New Build - 11/15/2021 - r47644

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3
View previous topic :: View next topic  
Author Message
saphirely
DD-WRT User


Joined: 13 Dec 2020
Posts: 270
PostPosted: Thu Nov 18, 2021 19:23    Post subject: Reply with quote
I use dnsmasq with unbound, without smartdns.
Code:
root@DD-WRT:/tmp# cat dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
server=127.0.0.1#7053
no-resolv
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=17
dhcp-option=br0,3,192.168.1.1
dhcp-authoritative
dhcp-range=br0,192.168.1.8,192.168.1.24,255.255.255.0,1440m
bogus-priv
conf-file=/etc/rfc6761.conf
stop-dns-rebind
dhcp-option=252,"\n"
cache-size=0

Code:

root@DD-WRT:/jffs/etc# cat unbound.conf
server:
verbosity: 1
interface: 0.0.0.0@7053
tls-cert-bundle: "/etc/ssl/ca-bundle.crt"
include: "/jffs/etc/U.conf"
  outgoing-num-tcp: 16
  incoming-num-tcp: 32
  num-queries-per-thread: 64
msg-buffer-size: 8192
  msg-cache-size: 4m
  rrset-cache-size: 8m
  key-cache-size: 400k
  neg-cache-size: 40k
infra-cache-numhosts: 1000
username: ""
  pidfile: "/var/run/unbound.pid"
  root-hints: "/etc/unbound/named.cache"
  target-fetch-policy: "2 1 0 0 0 0"
harden-short-bufsize: yes
harden-large-queries: yes
so-reuseport: yes
  num-threads: 2
  msg-cache-slabs: 2
  rrset-cache-slabs: 2
  infra-cache-slabs: 2
  key-cache-slabs: 2
  outgoing-range: 462
  access-control: 127.0.0.0/8 allow
  access-control: 192.168.1.1/24 allow
local-data: "localhost A 127.0.0.1"
local-data: "DD-WRT A 192.168.1.1"
  cache-max-ttl: 14400
  cache-min-ttl: 1200
  prefetch: yes
  prefetch-key: yes
  minimal-responses: yes
  serve-expired: yes
  serve-expired-ttl: 43200
  ip-ratelimit: 0
so-rcvbuf: 256k
udp-upstream-without-downstream: yes
  hide-identity: yes
  hide-version: yes
  do-not-query-localhost: no
  qname-minimisation: yes
  harden-below-nxdomain: yes
  rrset-roundrobin: yes
  aggressive-nsec: yes
  deny-any: yes
  auto-trust-anchor-file: "/etc/unbound/root.key"
python:
remote-control:
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 194.124.76.14@853#us-east.adhole.org
  forward-addr: 176.103.130.130@853#dns.adguard.com
auth-zone:
  name: "."
  master: 192.203.230.10
  master: 192.5.5.241
  master: 192.33.4.12
  fallback-enabled: yes
  for-downstream: no
  for-upstream: yes


Yes, only after disable "Query DNS in Strict Order" it works stable.
Back to top View user's profile Send private message
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14223
Location: Texas, USA
PostPosted: Thu Nov 18, 2021 19:39    Post subject: Reply with quote
Ok, I was thinking that you had to redirect with "no-resolv" and "server=", but I honestly could not remember the details. I have seen misconfigurations recently which seem to now make sense as to why things were broken.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
saphirely
DD-WRT User


Joined: 13 Dec 2020
Posts: 270
PostPosted: Thu Nov 18, 2021 19:50    Post subject: Reply with quote
i did not set dnsmasq option for no-resolv
, that is automatically default, same for bogus-priv.
How ever, I really configed stop-dns-rebind.

I also think if unbound with itself cache, so I set cache-size=0 in dnsmasq just for saving memory, previously I cannot let my DDWRT working stable for 24 hours.
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14223
Location: Texas, USA
PostPosted: Thu Nov 18, 2021 20:07    Post subject: Reply with quote
It isn't default; it's likely set by enabling Unbound.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1848
Location: Canada
PostPosted: Thu Nov 18, 2021 20:27    Post subject: Reply with quote
HOME Wired Multicast ISP 4K TV Network

Router/Version: R7000
File/Kernel: DD-WRT v3.0-r47644 std (11/15/21)
Kernel Version: Linux 4.4.292 #4429 SMP Mon Nov 15 06:38:50 +07 2021 armv7l
Previous/Reset: r47528 / No, CLI Update
Mode/Status: GW / Working Well
Issues/Errors: none / none
Services Used: Multicast,IGMP,SFE,SSH,Syslog
Services Disabled: WiFi,QoS,ttraff,Telnet,NAS,Samba


OffSite #1

Router/Version: R7000
File/Kernel: DD-WRT v3.0-r47644 std (11/15/21)
Kernel Version: Linux 4.4.292 #4429 SMP Mon Nov 15 06:38:50 +07 2021 armv7l
Previous/Reset: r47528 / No, Remote CLI Update
Mode/Status: GW & AP / Working Well
Issues/Errors: none / none
Services Used: DHCP WAN,IPv6-6to4,NTP,WG Client,VLANx,BRx,SSH,Syslog,Cron,USB Storage,Entware DNSCrypt v2.1.0,YAMon3.4.7
Services Disabled: SFE,QoS,ttraff,Telnet,NAS.Samba


All running over 27 hours.


Thank-you BrianSlyer for your Great Work and everyone else who makes DD-WRT Great on the Forum!
_________________
Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531

YAMon 3.4.6 | DNSCrypt-Proxy V2
Back to top View user's profile Send private message
egosumumbravir
DD-WRT User


Joined: 19 Jun 2020
Posts: 58
PostPosted: Thu Nov 18, 2021 20:44    Post subject: Reply with quote
kernel-panic69 wrote:
Someone please explain to me how you can use two resolvers at the same time.

Well, I cheat by running BIND on an internal Linux VM that totally ignores the router and asks servers on the internet.
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14223
Location: Texas, USA
PostPosted: Thu Nov 18, 2021 22:02    Post subject: Reply with quote
@egosumumbravir: not what I was asking about; after investigating, I answered my own question, thanks.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum