Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[Khadanja]

It looks like your cru l lines were missing, and unbound did not install properly.

So what do I do to fix it. Already formatted the USB drive twice & installed form scratch.

 

[SomeWhereOverTheRainBow]

So what do I do to fix it. Already formatted the USB drive twice & installed form scratch.

Follow the install process correctly using instructions from the first page and the github if necessary. I am not able to replicate your issues, so I do not understand where the flaw in the process is. Or where the procedure failures is happening. Maybe post you whole ssh session with copy and paste so people can see what is happening when you install.

 

[Khadanja]

Follow the install process correctly using instructions from the first page and the github if necessary. I am not able to replicate your issues, so I do not understand where the flaw in the process is. Or where the procedure failures is happening. Maybe post you whole ssh session with copy and paste so people can see what is happening when you install.

I did. Tried just now again with the one line command from github-

mkdir /jffs/addons 2>/dev/null;mkdir /jffs/addons/unbound 2>/dev/null; curl --retry 3 "https://raw.githubusercontent.com/MartineauU
K/Unbound-Asuswrt-Merlin/master/unbound_manager.sh" -o "/jffs/addons/unbound/unbound_manager.sh" && chmod 755 "/jffs/addons/unbound/unbound_manager.sh" && /jffs/addons/
unbound/unbound_manager.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 175k 100 175k 0 0 174k 0 0:00:01 0:00:01 --:--:-- 177k
Creating 'unbound_manager' alias
+======================================================================+
| Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
| |
| Version 2.18 by Martineau |
| |
| Requirements: USB drive with Entware installed |
| |
| i = Install unbound DNS Server - Advanced Mode |
| o1. Enable unbound Logging |
| o2. Integrate with Stubby |
| o3. Install Ad and Tracker Blocking |
| o4. Customise CPU/Memory usage (Advanced Users) |
| o5. Disable Firefox DNS-over-HTTPS (DoH) (USA users) |
| o6. Install Graphical Statistics GUI (Addons) TAB |
| |
| z = Remove unbound/unbound_manager Installation |
| ? = About Configuration |
| |
| See SNBForums thread https://tinyurl.com/s89z3mm for helpful |
| user tips on unbound usage/configuration. |
+======================================================================+

i = Begin unbound Installation Process ('/opt/var/lib/unbound/')
z = Remove unbound/unbound_manager Installation
3 = Advanced Tools rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
? = About Configuration



e = Exit Script

A:Option ==> i

Router Configuration recommended pre-reqs status:

[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO

Options: unbound Advanced install - User will be prompted to install options


INSTALLing unbound
Entware package list successfully updated
Installing unbound-checkconf (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-checkconf_1.9.6-1_armv7-2.6.ipk
Installing unbound-daemon (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-daemon_1.9.6-1_armv7-2.6.ipk
Installing unbound-control-setup (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control-setup_1.9.6-1_armv7-2.6.ipk
Installing unbound-control (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control_1.9.6-1_armv7-2.6.ipk
Installing openssl-util (1.1.1d-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/openssl-util_1.1.1d-2_armv7-2.6.ipk
Package unbound-control (1.9.6-1) installed in root is up to date.
Installing unbound-anchor (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-anchor_1.9.6-1_armv7-2.6.ipk
Package unbound-daemon (1.9.6-1) installed in root is up to date.
Configuring openssl-util.
Configuring unbound-daemon.
Configuring unbound-checkconf.
Configuring unbound-control.
Configuring unbound-control-setup.
Configuring unbound-anchor.
unbound Entware packages 'unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon' successfully installed
Created project directory /opt/var/lib/unbound/adblock
Initialising 'unbound-control-setup' to generate SSL Keys
setup in directory /opt/var/lib/unbound
generating unbound_server.key
Generating RSA private key, 3072 bit long modulus
..................................................................++++
..................................................++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 3072 bit long modulus
...................................................................................................++++
..++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
Removing package unbound-control-setup from root...
Removing package openssl-util from root...
Package column (2.34-2) installed in root is up to date.
Entware package 'column' successfully installed
Package diffutils (3.7-2) installed in root is up to date.
Entware package 'diffutils' successfully installed
Package bind-dig (9.14.8-1) installed in root is up to date.
Entware package 'bind-dig' successfully installed
Package haveged (1.9.8-2) installed in root is up to date.
Entware package 'haveged' successfully installed
Updating S02haveged
S02haveged downloaded successfully
/opt/etc/init.d/S02haveged: .: line 13: can't open '/opt/etc/init.d/rc.func'
Customising 'dnsmasq.postconf' (aka '/jffs/addons/unbound/unbound.postconf')
^AUpdating S61unbound
S61unbound downloaded successfully
Generating unbound-anchor 'root.key'.....
Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
################################################################################################################################################################# 100.0%
Creating Daily (04:12) InterNIC Root DNS Servers cron job
Retrieving Custom unbound configuration
unbound.conf downloaded successfully
Checking IPv6.....
Customising unbound configuration Options:

Do you want to ENABLE unbound logging? (You can dynamically ENABLE/DISABLE Logging later from the main menu)

Reply 'y' or press ENTER to skip
y
/opt/var/run: No such file or directory
[1585561666] unbound-checkconf[12870:0] fatal error: pidfile directory does not exist
Restarting dnsmasq.....
Done.

***ERROR FATAL...ABORTing!

 

[SomeWhereOverTheRainBow]

Try installing without logging.

 

[Khadanja]

Try installing without logging.

This time it didn't even wait for me to confirm-
Do you want to ENABLE unbound logging? (You can dynamically ENABLE/DISABLE Logging later from the main menu)
Reply 'y' or press ENTER to skip
/opt/var/run: No such file or directory
[1585562005] unbound-checkconf[15504:0] fatal error: pidfile directory does not exist
Restarting dnsmasq.....
Done.
***ERROR FATAL...ABORTing!

 

[SomeWhereOverTheRainBow]

This time it didn't even wait for me to confirm-
Do you want to ENABLE unbound logging? (You can dynamically ENABLE/DISABLE Logging later from the main menu)
Reply 'y' or press ENTER to skip
/opt/var/run: No such file or directory
[1585562005] unbound-checkconf[15504:0] fatal error: pidfile directory does not exist
Restarting dnsmasq.....
Done.
***ERROR FATAL...ABORTing!

Try running option z first and then rerun the installer. The errors seem to occur from your unbound.conf file tho because it is failing to check it as a proper config file.

 

[Khadanja]

Try running option z first and then rerun the installer. The errors seem to occur from your unbound.conf file tho because it is failing to check it as a proper config file.

Same
| Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
| |
| Version 2.18 by Martineau |
| |
| Requirements: USB drive with Entware installed |
| |
| i = Install unbound DNS Server - Advanced Mode |
| o1. Enable unbound Logging |
| o2. Integrate with Stubby |
| o3. Install Ad and Tracker Blocking |
| o4. Customise CPU/Memory usage (Advanced Users) |
| o5. Disable Firefox DNS-over-HTTPS (DoH) (USA users) |
| o6. Install Graphical Statistics GUI (Addons) TAB |
| |
| z = Remove unbound/unbound_manager Installation |
| ? = About Configuration |
| |
| See SNBForums thread https://tinyurl.com/s89z3mm for helpful |
| user tips on unbound usage/configuration. |
+======================================================================+

i = Begin unbound Installation Process ('/opt/var/lib/unbound/')
z = Remove unbound/unbound_manager Installation
3 = Advanced Tools rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
? = About Configuration



e = Exit Script

A:Option ==> i

Router Configuration recommended pre-reqs status:

[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO

Options: unbound Advanced install - User will be prompted to install options


INSTALLing unbound
Entware package list successfully updated
Installing unbound-checkconf (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-checkconf_1.9.6-1_armv7-2.6.ipk
Installing unbound-daemon (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-daemon_1.9.6-1_armv7-2.6.ipk
Installing unbound-control-setup (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control-setup_1.9.6-1_armv7-2.6.ipk
Installing unbound-control (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-control_1.9.6-1_armv7-2.6.ipk
Installing openssl-util (1.1.1d-2) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/openssl-util_1.1.1d-2_armv7-2.6.ipk
Package unbound-control (1.9.6-1) installed in root is up to date.
Installing unbound-anchor (1.9.6-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/unbound-anchor_1.9.6-1_armv7-2.6.ipk
Package unbound-daemon (1.9.6-1) installed in root is up to date.
Configuring openssl-util.
Configuring unbound-daemon.
Configuring unbound-checkconf.
Configuring unbound-control.
Configuring unbound-control-setup.
Configuring unbound-anchor.
unbound Entware packages 'unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon' successfully installed
Created project directory /opt/var/lib/unbound/adblock
Initialising 'unbound-control-setup' to generate SSL Keys
setup in directory /opt/var/lib/unbound
generating unbound_server.key
Generating RSA private key, 3072 bit long modulus
....................++++
...........................++++
e is 65537 (0x10001)
generating unbound_control.key
Generating RSA private key, 3072 bit long modulus
..................................................................................................................................................................................................++++
...................................++++
e is 65537 (0x10001)
create unbound_server.pem (self signed certificate)
create unbound_control.pem (signed client certificate)
Signature ok
subject=/CN=unbound-control
Getting CA Private Key
Setup success. Certificates created. Enable in unbound.conf file to use
Removing package unbound-control-setup from root...
Removing package openssl-util from root...
Package column (2.34-2) installed in root is up to date.
Entware package 'column' successfully installed
Package diffutils (3.7-2) installed in root is up to date.
Entware package 'diffutils' successfully installed
Package bind-dig (9.14.8-1) installed in root is up to date.
Entware package 'bind-dig' successfully installed
Package haveged (1.9.8-2) installed in root is up to date.
Entware package 'haveged' successfully installed
Updating S02haveged
S02haveged downloaded successfully
/opt/etc/init.d/S02haveged: .: line 13: can't open '/opt/etc/init.d/rc.func'
Customising 'dnsmasq.postconf' (aka '/jffs/addons/unbound/unbound.postconf')
Updating S61unbound
S61unbound downloaded successfully
Generating unbound-anchor 'root.key'.....
Retrieving the 13 InterNIC Root DNS Servers from 'https://www.internic.net/domain/named.cache'.....
################################################################################################################################################################# 100.0%
Creating Daily (04:12) InterNIC Root DNS Servers cron job
Retrieving Custom unbound configuration
unbound.conf downloaded successfully
Checking IPv6.....
Customising unbound configuration Options:

Do you want to ENABLE unbound logging? (You can dynamically ENABLE/DISABLE Logging later from the main menu)

Reply 'y' or press ENTER to skip

/opt/var/run: No such file or directory
[1585562629] unbound-checkconf[6484:0] fatal error: pidfile directory does not exist
Restarting dnsmasq.....
Done.

***ERROR FATAL...ABORTing!

 

[Khadanja]

Should I start from scratch again. Format jffs, format USB, install entware, create swap file then again install unbound? I did this just before & installed Skynet, Diversion which are running fine.

 

[SomeWhereOverTheRainBow]

Should I start from scratch again. Format jffs, format USB, install entware, create swap file then again install unbound? I did this just before & installed Skynet, Diversion which are running fine.

it wouldn't hurt, but i imagine if you have any old unbound files lingering around, that could also be causing this issue.

 

[Khadanja]

it wouldn't hurt, but i imagine if you have any old unbound files lingering around, that could also be causing this issue.

I might just reset the router too in the case? If the old unbound files were lingering around only in USB then USB format would have fixed this issue.

 

[SomeWhereOverTheRainBow]

I might just reset the router too in the case? If the old unbound files were lingering around only in USB then USB format would have fixed this issue.

Have you tested to see that unbound is in fact not working after installing by trying to load a browser or running a dig test just to confirm this isn't a glitch in the install process?

 

[dave14305]

Should I start from scratch again. Format jffs, format USB, install entware, create swap file then again install unbound? I did this just before & installed Skynet, Diversion which are running fine.

How are you installing Entware? Some key files and directories seem to be missing based on your output.

 

[Khadanja]

How are you installing Entware? Some key files and directories seem to be missing based on your output.

I was installing through amtm. Have now reset the router, formatted USB using amtm,created swap file, installed entware again and then installed unbound without logging & adblocking, seems fine now. Now installing skynet then will install diversion.

 

[juched]

I was installing through amtm. Have now reset the router, formatted USB using amtm,created swap file, installed entware again and then installed unbound without logging & adblocking, seems fine now. Now installing skynet then will install diversion.

Curious, what does:

 ls -l /jffs/addons/unbound/unbound_stats.sh

show?

I see a small bug in the unbound_manager.sh, so it may not be executable. if you do not see RWX, the you need to make the script executable via:

chmod +x  /jffs/addons/unbound/unbound_stats.sh

And then run:

/jffs/addons/unbound/unbound_stats.sh install

 

[dave14305]

I see a small bug in the unbound_manager.sh, so it may not be executable. if you do not see RWX, the you need to make the script executable via:

It won't need the executable bit set if its prepended with sh.

EDIT: nevermind, I think you mean after the install.

 

[juched]

It won't need the executable bit set if its prepended with sh.

EDIT: nevermind, I think you mean after the install.

Yes, but good point, maybe I should change the services scripts to be launched via sh to avoid the need for chmod.

 

[Joe Mifflin]

Thanks for above.....I had to redo (my usb) from scratch......unbound seemed to be working...but no stats...worked before my tinkering...working now.

As a new member, I find this site very informative, friendly and accommodating for those of us wanting to learn.

 

[Amwjujo]

If I want to add diversion on my current setup ( UnBound + Skynet) do I need to alter something on Unbound side or just install the script.
What do you advise.
Thank you.

 

[juched]

If I want to add diversion on my current setup ( UnBound + Skynet) do I need to alter something on Unbound side or just install the script.
What do you advise.
Thank you.

You can install diversion and it just configures DNSMasq for ad blocking. Since the solution in unbound_mangaer already uses DNSMasq, there is no change needed. However no need to run two ad blockers, so disable unbound's adblock portion and just alow diversion to do it.

 

[Amwjujo]

You can install diversion and it just configures DNSMasq for ad blocking. Since the solution in unbound_mangaer already uses DNSMasq, there is no change needed. However no need to run two ad blockers, so disable unbound's adblock portion and just alow diversion to do it.

Thank you.
Much appreciated.
What line do I need to run to disable the adblock? Or do I need to uninstall and install again UnBound?