not have either the log or the stats scheduled. This is fixed by running:

/jffs/addons/unbound/unbound_stats.sh install

Let me know if that gets stats going every hour. This should have been called by unbound_manager.sh, perhaps during upgrade something is missed... hmm..

Thank you. Everything is fine now.

 

[juched]

So installing scribe can avoid this topic?

Yes, but I pushed a fix to dev. Can you try it?

run the "sgui dev" command from the advanced menu and it should get the latest and install. If fixed it should generate proper log info when no using scribe (syslog-ng).

Thanks for reporting this.

 

[Chris0815]

Yes, but I pushed a fix to dev. Can you try it?

run the "sgui dev" command from the advanced menu and it should get the latest and install. If fixed it should generate proper log info when no using scribe (syslog-ng).

Thanks for reporting this.

I run the command "sgui dev".

    unbound_stats.sh downloaded successfully Github 'dev/development' branch
    unboundstats_www.asp downloaded successfully Github 'dev/development' branch
    unbound_log.sh downloaded successfully Github 'dev/development' branch

So I think installation worked fine so far.
I restarted unbound, but still get this result in the GUI, even after updating the starts.

UPDATE:
I executet "sgui dev" again, followed by unbound restart "rs". And now it works, still showing the old entries in the log. So its working without scribe. Thank you juched!
Sorry that I cannot state the reason what happen the first time I tried to implement your solution...

 

[Chris0815]

One more question regarding logging. If I disable logging by command "lx" it shows:

A:Option ==> lx
unbound logging DISABLED

When I type "?" then it still shows that logging in still activated:

A:Option ==> ?

    Version=3.05
    Local                        md5=d3c0245a78f789d14f80de41f36d1ced
    Github                        md5=d3c0245a78f789d14f80de41f36d1ced
    /jffs/addons/unbound/unbound_manager.md5    md5=d3c0245a78f789d14f80de41f36d1ced

    Router Configuration recommended pre-reqs status:

    [✔] Swapfile=2097148 kB
    [✔] DNS Filter=ON
    [✔] DNS Filter=ROUTER
    [✔] WAN: Use local caching DNS server as system resolver=NO
    [✔] Enable local NTP server=YES
    [✔] Enable DNS Rebind protection=NO
    [✔] Enable DNSSEC support=NO

    Options: Auto Reply='y' for User Selectable Options ('1 3 4') unbound Logging,Ad Block,Performance Tweaks

    [✔] unbound Logging
    [✔] Ad and Tracker Blocking (No. of Adblock domains=54678,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED
    [✔] unbound requests via VPN Client 1 (10.8.3.4) tunnel ENABLED
    [✔] DNS Firewall ENABLED

And what should be the change in unbound.config when enable/disable logging by "lo/lx"?
Do I need the logging being enabled to see the statistics in the GUI?

 

[Martineau]

One more question regarding logging.

As previously stated, currently there is no housekeeping for the native unbound log '/opt/var/lib/unbound/unbound.log' - hence the attempt to encourage scribe/syslog-ng logging and discourage native unbound logging e.g. 130MB unbound log!!!

Other problems can and do occur with DNS logging i.e. excessive CPU usage etc., so usually the advice is that the logging feature should only be used temporarily for debugging real DNS issues.

The default 'unbound.conf' directives

Spoiler: Logging defaults in 'unbound.conf'

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
#log-queries: yes
#log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Recommended to let scribe/syslog-ng handle the log(s); (i.e. No housekeeping for 'logfile')
#log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

are such that when unbound is first installed/started, they allow only 4 or 5 lines to be written to '/opt/var/lib/unbound/unbound.log' (simply to prove that unbound successfully initialised)

And what should be the change in unbound.config when enable/disable logging by "lo/lx"?

Commands 'lo'/'lx' do not alter the contents of 'unbound.conf' so the native unbound logging is dynamic, and thus stops (inveterate tinkerers give it a rest! ) when unbound is restarted.

Do I need the logging being enabled to see the statistics in the GUI?

Not for the basic cache stats, but @juched's Graphical Statistics TAB mainly requires logging, so the loss of dynamic logging does have an impact, so ideally I propose......once @juched's script has extracted its metrics from the '/opt/var/lib/unbound/unbound.log' then if it is say >10MB then @juched's script should delete it.

If I disable logging by command "lx" it shows:

A:Option ==> lx
unbound logging DISABLED

When I type "?" then it still shows that logging in still activated:

A:Option ==> ?

    [✔] unbound Logging

​

For the incorrect status, the script still checks for either

log-queries: yes
log-replies: yes

in 'unbound.conf' (or dynamically set) to indicate ACTIVE logging, so I'll push a release to correct this.

 

[Martineau]

One more question regarding logging. If I disable logging by command "lx" it shows:

A:Option ==> lx
unbound logging DISABLED

When I type "?" then it still shows that logging in still activated:

@Chris0815 , I've hacked the logic for the logging implementation, would you mind giving v3.06Beta test?

e  = Exit Script [?]

A:Option ==> uf dev

 unbound_manager.sh downloaded successfully Github 'dev/development' branch

Please try the 'lo'/'lx' sequence a few times to check the status etc.

NOTE: 'lo' now immediately auto-opens the logfile

A:Option ==> lo

unbound logging ENABLED

/opt/var/lib/unbound/unbound.log        Press CTRL-C to stop

Apr 22 13:31:30 unbound[19766:0] query: 127.0.0.1 cdn.samsungcloudsolution.com. A IN
Apr 22 13:31:30 unbound[19766:0] reply: 127.0.0.1 cdn.samsungcloudsolution.com. A IN NOERROR 0.000000 1 214
Apr 22 13:31:32 unbound[19766:0] query: 127.0.0.1 checkip.dyndns.com. A IN
Apr 22 13:31:32 unbound[19766:0] reply: 127.0.0.1 checkip.dyndns.com. A IN NOERROR 0.000000 1 116
Apr 22 13:31:35 unbound[19766:0] query: 127.0.0.1 cdn.samsungcloudsolution.com. A IN
Apr 22 13:31:35 unbound[19766:0] reply: 127.0.0.1 cdn.samsungcloudsolution.com. A IN NOERROR 0.000000 1 214
Apr 22 13:31:40 unbound[19766:0] query: 127.0.0.1 cdn.samsungcloudsolution.com. A IN
Apr 22 13:31:40 unbound[19766:0] reply: 127.0.0.1 cdn.samsungcloudsolution.com. A IN NOERROR 0.000000 1 214
Apr 22 13:31:41 unbound_manager: 'lx':  ============================================================== Stopped
Apr 22 13:31:45 unbound_manager: 'lo':  ============================================================== Started

and eye-catchers are written to the log to show when the 'lo'/'lx' commands were issued by 'unbound_manager'

Also I've implemented '/opt/var/lib/unbound/unbound.log' housekeeping by cron @00:01 daily (this shouldn't impact @juched's daily stats cron jobs which is @ hh:57 & hh:59)

 

[juched]

As previously stated, currently there is no housekeeping for the native unbound log '/opt/var/lib/unbound/unbound.log' - hence the attempt to encourage scribe/syslog-ng logging and discourage native unbound logging e.g. 130MB unbound log!!!

Other problems can and do occur with DNS logging i.e. excessive CPU usage etc., so usually the advice is that the logging feature should only be used temporarily for debugging real DNS issues.

The default 'unbound.conf' directives

Spoiler: Logging defaults in 'unbound.conf'

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
#log-queries: yes
#log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Recommended to let scribe/syslog-ng handle the log(s); (i.e. No housekeeping for 'logfile')
#log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

are such that when unbound is first installed/started, they allow only 4 or 5 lines to be written to '/opt/var/lib/unbound/unbound.log' (simply to prove that unbound successfully initialised)

Commands 'lo'/'lx' do not alter the contents of 'unbound.conf' so the native unbound logging is dynamic, and thus stops (inveterate tinkerers give it a rest! ) when unbound is restarted.

Not for the basic cache stats, but @juched's Graphical Statistics TAB mainly requires logging, so the loss of dynamic logging does have an impact, so ideally I propose......once @juched's script has extracted its metrics from the '/opt/var/lib/unbound/unbound.log' then if it is say >10MB then @juched's script should delete it.

​

For the incorrect status, the script still checks for either

log-queries: yes
log-replies: yes

in 'unbound.conf' (or dynamically set) to indicate ACTIVE logging, so I'll push a release to correct this.

The log script does clean up certain log entries after being processed to reduce size. For example all reply/nx_domain/rpz/transparent/static entries are removed.

This should greatly reduce the growth of the log.

@Martineau, if you would like, I could introduce more log cleaning right at the time of processing, to avoid the need for another cron if you like.

 

[Martineau]

If you would like, I could introduce more log cleaning right at the time of processing, to avoid the need for another cron if you like.

If you have the time that would be good, but what if someone enables native unbound logging and doesn't require/install your scripts?

 

[juched]

If you have the time that would be good, but what if someone enables native unbound logging and doesn't require/install your scripts?

True, good point. Who would do such at thing?

The hope is that if SGUI is installed, then you can avoid other log cleanup needing to be run. Or, perhaps I just call your log cleanup function, and then you can only install your cron when SGUI is not enabled. Thoughts?

 

[Chris0815]

@Chris0815 , I've hacked the logic for the logging implementation, would you mind giving v3.06Beta test?

Never thought becoming one of a Beta-Tester... for sure...

Please try the 'lo'/'lx' sequence a few times to check the status etc.

Its working perfectly!

NOTE: 'lo' now immediately auto-opens the logfile

Good idea!

and eye-catchers are written to the log to show when the 'lo'/'lx' commands were issued by 'unbound_manager'

Very good idea - I lpersonally ike this visual effect because then it gets clear what happens between certain events!

Also I've implemented '/opt/var/lib/unbound/unbound.log' housekeeping by cron @00:01 daily (this shouldn't impact @juched's daily stats cron jobs which is @ hh:57 & hh:59)

cron Job shows the following - seems there is a new entry but no timing?

Administrator@RT-AC86U-6A50:/tmp/home/root# cru l
12 4 * * * curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#
*/2 * * * * /etc/openvpn/server1/vpns-watchdog1.sh #CheckVPNServer1#
*/2 * * * * /etc/openvpn/server2/vpns-watchdog2.sh #CheckVPNServer2#
*/15 * * * * /jffs/addons/unbound/unbound_rpz.sh download #Unbound_RPZ.sh#
0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh #adblock#
59 * * * * /jffs/addons/unbound/unbound_stats.sh generate #Unbound_Stats.sh#
57 * * * * /jffs/addons/unbound/unbound_log.sh #Unbound_Log.sh#
 #unboundLOG#

One thing that I realized during some installation trails:
During Install I skipped the logging feature (hitting "Enter")
But logging is indicated as installed at the end.

############################################################################################################################################################################## 100.0%
Retrieving Custom unbound configuration
    unbound.conf downloaded successfully
Checking IPv6.....
Customising unbound configuration Options:

Do you want to ENABLE unbound logging? (NO recommended)

    Reply 'y' or press ENTER  to skip

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

Do you want to optimise Performance/Memory parameters? (YES recommended)

    Reply 'y' or press [Enter]  to skip
y
Customising unbound Performance/Memory 'proc/sys/net' parameters
    stuning downloaded successfully
Applying unbound Performance/Memory tweaks using '/jffs/addons/unbound/stuning'
TCP Fast Open ENABLED in '/jffs/addons/unbound/stuning'

Do you want to DISABLE Firefox DNS-over-HTTPS (DoH)? (USA users)

    Reply 'y' or press [Enter]  to skip


unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

 Shutting down unbound...              done.
 Starting unbound...              done.

Checking status, please wait..... unbound OK

Manual install unbound Customisation complete 0 minutes and 27 seconds elapsed - Please wait for up to 10 seconds for status.....


    Installation of unbound completed


    Router Configuration recommended pre-reqs status:

    [✔] Swapfile=2097148 kB
    [✔] DNS Filter=ON
    [✔] DNS Filter=ROUTER
    [✔] WAN: Use local caching DNS server as system resolver=NO
    [✔] Enable local NTP server=YES
    [✔] Enable DNS Rebind protection=NO
    [✔] Enable DNSSEC support=NO

    Options:

    [✔] unbound Logging
    [✔] Ad and Tracker Blocking (No. of Adblock domains=54678,Blocked Hosts=0,Whitelist=19)
    [✔] unbound CPU/Memory Performance tweaks
    [✔] Router Graphical GUI statistics TAB installed
    [✔] unbound-control FAST response ENABLED

As you mentioned I can deactivate it by "lx" but on a restart it is still active again and I have no possibility to deactivate in general by any command?

UPDATE:
Here is the current config after the installation by "1"

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
log-tag-queryreply: yes                     # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
#log-queries: yes
#log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Recommended to let scribe/syslog-ng handle the log(s); (i.e. No housekeeping for 'logfile')
#log-local-actions: yes                     # v1.02 @Martineau ('yes' required for @juched's Graphical Ad Block statistics)
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

 

[Martineau]

Never thought becoming one of a Beta-Tester... for sure...

Appreciate your time and debugging feedback

cron Job shows the following - seems there is a new entry but no timing?

    #unboundLOG#

Please download the latest v3.06 Beta

e  = Exit Script [?]

A:Option ==> uf dev

then ENABLE logging

e  = Exit Script [?]

A:Option ==> lo

and see if the #unboundLOG# cron job is correctly displayed.

 

[Chris0815]

and see if the #unboundLOG# cron job is correctly displayed.

Administrator@RT-AC86U-6A50:/tmp/home/root# cru l
12 4 * * * curl -o \/opt\/var\/lib\/unbound\/root\.hints https://www.internic.net/domain/named.cache #root_servers#
*/2 * * * * /etc/openvpn/server1/vpns-watchdog1.sh #CheckVPNServer1#
*/2 * * * * /etc/openvpn/server2/vpns-watchdog2.sh #CheckVPNServer2#
*/15 * * * * /jffs/addons/unbound/unbound_rpz.sh download #Unbound_RPZ.sh#
0 5 * * * /opt/var/lib/unbound/adblock/gen_adblock.sh #adblock#
59 * * * * /jffs/addons/unbound/unbound_stats.sh generate #Unbound_Stats.sh#
57 * * * * /jffs/addons/unbound/unbound_log.sh #Unbound_Log.sh#
1 0 * * * /opt/bin/find /opt/var/log/unbound.log -size +10M -exec rm -f {} \; #unboundLOG#

So to unterstand for beginners like me: if enabled logging, this cron will cut "/opt/var/log/unbound.log" once a day back to 10MB?
Or resting my Router completely ?