Unbound Unbound_Manager Questions

[John DeLuca]

Hello I have two questions about unbound manager, the first is i am trying to optimize my config file as whats stated in the original fourm post about unbound but in that post it says after you save you changes in winscp you should run the rs command. However, rs command is not found when trying with unbound manager directly or with amtm. If i v to view the config the chagnes are there but if i try to update the changes get overwritten. How can i get the damn config to stick lol?

Second question is in order for the recursive DNS to work i assume all you need to do after set up is the dns to be the routers address correct in the dns settings correct?

Lastly, do we need to edit anyting in the config file to make this all work with ipv6 and is there a way to prefer ipv6?

Thanks!

 

[Tech9]

i assume all you need to do after set up

All you need to do is to read carefully Unbound_Manager installation instructions. This is one of the best AMTM scripts and is documented very well. You don't need to customize anything, it works perfectly with default settings. Don't touch custom config before you know what are you doing.

 

[Martineau]

Hello I have two questions about unbound manager, the first is i am trying to optimize my config file as whats stated in the original fourm post about unbound but in that post it says after you save you changes in winscp you should run the rs command. However, rs command is not found when trying with unbound manager directly or with amtm. If i v to view the config the chagnes are there but if i try to update the changes get overwritten. How can i get the damn config to stick lol?

Second question is in order for the recursive DNS to work i assume all you need to do after set up is the dns to be the routers address correct in the dns settings correct?

Lastly, do we need to edit anyting in the config file to make this all work with ipv6 and is there a way to prefer ipv6?

Thanks!

If you use unbound_manager to edit the config

um

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23bA by Martineau                     |
|                                                                      |
+======================================================================+
unbound (pid 6606) is running... uptime: 22 days 05:41:06 version: 1.13.1 # Version=v1.13 Martineau update (Date Loaded by unbound_manager Tue Jul 20 07:08:22 DST 2021)

1  = Update unbound files and configuration   5  = Uninstall Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager          6  = Install Graphical Statistics GUI Add-on TAB
3  = Stop unbound                            7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                 8  = Uninstall YouTube Ad blocker
                                             9  = Uninstall Safe Search

?  = About Configuration                   
v  = View ('/opt/var/lib/unbound/unbound.conf')       

e  = Exit Script [?]

E:Option ==> vx

and physically save your edits, then unbound_manager will automatically issue the 'rs' command and you will see unbound restart

The 'rs' command is part of unbound_manager not amtm

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23bA by Martineau                     |
|                                                                      |
+======================================================================+
unbound (pid 6606) is running... uptime: 22 days 05:49:10 version: 1.13.1 # Version=v1.13 Martineau update (Date Loaded by unbound_manager Tue Jul 20 07:08:22 DST 2021)

i  = Update unbound and configuration ('/opt/var/lib/unbound/')     l  = Show unbound LIVE (Loglevel=1) log entries (lx=Disable Logging)
z  = Remove unbound/unbound_manager                                 v  = View ('/opt/var/lib/unbound/') unbound Configuration (vx=Edit;vh=help)
3  = Advanced Tools                                                 rl = Reload Configuration (Doesn't halt unbound) e.g. 'rl test1[.conf]' (Recovery use 'rl reset/user')
?  = About Configuration                                            oq = Query unbound Configuration option e.g 'oq verbosity' (ox=Set) e.g. 'ox log-queries yes'

rs = Restart (or Start) unbound (use 'rs nocache' to flush cache)   s  = Show unbound Extended statistics (s=Summary Totals; sa=All; sgui=Install GUI TAB [all]; s-=Disable Extended Stats)

e  = Exit Script [?]

A:Option ==> rs

so if it doesn't work then you clearly need to provide evidence why it doesn't work

I don't have IPv6 available from my ISP so can't advise.

 

[John DeLuca]

ok so I edited the files as I did before will I always have to re-edit them when I run an update? I tried to run rs on unbound_manager and as you can see it does not work. I tried um command as well but no luck with that one either. VX did work. Now in order for the recursive dns to work on both ipv4 and ipv6 I just set the dns to automatic in the gui correct, if not how would I get my router ipv6 address for dns?

Also, a side question whose blocklist is better unbound or diversion right now I am using diversion and it seems to work really well. Before I got my GT-AX11000 I was running Pi-Hole off of an odroid XU4 and it was working great for a while until it completely slowed my network to a crawl and gave me and I never got around to resetting it all. I also assume that running ether unbound or diversion right on the router is superior to Pi-Hole

Thank you all again!

 

[Martineau]

ok so I edited the files as I did before will I always have to re-edit them when I run an update?

The update process should create a backup of the existing config and should prompt you to retain the current config, or overwrite it with the default config from the Github repository.

Alternatively you may add your custom overrides to '/opt/share/unbound/configs/unbound.conf.add'

I tried to run rs on unbound_manager and as you can see it does not work.

Whoops

Using unbound_manager v3.22 the 'rs' command isn't exposed in 'Easy' mode so you would need to use option '3' twice to restart/bounce unbound

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23bB by Martineau                     |
|                                                                      |
+======================================================================+
unbound (pid 6606) is running... uptime: 23 days 06:19:44 version: 1.13.1 # Version=v1.13 Martineau update (Date Loaded by unbound_manager Tue Jul 20 07:08:22 DST 2021)

1  = Update unbound files and configuration                     5  = Uninstall Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                             6  = Install Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                               7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                                    8  = Uninstall YouTube Ad blocker
                                                                9  = Uninstall Safe Search

?  = About Configuration                   
v  = View ('/opt/var/lib/unbound/unbound.conf')     

e  = Exit Script [?]

E:Option ==> 3

Alternatively you can download unbound_manager v3.23bB which includes a fix, or invoke unbound_manager in 'Advanced' menu mode.

e  = Exit Script [?]

E:Option ==> uf dev

I tried um command as well but no luck with that one either.

During development, typing unbound_manager with various options is tedious, so I created several local command line aliases
e.g.

um     - Start unbound_manager in 'Advanced' menu mode (obviously for me this is my preferred mode)
umm    - Start unbound_manager in 'Easy' menu mode (the default as invoked from amtm)
umd    - Start unbound_manager in 'Advanced' menu mode with Debug enabled

etc.

 

[iTyPsIDg]

I'm running into an issue with the acloud.guru website and Unbound. Unbound isn't serving up the IPs for acloud.guru. Is there a simple way to disable unbound and have the router perform normal passing of DNS queries to the DNS servers stored on the WAN page? It seems that stopping Unbound stops all DNS.

EDIT: I should say it isn't always serving up the IPs. Sometimes it does. Sometimes I just need to change VPN servers.

 

[heysoundude]

Lastly, do we need to edit anyting in the config file to make this all work with ipv6 and is there a way to prefer ipv6?

A bit of a can of worms...your choice whether to open it and dive in:
If you want to dig deeper into the "forcing" of IPv6 traffic on your network, I've been told to spend some pondering time over at Jool and then figure out how to script it for Merlin...or hope someone beats you to it...Asus, maybe? That'd probably be best, building it in to the base...then the coding folks on the Merlin side have some guidelines to follow. Maybe it would be more ideal to find a DDNS tunnel endpoint provider who only serves v6 addresses to you through the tunnel (because they've decided v6 is the way and they'll just serve v6 traffic) ?
I've a native IPv6 connection and run unbound - everything works fine as dual stack. can you tell me how you can know something is coming to you from a v4 or v6 IP?

 

[John DeLuca]

The update process should create a backup of the existing config and should prompt you to retain the current config, or overwrite it with the default config from the Github repository.

Alternatively you may add your custom overrides to '/opt/share/unbound/configs/unbound.conf.add'


Whoops

Using unbound_manager v3.22 the 'rs' command isn't exposed in 'Easy' mode so you would need to use option '3' twice to restart/bounce unbound

+======================================================================+
|  Welcome to the unbound Manager/Installation script (Asuswrt-Merlin) |
|                                                                      |
|                      Version 3.23bB by Martineau                     |
|                                                                      |
+======================================================================+
unbound (pid 6606) is running... uptime: 23 days 06:19:44 version: 1.13.1 # Version=v1.13 Martineau update (Date Loaded by unbound_manager Tue Jul 20 07:08:22 DST 2021)

1  = Update unbound files and configuration                     5  = Uninstall Ad and Tracker blocker (Ad Block)
2  = Remove unbound/unbound_manager                             6  = Install Graphical Statistics GUI Add-on TAB
3  = Stop unbound                                               7  = Disable   DNS Firewall [?]
4  = Show unbound statistics                                    8  = Uninstall YouTube Ad blocker
                                                                9  = Uninstall Safe Search

?  = About Configuration                 
v  = View ('/opt/var/lib/unbound/unbound.conf')   

e  = Exit Script [?]

E:Option ==> 3

Alternatively you can download unbound_manager v3.23bB which includes a fix, or invoke unbound_manager in 'Advanced' menu mode.

e  = Exit Script [?]

E:Option ==> uf dev

During development, typing unbound_manager with various options is tedious, so I created several local command line aliases
e.g.

um     - Start unbound_manager in 'Advanced' menu mode (obviously for me this is my preferred mode)
umm    - Start unbound_manager in 'Easy' menu mode (the default as invoked from amtm)
umd    - Start unbound_manager in 'Advanced' menu mode with Debug enabled

etc.

I went to the dev branch but its giving me this issue when I try to update.

 

[L&LD]

Too low resolution to read.

 

[iTyPsIDg]

I went to the dev branch but its giving me this issue when I try to update.

Your resolution is very high. You'll need to either screenshot only the relevant portion or lower your resolution so the rest of us can see it. I'm guessing that's a 4k monitor?

 

[L&LD]

The resolution of the image attached is too low.

 

[John DeLuca]

lol idk why that happned! its saying up top
u = Push to Github PENDING for (Major) unbound_manager.sh UPDATE v3.23bB >>>> v3.22
when i try to u then it says

Script update download DISABLED pending Push request to Github

I am a bit of a github noob but i am guessing that means i cant pull it to update until something happens on github? idk just a guess or is there something going on on my end.

 

[John DeLuca]

Your resolution is very high. You'll need to either screenshot only the relevant portion or lower your resolution so the rest of us can see it. I'm guessing that's a 4k monitor?

nope 1440p but i think i may have taken that screenshot while remoted via teamviewer from work

 

[John DeLuca]

A bit of a can of worms...your choice whether to open it and dive in:
If you want to dig deeper into the "forcing" of IPv6 traffic on your network, I've been told to spend some pondering time over at Jool and then figure out how to script it for Merlin...or hope someone beats you to it...Asus, maybe? That'd probably be best, building it in to the base...then the coding folks on the Merlin side have some guidelines to follow. Maybe it would be more ideal to find a DDNS tunnel endpoint provider who only serves v6 addresses to you through the tunnel (because they've decided v6 is the way and they'll just serve v6 traffic) ?
I've a native IPv6 connection and run unbound - everything works fine as dual stack. can you tell me how you can know something is coming to you from a v4 or v6 IP?

i guess there really is no reason to prefer v6 but when i was in the config i saw there was a flag with ipv6 that was set to no so i turned it to yes lol. I have native v6 from xfinity.

 

[John DeLuca]

before i had my dns(both v4 and v6) set to the router and i was having an issue where when i rebooted i wouldn't have dns so i changed them both to auto and things seem to be working. how can i confirm unbound is working correctly? Sorry for all of the noob questions been out of this game for a while as i had a gt-ac5300 before i upgraded to the gt-ax11000

 

[heysoundude]

the GUI tab, showing hits and seek times? there'a a good stats panel there

 

[Martineau]

I went to the dev branch but its giving me this issue when I try to update.

Can't read the screenshot

...but it works for me

 

[John DeLuca]

idk when i try to do the u command when i am running the dev version i get an error saying
Script update download DISABLED pending Push request to Github

 

[Martineau]

idk when i try to do the u command when i am running the dev version i get an error saying
Script update download DISABLED pending Push request to Github

If you are running the 'dev' BETA version e.g 3.23bB there will be a version number mismatch against the current 'stable' RELEASE version e.g v3.22

If you wish to downgrade/revert to the current 'stable' RELEASE you will need to override the mismatch check, by forcing the downgrade

e  = Exit Script [?]

A:Option ==> uf

 

[heysoundude]

Resurrecting this, and it may be the wrong place to be doing so, but I can point my browser (Brave) via settings to a "Customized" secure DNS source - it won't accept 192.168.1.1 ("Enter a correctly formatted URL") or router.asus.com.
When I add https://router.asus.com:8443 Brave tells me "Please verify that this is a trusted provider or try again later"
I'm not sure what/if I'm doing something incorrectly, but something tells me it will get down to my ca.crt, or maybe I'm pointing it at the wrong port...or is this just simply unnecessary and I'm overthinking it?
is unbound a secure source, and how do I prove it to my (desktop as well as mobile) browser?
(I've asked on the brave support but have yet to get a reply)