Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Stephen Harrington]

Well done! Wow!!
Only minor hiccup I had was that after doing “sgui” to update I ended up with two Unbound tabs. A reboot fixed it. I’m guessing an “sgui uninstall” followed by an “sgui” to update may have avoided this maybe?

 

[Martineau]

Well done! Wow!!
Only minor hiccup I had was that after doing “sgui” to update I ended up with two Unbound tabs. A reboot fixed it. I’m guessing an “sgui uninstall” followed by an “sgui” to update may have avoided this maybe?

Already fixed in unbound_manager (unreleased v2.15)

A:Option ==> sgui

unbound-control set_option 'extended-statistics yes' ok

Do you want to add router GUI TAB to Graphically display stats?

    Reply 'y' or press [Enter]  to skip
y

    Installing @juched's GUI TAB to Graphically display unbound stats.....
    unbound_stats.sh downloaded successfully
    unboundstats_www.asp downloaded successfully

    unbound GUI graphical stats TAB already installed!

@juched …. probably 'unbound_stats.sh install' should check before creating a duplicate?

 

[martinr]

Well done! Wow!!
Only minor hiccup I had was that after doing “sgui” to update I ended up with two Unbound tabs. A reboot fixed it. I’m guessing an “sgui uninstall” followed by an “sgui” to update may have avoided this maybe?

Thanks for that: reboot fixed it for me. I was so enthralled by it all, it didn’t strike me as odd that there were 2 tabs.

 

[Cam]

Tangible improvement - so I have added 'fastmenu [disable]' command to unbound_manager (unreleased v2.15)

You should use a Unix socket for maximum speed!

 control-interface: "/opt/var/run/unbound.socket"

Sent from my Nokia 7 plus using Tapatalk

 

[Martineau]

I've uploaded v2.15 and unbound.conf v1.07

Version=2.15
Github md5=8ee7c25c9f60397010996dce42b15b8b​

Use of the 'i = Update unbound Installation' **REQUIRED**

FIX: 'rs' command didn't use/reapply 'unbound.conf.add' or 'unbound.postconf' if they existed
CHANGE: @juched has generously taken ownership, and now hosts/maintains the Ad Block feature i.e. 'gen_adblock.sh' so use @juched's GitHub.

If you already have Ad Block installed, you will need to manually move the existing 'blockhost'

mv /opt/var/lib/unbound/adblock/blockhost /opt/share/unbound/configs

and (if necessary backup 'permlist') then reinstall Ad Block to retrieve the new files:

e  = Exit Script

A:Option ==> i 3

Also to exploit the three custom lists, they are never overwritten if they exist:

Option Auto Reply 'y' Installing Ads and Tracker Blocking.....
    adblock/gen_adblock.sh downloaded successfully
    adblock/permlist downloaded successfully
Custom '/opt/share/unbound/configs/sites' already exists - 'adblock/sites' download skipped
Custom '/opt/share/unbound/configs/blockhost' already exists - 'adblock/blockhost' download skipped
Custom '/opt/share/unbound/configs/allowhost' already exists - 'adblock/allowhost' download skipped
Executing '/opt/var/lib/unbound/adblock/gen_adblock.sh'.....
Removing possible temporary files..
Processsing hosts file @ https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
######################################################################## 100.0%
Combining User Custom block host...
Edit User Custon list of allowed domains...
Removing duplicate formatting from the domain list...
51369 domains compiled
Generating Unbound adlist.....
Removing temporary files...
Restarting Unbound DNS server...
/opt/share/unbound/configs/cache.tmp
 Shutting down unbound...              done.
 Starting unbound...              done.
Adding Ad and Tracker 'include: /opt/var/lib/unbound/adblock/adservers'
Creating Daily cron job for Ad and Tracker update
 Shutting down unbound...              done.
 Starting unbound...              done.

CHANGE: After 'sgui' command is used to install the unbound Graphical statistics GUI TAB, 'sgui' is removed from menu option list.

Also, 's+' 'extended-statistics' is now automatically ENABLED when 'sgui' used.​

FIX: Prevent 'sgui' from executing 'unbound_stats.sh install' if Graphical Statistics TAB already exists (does 'unbound_stats.sh install' prevent duplicates anyway?) see this
NEW: 'ew/eb/ec/el' commands allow editing of the Ad Block files ("Whitelist/Blacklist/Config") used by @juched's Ad Block script ('gen_adblock.sh')

unbound (pid 3080) is running... uptime: 0 Days, 00:22:44 version: 1.9.6 # rgnldo Github Version=v1.06 Martineau update (Date Loaded by unbound_manager Mon Mar 2 13:09:29 GMT 2020)
i  = Update unbound Installation ('/opt/var/lib/unbound/')      l  = Show unbound log entries (lo=Enable Logging)
z  = Remove unbound/unbound_manager Installation                v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit)
x  = Stop unbound                                               vb = Backup current (/opt/var/lib/unbound/unbound.conf) Configuration
                                                                rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                        oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'
sd = Show dnsmasq Statistics/Cache Size                         s  = Show unbound Extended statistics (s=Summary Totals; sa=All; s-=Disable Extended Stats)
                                                                fastmenu = Disable SLOW unbound-control LAN SSL cert validation
scribe = Enable scribe (syslog-ng) unbound logging              ad = Analyse Diversion White/Black lists ([ file_name [type=adblock] ])
                                                                ew = Edit Ad Block Whitelist (eb=Blacklist; ec=Config; el {Ad Block file})
dumpcache = Manually use restorecache after REBOOT              ca = Cache Size Optimisation  ([ 'reset' ])
dig = {domain} Show dig info e.g. dig qnamemintest.internet.nl  lookup = {domain} Show the name servers used for domain e.g. lookup asciiart.eu
dnsinfo = {dns} Show DNS Server e.g. dnsinfo                    dnssec = {url} Show DNSSEC Validation Chain e.g. dnssec www.snbforums.com
links = Show list of external URL links

e  = Exit Script
[Enter] Leave Advanced Tools Menu

NEW: 'fastmenu [disable]' command will DISABLE unbound-control SSL cert validation on the LAN, for faster response (menu drawing etc.)

 

[Seij]

Running into some installer issues. While installing adblock (fresh and also upgrade) I keep running into one of these two errors:

1)
/opt/share/unbound/configs/cache.tmp
error: SSL handshake failed
716656640:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:


2) [1583244516] unbound-control[22145:0] error: connect: Connection refused for 127.0.0.1 port 953

 

[Martineau]

Running into some installer issues. While installing adblock (fresh and also upgrade) I keep running into one of these two errors:

1)
/opt/share/unbound/configs/cache.tmp
error: SSL handshake failed
716656640:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:


2) [1583244516] unbound-control[22145:0] error: connect: Connection refused for 127.0.0.1 port 953

EDIT: Have you tried 'rs' rstart command?

I suspect the Ad Block script 'gen_adblock.sh' is trying to restore the saved cache after it has requested the necessary restart of unbound, and unbound isn't fully UP?​

​

Perhaps @juched can confirm or add a sleep delay before attempting the cache restore?​

 

[juched]

Already fixed in umbound_manager (unreleased v2.15)

View attachment 21729

A:Option ==> sgui

unbound-control set_option 'extended-statistics yes' ok

Do you want to add router GUI TAB to Graphically display stats?

    Reply 'y' or press [Enter]  to skip
y

    Installing @juched's GUI TAB to Graphically display unbound stats.....
    unbound_stats.sh downloaded successfully
    unboundstats_www.asp downloaded successfully

    unbound GUI graphical stats TAB already installed!

@juched …. probably 'unbound_stats.sh install' should check before creating a duplicate?

You shouldn't have to check if it is already installed. I tried to handle this in the "install" command to find the existing md5 if the www ASP file changes.

It would be best to just always call "install" from now on, and it will take care of it. It will fail this first time unfortunately.

If you don't call "install" then the new file isn't installed.

 

[Martineau]

You shouldn't have to check if it is already installed. I tried to handle this in the "install" command to find the existing md5 if the www ASP file changes.

It would be best to just always call "install" from now on, and it will take care of it. It will fail this first time unfortunately.

If you don't call "install" then the new file isn't installed.

Ok, I've pushed a Hotfix commit

  u = Update (Minor Hotfix) unbound_manager v2.15 -> v2.15

Version=2.15
Github                        md5=812c26eb7236fd86a06fc7b41f75e8a7

 

[L&LD]

Updated to v2.15 earlier (not the hotfix version) and remotely rebooted my RT-AX88U.

No access now.

I had enabled logging, CPU/memory optimizations, fastmenu, and scribe. I had not allowed unbound to use the previous configuration (confirmed I was running v1.07).

Has anyone else rebooted after the first v2.15 was released? Has the hotfix fixed it?

I can't really update this post unless I get a chance to swing by the house later.

Please stay tuned, but will greatly appreciate any response that may be provided.

 

[Martineau]

Updated to v2.15 earlier (not the hotfix version) and remotely rebooted my RT-AX88U.

No access now.

I had enabled logging, CPU/memory optimizations, fastmenu, and scribe. I had not allowed unbound to use the previous configuration (confirmed I was running v1.07).

Has anyone else rebooted after the first v2.15 was released? Has the hotfix fixed it?

I doubt the v2.15 Hotfix would be relevant to your remote access issue - it simply reinstates the original v2.14 behaviour to allow 'sgui' to be requested (unrestricted) several times in succession.

 

[L&LD]

Thanks, @Martineau. I don't need it for the remote access right now, just wondering if anything else may have been fixed with it.

(To be clear, still no remote access).

 

[Martineau]

Thanks, @Martineau. I don't need it for the remote access right now, just wondering if anything else may have been fixed with it.

Nope... full disclosure of my hacks are available on Github...... see the actual Hotfix in post 849

I have indeed successfully uninstalled/restalled unbound_manager v2.15 several times on my RT-AC86U (with a couple of REBOOTs) so unless I've borked 'unbound.conf' v1.07 I'm not sure what else I could have broken.

 

[Martineau]

It will fail this first time unfortunately.

Is this what you mean..

e  = Exit Script

A:Option ==> sgui

unbound-control set_option 'extended-statistics yes' ok

Do you want to add router GUI TAB to Graphically display stats?

    Reply 'y' or press [Enter]  to skip
y

    Installing @juched's GUI TAB to Graphically display unbound stats.....
    unbound_stats.sh downloaded successfully
    unboundstats_www.asp downloaded successfully
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
Mounting Unbound_Stats.sh WebUI page as user4.asp
Saving MD5 of installed file /jffs/addons/unbound/unboundstats_www.asp to /jffs/addons/unbound/www-installed.md5
Calculated Cache Hit Percentage: 41.67
Adding new value to DB...
Calculating Daily data...
Calculating Weekly and Monthly data...
Outputting histogram performance data...
Outputting answers data...

 

[Martineau]

View attachment 21727

FYI...minor typo 'answerd'

 

[martinr]

Updated to v2.15 earlier (not the hotfix version) and remotely rebooted my RT-AX88U.

No access now.

I had enabled logging, CPU/memory optimizations, fastmenu, and scribe. I had not allowed unbound to use the previous configuration (confirmed I was running v1.07).

Has anyone else rebooted after the first v2.15 was released? Has the hotfix fixed it?

I can't really update this post unless I get a chance to swing by the house later.

Please stay tuned, but will greatly appreciate any response that may be provided.

I rebooted my RT-AC68U from the webui after installing 2.15 (not the hotfix) and had no problem accessing the webui afterwards.

 

[juched]

Is this what you mean..

e  = Exit Script

A:Option ==> sgui

unbound-control set_option 'extended-statistics yes' ok

Do you want to add router GUI TAB to Graphically display stats?

    Reply 'y' or press [Enter]  to skip
y

    Installing @juched's GUI TAB to Graphically display unbound stats.....
    unbound_stats.sh downloaded successfully
    unboundstats_www.asp downloaded successfully
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
Mounting Unbound_Stats.sh WebUI page as user4.asp
Saving MD5 of installed file /jffs/addons/unbound/unboundstats_www.asp to /jffs/addons/unbound/www-installed.md5
Calculated Cache Hit Percentage: 41.67
Adding new value to DB...
Calculating Daily data...
Calculating Weekly and Monthly data...
Outputting histogram performance data...
Outputting answers data...

Yes, from now on it remembers the md5 of what WAS installed so next time it can find the right tab

 

[juched]

FYI...minor typo 'answerd'

Doh, getting into flow at too late at night. Spelling is impacted.

Thanks, will fix.

 

[juched]

EDIT: Have you tried 'rs' rstart command?

I suspect the Ad Block script 'gen_adblock.sh' is trying to restore the saved cache after it has requested the necessary restart of unbound, and unbound isn't fully UP?

Perhaps @juched can confirm or add a sleep delay before attempting the cache restore?​

I can change it to use your restart command. That should address this right?

--- edit ---

Yes, it seems to. Pushed to github. Now it uses the offical unbound_manager.sh restart command which has checks and delays for the reload. My RT-AX88U is so fast it wasn't an issue. Thank you for pointing this out.

 

[L&LD]

Thanks to all the above. Not sure what the issue was (possibly the ONT acting up?).

I came by and rebooted the router and updated Unbound (minor -> v2.15) and all is good again.

Thank you @juched, great job adding the graphs for us and thank you to @Jack Yaz too, of course.