[PavelVD]

Great news!
So in r41135 is this already included?
And I looked about errors here: https://github.com/NLnetLabs/unbound/issues
And Changelog is here: https://github.com/NLnetLabs/unbound/blob/release-1.9.3/doc/Changelog

[PavelVD]

I tried 1.9.3 wired now in dd-wrt ... disappointment.
I can not get the elementary log file. It seems that everything you need is included:

[tinkeruntilitworks]

any other Unbound users out there?
how does this look?

[PavelVD]

I made several more attempts to switch to Unbound, but returned to DNSCrypt2 again.

When Unbound starts, the cache is still empty and the first requests are processed for a very long time. If you just go on the Internet pages, then such delays can be tolerated. But there are several TV boxes on my network that fail, they need faster responses. Another nuisance: after a long downtime (night, for example), the cache is empty again, and it seems that there is simply no Internet. The "prefetch: yes" parameter in the settings file does not seem to correct this situation.


Please note that the file "named.cache" from the firmware is hopelessly outdated.

Attempts to use Unbound on orange_pi_pc_plus also failed due to the lack of fresh versions - poor support in Armbian.

[tinkeruntilitworks]

sounds like you're far better off with dnscrypt

*
yeah the named.cache in the default directory is out-of-date. one of the steps is downloading a new one in the new directory

[tatsuya46]

changing

root-hints: "/etc/unbound/named.cache"

to anything, but the default in quotes makes unbound not start.. not even changing it to the /usr/local/etc/ path the custom unbound conf is in. i cant tell if its actually using it, or the ancient default one. i did manually put a up to date named.cache in there anyway.

i also have this in conf:

auth-zone:
name: "."
master: 199.7.91.13 # d.root-servers.net
master: 192.203.230.10 # e.root-servers.net
master: 192.5.5.241 # f.root-servers.net
master: 192.58.128.30 # j.root-servers.net
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"

in attempt to use the whole root.zone locally, it does download it to /tmp on start, but again cant tell if its using it.. lookup times seem the same.

[tinkeruntilitworks]

i have limited knowledge and i'm not familiar with your setup

i'm not certain if everything gets implemented in my setup either. it runs well for me but according to the documentation some changes are dependent on how it was installed

[Redback813]

I can start the unbound in the setup of DD-WRT but for the life of me I can not find any info on how to use the custom setting of unbound from /jffs/unbound as oppose to the default setting, at present I using dnsmasq with great result but wish to play with unbound to see what it can do, any idea people on how to get the custom setting up running.

[tatsuya46]

this is my current conf for reference.. recursion, no dnssec. still trying to understand some things like target-fetch-policy, auth zone, and why root hints cant be changed etc.

[tinkeruntilitworks]

did you try creating the new unbound directory?
that way the root.hints would be up-to-date.
then add the directory and files to the unbound.conf
chroot: "/jffs/unbound"
directory: "/jffs/unbound"
root-hints: "/jffs/unbound/root.hints"
auto-trust-anchor-file: "/jffs/unbound/root.key"

[tatsuya46]

[tinkeruntilitworks]

i include the chroot setting because in the default settings it uses chroot to the temp directory where the default router conf is created

maybe
chroot: ""

would be better?

[tatsuya46]

[Redback813]

Still can't get unbound to work with the custom setting, I'm running DD-WRT v3.0-r42954 std (04/20/20) I know for sure that samba has a serious issue of dropouts, so this would not surprise me if unbound is having issue also. Here is the setting, I'll be dammed if I can get this to work but the default setting is not a problem.

server:
verbosity: 1
interface: 0.0.0.0@7053
interface: ::0@7053
outgoing-num-tcp: 10
incoming-num-tcp: 10
msg-buffer-size: 8192
msg-cache-size: 50m
num-queries-per-thread: 30
rrset-cache-size: 100m
infra-cache-numhosts: 200
username: ""
pidfile: "/var/run/unbound.pid"
root-hints: "/jffs/unbound/named.cache"
chroot: "/jffs/unbound"
directory: "/jffs/unbound"
include: "/jffs/unbound/conf.d/*.conf"
target-fetch-policy: "2 1 0 0 0 0"
harden-short-bufsize: yes
harden-large-queries: yes
auto-trust-anchor-file: "/jffs/unbound/root.key"
key-cache-size: 100k
neg-cache-size: 10k
num-threads: 2
so-rcvbuf: 1m
so-sndbuf: 1m
so-reuseport: yes
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2
outgoing-range: 462
access-control: 127.0.0.0/8 allow
access-control: 10.10.10.0/24 allow
local-data: "localhost A 127.0.0.1"
python:
remote-control:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 209.222.18.218@853#Privateinternetaccess-dns.com
forward-addr: 209.222.18.222@853#Privateinternetaccess-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com

[tinkeruntilitworks]

unbound does dns over tls using tcp only. possibly the issue?

i'm not familiar with the private internet access dns or your include conf

hopefully someone that has mixed a vpn and unbound see this so they could help