Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[juched]

There might need to be a "unbound-control log_reopen" command after the sed on the non-syslog-ng logfile.

Ah, thanks. Will work on a fix.

 

[immi803]

Can someone tell me what's this 150.xxx.xxx domain
Can't figure this out

 

[netware5]

Can someone tell me what's this 150.xxx.xxx domain
Can't figure this out

Your screenshot is unreadable. Please make it with better resolution or just post here the full domain concerned, not just 150.xxx.xxx.xxx.

 

[juched]

juched, Martineau, there is something strange with the logging in unbound:
Currently I am running unbound manager 3.06 dev with juched "sgui dev". The problem is that logging and also live-logging works fine until XX:57 every hour. Then it suddenly stops - nothing more is logged. I watched live-log during this time and the log gets cleaned up so that the following line is the last line in the log:

Apr 23 14:25:39 unbound[28089:0] info: generate keytag query _ta-4f66. NULL IN

But from that time on, no more logging is done. But unbound_manager still states logging activated and and unbound.config still states "verbosity 1" without "'#" at the beginning.
Is this related to the cron:

57 * * * * /jffs/addons/unbound/unbound_log.sh #Unbound_Log.sh#

I have pushed a possible fix as proposed by @dave14305 . If you could try (while not using scribe) to install the dev version, let me know if logging continues. The "sgui dev" command from advanced menu should install v1.5 of the log script.

Thank you!

 

[Deleted member 62525]

Can someone tell me what's this 150.xxx.xxx domain
Can't figure this out
View attachment 23012

Navigate in your browser to https://otx.alienvault.com/indicator/ip/<IP> and this will give you a good idea what this IP is.

 

[Kingp1n]

Think about it...

Q. Who is the DNS server when you are forwarding to an upstream DNS server?....if you are not forwarding DNS requests upstream, who can it possibly be?

Try this... I could be wrong!

Create the outbound DNS tracker rule

iptables -I OUTPUT -p udp -m udp --dport 53 -j LOG -m comment --comment "DNS request tracker"

Now wait a while and check for DNS hits (whilst redacting your real WAN IP if found)

EDIT: Changed 'IN=.*DPT=53' to '^.*DPT=53' to preserve timestamps

iptables  --line -t filter -nvL OUTPUT

WANIP=$(nvram get wan0_ipaddr);grep -o "^.*DPT=53" /tmp/syslog.log | sed -r 's/LEN.*PROTO=//' | sed -r 's/LEN.*PROTO=//' | sed -r "s/$WANIP/wan.isp.ip.addr/"

Now if you route unbound requests via the VPN, then wait a few minutes then check again....

iptables  --line -t filter -nvL OUTPUT

WANIP=$(nvram get wan0_ipaddr);grep -o "^.*DPT=53" /tmp/syslog.log | sed -r 's/LEN.*PROTO=//' | sed -r 's/LEN.*PROTO=//' | sed -r "s/$WANIP/wan.isp.ip.addr/"

Feel free to post the results....

Any difference?

Im trying to test if the addresses are being retrieved via vpn. Can anyone provide additional info on how to setup/test the DNS tracker rule suggested above? I.e. Where do I input the tracker rule and once created I should look inside the 'syslog' under the tmp folder correct?

 

[Martineau]

Im trying to test if the addresses are being retrieved via vpn. Can anyone provide additional info on how to setup/test the DNS tracker rule suggested above? I.e. Where do I input the tracker rule and once created I should look inside the 'syslog' under the tmp folder correct?

I knew there would eventually be a request because it's too difficult to copy'n'paste into the command prompt

e.g. for VPN Client 1

e  = Exit Script [?]

A:Option ==> vpn 1 debug

Do you want to route unbound requests through VPN Client '1' tunnel?

 Reply 'y' or press [Enter]  to skip
y

 unbound requests via VPN Client 1 (100.120.138.53) tunnel ENABLED , and tracked in Syslog

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

then

e  = Exit Script [?]

A:Option ==> vpn debug show

<snip>
Apr 24 17:54:49 RT-AC68U kernel: IN= OUT=vlan2 SRC=wan.isp.ip.addr DST=192.42.93.30 UDP SPT=27686 DPT=53
Apr 24 17:54:58 RT-AC68U kernel: IN= OUT=vlan2 SRC=100.120.138.53 DST=192.35.51.30 UDP SPT=12015 DPT=53

Hopefully if the unbound DNS requests are being sent via the WAN, then the WAN IP address (if matched) will be redacted, and any other SRC IP address shown should be the VPN Gateway IP address.

 

[Kingp1n]

I knew there would eventually be a request because it's too difficult to copy'n'paste into the command prompt

e.g. for VPN Client 1

e  = Exit Script [?]

A:Option ==> vpn 1 debug

Do you want to route unbound requests through VPN Client '1' tunnel?

 Reply 'y' or press [Enter]  to skip
y

 unbound requests via VPN Client 1 (100.120.138.53) tunnel ENABLED , and tracked in Syslog

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

then

e  = Exit Script [?]
IP address.

A:Option ==> vpn debug show

<snip>
Apr 24 17:54:49 RT-AC68U kernel: IN= OUT=vlan2 SRC=wan.isp.ip.addr DST=192.42.93.30 UDP SPT=27686 DPT=53
Apr 24 17:54:58 RT-AC68U kernel: IN= OUT=vlan2 SRC=100.120.138.53 DST=192.35.51.30 UDP SPT=12015 DPT=53

Hopefully if the unbound DNS requests are being sent via the WAN, then the WAN IP address if matched will be redacted, and any other SRC IP address shown should be the VPN Gateway

My bad...I didn't know it that it was a simple cut & paste or if I had to create a test "script" with the DNS rule inside the script you mentioned. Thanks again for the clarification for my slow self

 

[SuperDuke]

I knew there would eventually be a request because it's too difficult to copy'n'paste into the command prompt

e.g. for VPN Client 1

e  = Exit Script [?]

A:Option ==> vpn 1 debug

Do you want to route unbound requests through VPN Client '1' tunnel?

 Reply 'y' or press [Enter]  to skip
y

 unbound requests via VPN Client 1 (100.120.138.53) tunnel ENABLED , and tracked in Syslog

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

then

e  = Exit Script [?]

A:Option ==> vpn debug show

<snip>
Apr 24 17:54:49 RT-AC68U kernel: IN= OUT=vlan2 SRC=wan.isp.ip.addr DST=192.42.93.30 UDP SPT=27686 DPT=53
Apr 24 17:54:58 RT-AC68U kernel: IN= OUT=vlan2 SRC=100.120.138.53 DST=192.35.51.30 UDP SPT=12015 DPT=53

Hopefully if the unbound DNS requests are being sent via the WAN, then the WAN IP address (if matched) will be redacted, and any other SRC IP address shown should be the VPN Gateway IP address.

You are very clairvoyant! haha. I have run this and the result is

Apr 24 13:00:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=XX SRC=89.248.172.123 DST=wan.isp.ip.addr UDP SPT=47347 DPT=53

Not what I was expecting since the SRC isn't the address in the .conf file nor associated with my VPN at all....not sure....any thoughts?

 

[Martineau]

You are very clairvoyant! haha. I have run this and the result is

Apr 24 13:00:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=XX SRC=89.248.172.123 DST=wan.isp.ip.addr UDP SPT=47347 DPT=53

Not what I was expecting since the SRC isn't the address in the .conf file nor associated with my VPN at all....not sure....any thoughts?

Do you use skynet? - if so you will need to modify the unbound report to exclude these DNS request records.

 

[SuperDuke]

Do you use skynet? - if so you will need to modify the unbound report to exclude these DNS request records.

Indeed I do use Skynet.....I will re-attempt....thanks as always...

 

[Martineau]

Indeed I do use Skynet.....I will re-attempt....thanks as always...

I pushed a Hotfix to the GitHub 'dev' branch if you want to test it.

 

[Chris0815]

I have pushed a possible fix as proposed by @dave14305 . If you could try (while not using scribe) to install the dev version, let me know if logging continues. The "sgui dev" command from advanced menu should install v1.5 of the log script.

Thank you!

Working! Logging continues... Thanks for taking this point.

 

[immi803]

Navigate in your browser to https://otx.alienvault.com/indicator/ip/<IP> and this will give you a good idea what this IP is.

It gives following results
I haven't listed this ip in whitelist

 

[immi803]

I pushed a Hotfix to the GitHub 'dev' branch if you want to test itQUOTE]

I have pushed a possible fix as proposed by @dave14305 . If you could try (while not using scribe) to install the dev version, let me know if logging continues. The "sgui dev" command from advanced menu should install v1.5 of the log script.

Thank you!

Applied , let's see if it makes a difference

 

[SomeWhereOverTheRainBow]

I pushed a Hotfix to the GitHub 'dev' branch if you want to test it.

I know you have been asked this a million times, but I just set this up with my VPN, is it normal to see the exit IP address of the VPN as the DNS address when running dnsleaktest, while using vpn in conjunction with unbound. Basically, does this sound like it has been setup correctly?

 

[dave14305]

I know you have been asked this a million times, but I just set this up with my VPN, is it normal to see the exit IP address of the VPN as the DNS address when running dnsleaktest, while using vpn in conjunction with unbound. Basically, does this sound like it has been setup correctly?

Sounds right to me. Send dns queries out the VPN tunnel and they get received at the authoritative server from the VPN provider’s IP range. Mission accomplished.

 

[SomeWhereOverTheRainBow]

Sounds right to me. Send dns queries out the VPN tunnel and they get received at the authoritative server from the VPN provider’s IP range. Mission accomplished.

@dave14305
This calls for a celebration.
Cheers.!

 

[CardcaptorRLH85]

I'm getting a weird error message when trying to install Unbound.

Bad address
[1587834413] unbound-checkconf[4520:0] fatal error: control-key-file: "(null)" does not exist

I've checked the configuration file and the line

control-key-file: "/opt/var/lib/unbound/unbound_control.key"

is there and that file does exist (and is properly populated). I have no idea what's going on.

I originally posted something similar to this in the Unbound thread but I was directed here instead. Thanks for any help you may be able to provide me with this ^_^

 

[Martineau]

I'm getting a weird error message when trying to install Unbound.

Bad address
[1587834413] unbound-checkconf[4520:0] fatal error: control-key-file: "(null)" does not exist

I've checked the configuration file and the line is there and that file does exist (and is properly populated). I have no idea what's going on.

I originally posted something similar to this in the Unbound thread but I was directed here instead. Thanks for any help you may be able to provide me with this ^_^

Try

unbound_manager    recovery

then you should be able to start the menu and use '1/i pdate unbound files and configuration' and start unbound.