Author
Message
tatsuya46 DD-WRT Guru Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Wed Jun 03, 2020 4:27 Post subject: viewing unbound cache stats
how does one view unbound cache stats? like for dnsmasq, its "killall -s USR1 dnsmasq", but everything related to cache i find for unbound, starts with unbound control, but unbound control "is not found" in ddwrt..? also when i enable query logging in unbound conf, nothing appears in syslog, unlike dnsmasq query logging. _________________LATEST FIRMWARE(S)
BrainSlayer wrote: we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std
Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..
Back to top
Sponsor
Alozaros DD-WRT Guru Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Jun 03, 2020 5:56 Post subject:
is there any unbound cache log in its directory ? _________________Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top
tatsuya46 DD-WRT Guru Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Wed Jun 03, 2020 7:46 Post subject:
no it doesnt create or print anything, even if i tell it to in conf. only thing it prints in syslog is "logger : unbound : daemon successfully stopped" or started thats it. _________________LATEST FIRMWARE(S)
BrainSlayer wrote: we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std
Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..
Back to top
tinkeruntilitworks Guest
Posted: Fri Jun 05, 2020 23:57 Post subject:
it's probably possible by installing unbound control via entware. i have no idea how to set it up though. i just set up a usb so i might try to figure it out as well
Back to top
tinkeruntilitworks Guest
Posted: Sat Jun 06, 2020 23:43 Post subject:
i've had some luck. i installed unbound-control-setup via entware. it also installs other necessities. after it installs type this in command line
Code: unbound-control-setup
it will create the needed keys
you also have to add this to your start up script
Code: /opt/etc/init.d/S61unbound start
example start-up script
Quote: #!/bin/sh
#
sleep 2
stopservice unbound
startservice unbound
/opt/etc/init.d/rc.unslung start
/opt/etc/init.d/S61unbound start
i cant get it to show up in system log or a log file but using the following in command line does show the info. the stats reset on unbound restart though
Code: unbound-control -c /jffs/etc/unbound.conf stats_noreset
more commands here
https://nlnetlabs.nl/documentation/unbound/unbound-control/
referenced this site
https://github.com/MartineauUK/Unbound-Asuswrt-Merlin/blob/master/unbound.conf
an example conf
Quote: cat << EOF > /jffs/etc/unbound.conf
server:
verbosity: 1
extended-statistics: yes
num-threads: 2
interface: 127.0.0.1@7053
port: 7053
outgoing-range: 950
msg-cache-size: 50m
msg-cache-slabs: 1
num-queries-per-thread: 512
rrset-cache-size: 100m
rrset-cache-slabs: 1
infra-cache-slabs: 1
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.1/24 allow
chroot: "/jffs/etc"
username: ""
directory: "/jffs/etc"
log-time-ascii: yes
log-tag-queryreply: yes
log-servfail: yes
pidfile: "/var/run/unbound.pid"
root-hints: "/jffs/etc/root.hints"
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
auto-trust-anchor-file: "/jffs/etc/root.key"
key-cache-slabs: 1
include: "/jffs/etc/blockedhosts.conf"
tls-cert-bundle: "/etc/ssl/ca-bundle.crt"
python:
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8953
control-use-cert: no
server-key-file: "/opt/var/lib/unbound/unbound_server.key"
server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
control-key-file: "/opt/var/lib/unbound/unbound_control.key"
control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"
forward-zone:
name: "."
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-tls-upstream: yes
auth-zone:
name: "."
url: "https://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"
EOF
stopservice unbound
startservice unbound
ps | grep unbound
*
This might not work with the most recent builds with unbound-control in them Last edited by tinkeruntilitworks on Tue Jun 23, 2020 21:37; edited 3 times in total
Back to top
tatsuya46 DD-WRT Guru Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Sat Jun 13, 2020 12:10 Post subject:
seems like bs agreed to add it, maybe.. (thought # means commented out) https://svn.dd-wrt.com/changeset/43398 _________________LATEST FIRMWARE(S)
BrainSlayer wrote: we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std
Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..
Back to top
blkt DD-WRT Guru Joined: 20 Jan 2019 Posts: 5660
Posted: Sat Jun 13, 2020 13:36 Post subject:
That comment out prevents the removal of unbound-control, rejoice.
Back to top
tinkeruntilitworks Guest
Posted: Mon Jun 15, 2020 17:32 Post subject:
i see unbound-control in there but it doesn't appear to be configured
Back to top
tatsuya46 DD-WRT Guru Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Jun 16, 2020 2:39 Post subject:
under remote-control in unbound.conf, add
control-enable: yes
control-use-cert: no _________________LATEST FIRMWARE(S)
BrainSlayer wrote: we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std
Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..
Back to top
tinkeruntilitworks Guest
Posted: Tue Jun 16, 2020 11:45 Post subject:
tatsuya46 wrote: under remote-control in unbound.conf, add
control-enable: yes
control-use-cert: no
what else did you do?
i gave it another shot and still didn't have any luck
Back to top
tatsuya46 DD-WRT Guru Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Jun 16, 2020 11:55 Post subject:
thats it. i am accessing it from the router locally using telnet. make sure
access-control: 127.0.0.0/8 allow
is in the conf. it still gives a broken warning saying control-enable is no but it works.
Code:
DD-WRT v3.0-r43421 std (c) 2020 NewMedia-NET GmbH
Release: 06/15/20
Board: ASUSTeK COMPUTER INC. Z87M-PLUS
Haswell login: root
Password:
==========================================================
___ ___ _ _____ ______ ____ ___
/ _ \/ _ \___| | /| / / _ \/_ __/ _ __|_ / / _ \
/ // / // /___/ |/ |/ / , _/ / / | |/ //_ <_/ // /
/____/____/ |__/|__/_/|_| /_/ |___/____(_)___/
DD-WRT v3.0
http://www.dd-wrt.com
==========================================================
BusyBox v1.31.1 (2020-06-15 14:08:02 +04) built-in shell (ash)
root@Haswell:~# unbound-control stats
[1592308371] unbound-control[11987:0] warning: control-enable is 'no' in the config file.
thread0.num.queries=1308
thread0.num.queries_ip_ratelimited=0
thread0.num.cachehits=857
thread0.num.cachemiss=451
thread0.num.prefetch=186
thread0.num.expired=176
thread0.num.recursivereplies=451
thread0.requestlist.avg=1.21193
thread0.requestlist.max=22
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=0
thread0.requestlist.current.user=0
thread0.recursion.time.avg=0.148110
thread0.recursion.time.median=0.0739278
thread0.tcpusage=0
thread1.num.queries=1511
thread1.num.queries_ip_ratelimited=0
thread1.num.cachehits=921
thread1.num.cachemiss=590
thread1.num.prefetch=194
thread1.num.expired=185
thread1.num.recursivereplies=590
thread1.requestlist.avg=1.46684
thread1.requestlist.max=28
thread1.requestlist.overwritten=0
thread1.requestlist.exceeded=0
thread1.requestlist.current.all=0
thread1.requestlist.current.user=0
thread1.recursion.time.avg=0.189657
thread1.recursion.time.median=0.0871489
thread1.tcpusage=0
thread2.num.queries=1592
thread2.num.queries_ip_ratelimited=0
thread2.num.cachehits=1000
thread2.num.cachemiss=592
thread2.num.prefetch=219
thread2.num.expired=204
thread2.num.recursivereplies=592
thread2.requestlist.avg=1.45623
thread2.requestlist.max=27
thread2.requestlist.overwritten=0
thread2.requestlist.exceeded=0
thread2.requestlist.current.all=0
thread2.requestlist.current.user=0
thread2.recursion.time.avg=0.158285
thread2.recursion.time.median=0.0791378
thread2.tcpusage=0
thread3.num.queries=1627
thread3.num.queries_ip_ratelimited=0
thread3.num.cachehits=1074
thread3.num.cachemiss=553
thread3.num.prefetch=247
thread3.num.expired=236
thread3.num.recursivereplies=553
thread3.requestlist.avg=1.40625
thread3.requestlist.max=26
thread3.requestlist.overwritten=0
thread3.requestlist.exceeded=0
thread3.requestlist.current.all=0
thread3.requestlist.current.user=0
thread3.recursion.time.avg=0.157800
thread3.recursion.time.median=0.0738952
thread3.tcpusage=0
total.num.queries=6038
total.num.queries_ip_ratelimited=0
total.num.cachehits=3852
total.num.cachemiss=2186
total.num.prefetch=846
total.num.expired=801
total.num.recursivereplies=2186
total.requestlist.avg=1.39446
total.requestlist.max=28
total.requestlist.overwritten=0
total.requestlist.exceeded=0
total.requestlist.current.all=0
total.requestlist.current.user=0
total.recursion.time.avg=0.164530
total.recursion.time.median=0.0785274
total.tcpusage=0
time.now=1592308371.722718
time.up=18067.622663
time.elapsed=18067.622663
root@Haswell:~#
_________________LATEST FIRMWARE(S)
BrainSlayer wrote: we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std
Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..
Back to top
tinkeruntilitworks Guest
Posted: Tue Jun 16, 2020 12:44 Post subject:
appreciate your replies
still can't get it working for some reason
my conf
Code: cat << EOF > /jffs/etc/unbound.conf
server:
verbosity: 1
extended-statistics: yes
num-threads: 2
interface: 127.0.0.1@7053
port: 7053
outgoing-range: 950
so-rcvbuf: 1m
so-sndbuf: 4m
so-reuseport: no
msg-cache-size: 50m
msg-cache-slabs: 1
num-queries-per-thread: 512
rrset-cache-size: 100m
rrset-cache-slabs: 1
infra-cache-slabs: 1
do-ip6: no
udp-upstream-without-downstream: yes
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.1/24 allow
chroot: "/jffs/etc"
username: ""
directory: "/jffs/etc"
log-time-ascii: yes
log-tag-queryreply: yes
log-servfail: yes
pidfile: "/var/run/unbound.pid"
root-hints: "/jffs/etc/root.hints"
do-not-query-localhost: no
rrset-roundrobin: yes
auto-trust-anchor-file: "/jffs/etc/root.key"
key-cache-slabs: 1
local-data: "localhost A 127.0.0.1"
local-data: "DD-WRT A 192.168.1.1"
include: "/jffs/etc/blockedhosts.conf"
tls-cert-bundle: "/etc/ssl/ca-bundle.crt"
python:
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8953
control-use-cert: no
forward-zone:
name: "."
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-tls-upstream: yes
auth-zone:
name: "."
url: "https://www.internic.net/domain/root.zone"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone"
EOF
stopservice unbound
startservice unbound
ps | grep unbound
Last edited by tinkeruntilitworks on Thu Jun 18, 2020 0:32; edited 3 times in total
Back to top
tatsuya46 DD-WRT Guru Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Jun 16, 2020 13:31 Post subject:
are u using unbound alone or dnsmasq+unbound? im using both so dnsmasq forwards all to unbound.
try adding
local-data: "localhost A 127.0.0.1"
to the conf.
i assume on the latest build? _________________LATEST FIRMWARE(S)
BrainSlayer wrote: we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std
Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..
Back to top
tinkeruntilitworks Guest
Posted: Tue Jun 16, 2020 13:54 Post subject:
yeah build r43420 on a Netgear R7000P
i just tried adding local-data: "localhost A 127.0.0.1" it still isn't working
i enable jffs2 for jffs and i tick unbound in the basic setup tab
maybe it isn't working on every router
*
do you enable anything besides Syslogd in GUI?
**
looking through the directories i see unbound-control but it doesn't seem unbound-control-setup was run because i don't see any keys and pems
Back to top
tatsuya46 DD-WRT Guru Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Thu Jun 18, 2020 20:17 Post subject:
tinkeruntilitworks wrote: do you enable anything besides Syslogd in GUI?
in gui under system log:
syslogd: enable
klogd: enable
remote server: logs.papertrailapp.com
that u mean? _________________LATEST FIRMWARE(S)
BrainSlayer wrote: we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std
Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..
Back to top