Author
Message
Docop1 DD-WRT Novice Joined: 22 Feb 2021 Posts: 23
Posted: Sun Apr 04, 2021 0:11 Post subject: Unbound via startup script -local router
Hi
i would like to know/confirm, can we run Dot or Doh in Unbound by itself ? Just enabling it in basic/setup did get the .conf file, but can we load a new one with startup in router alone ?
By creating a <dnscrypt file> and calling it in the: service / Additional Dnsmasq Options , this work perfectly and the old list at /etc/dnscrypt/dnscrypt-resolvers.csv is bypass. Can be nice to know how can we write over with a new one. It's in read-only.
Here code creating a csv...
Code:
cat << "EOF" > "/tmp/root/dnscrypt-resolvers.csv"
"Name","Full name","Descripti ...... EOF
RESOLVER_FILE="/tmp/root/dnscrypt-resolvers.csv"
dnscrypt-proxy -S -m 5 -a 127.0.0.1:30 -R serverXYZ -L /tmp/root/dnscrypt-resolvers.csv -d
So i'm looking to run or do the same but with no usb, no jffs , no Stubby, no Entware. a local script only for unbound.
Thanks in advance
Back to top
Sponsor
itwontbewe DD-WRT User Joined: 29 Sep 2020 Posts: 260 Location: United States
Posted: Sun Apr 04, 2021 14:21 Post subject:
not sure
maybe try editing the /tmp/unbound.conf file
maybe unbound-control reload afterwards
good luck
Back to top
Alozaros DD-WRT Guru Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Mon Apr 05, 2021 7:30 Post subject:
Unbound - all you need to know...
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320362
as well..usually when start a thread state your router model and current firmware number...it helps... _________________Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top
itwontbewe DD-WRT User Joined: 29 Sep 2020 Posts: 260 Location: United States
Posted: Sat Mar 04, 2023 14:15 Post subject:
do not tick unbound in the ui
Dnsmasq
Additional Options
Code: server=127.0.0.1#7053
no-resolv
Startup script
Code: mkdir -p /tmp/etc
cp -r /etc/unbound /tmp/etc
> /tmp/unbound.conf
cat << EOF > /tmp/unbound.conf
server:
verbosity: 1
interface: 0.0.0.0@7053
outgoing-num-tcp: 10
incoming-num-tcp: 10
msg-buffer-size: 8192
msg-cache-size: 1m
num-queries-per-thread: 30
rrset-cache-size: 2m
infra-cache-numhosts: 200
chroot: ""
username: ""
directory: "/tmp/etc/unbound"
pidfile: "/var/run/unbound.pid"
root-hints: "/tmp/etc/unbound/named.cache"
target-fetch-policy: "2 1 0 0 0 0"
harden-short-bufsize: yes
harden-large-queries: yes
auto-trust-anchor-file: "/tmp/etc/unbound/root.key"
key-cache-size: 100k
neg-cache-size: 10k
num-threads: 2
so-reuseport: no
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2
outgoing-range: 462
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.1/24 allow
local-data: "localhost A 127.0.0.1"
local-data: "DD-WRT A 192.168.1.1"
tls-cert-bundle: "/etc/ssl/ca-bundle.crt"
python:
remote-control:
control-enable: yes
control-use-cert: no
forward-zone:
name: "."
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-tls-upstream: yes
EOF
unbound -c /tmp/unbound.conf
curl --output /tmp/etc/unbound/named.cache https://www.internic.net/domain/named.cache
unbound-control reload
* made adjustments
April 6 2023
Back to top