Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - TomekP

#1
24.7, 24.10 Production Series / Is DNSSEC working?
December 09, 2024, 01:53:33 PM
I have DNSSEC ON in my config, but when I test it, I get

My config: Adguard as DNS server with upstream DNS (Unbound) 127.0.0.1:5555 with DoT (Cloudflare, Google, quad9)
What do I do wrong?

~ # unbound-host -v -d -t DNSKEY .
[1733748662] libunbound[71212:0] notice: init module 0: validator
[1733748662] libunbound[71212:0] notice: init module 1: iterator
[1733748662] libunbound[71212:0] info: resolving . DNSKEY IN
[1733748662] libunbound[71212:0] info: priming . IN NS
[1733748662] libunbound[71212:0] info: response for . NS IN
[1733748662] libunbound[71212:0] info: reply from <.> 192.203.230.10#53
[1733748662] libunbound[71212:0] info: query response was ANSWER
[1733748662] libunbound[71212:0] info: response for . NS IN
[1733748662] libunbound[71212:0] info: reply from <.> 192.36.148.17#53
[1733748662] libunbound[71212:0] info: query response was ANSWER
[1733748662] libunbound[71212:0] info: priming successful for . NS IN
[1733748663] libunbound[71212:0] info: response for . DNSKEY IN
[1733748663] libunbound[71212:0] info: reply from <.> 192.36.148.17#53
[1733748663] libunbound[71212:0] info: query response was ANSWER
. has DNSKEY record 256 3 8 AwEAAc0SunbHdS0KFEyZbYII/+tzsrNzIwurKxmJA+0fhAYlTPA/5LrMGkGEqvvufzM0w/CaVtdm5eWkZYQcsoSKT5bycx0C4jxnLEb3ZiZUQSqu1rWcKGF1fj/GyDWLkOu7a5h3el+gPmglj/4l4V31ugNYfqYq84vCB+3D6Sodrd+85KyonnzWJ8cS7aZ57x0d0sGqsAKA+6tRnIXjVNVe7Ro5xJuz8IR7rOxdzfuRLriN+Z00EL3U5E7s9SISU/hDh7Q7N70W1mLMc1o2+tCRGjEWrw4wmCWMzc1kegbLES/dUOWFvPjJz0+AEeWDhd2GqtXk02BzAhdfeIAEIv68FTs= (insecure)
. has DNSKEY record 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= (insecure)
#2
General Discussion / 2 instances of Unbound
December 05, 2024, 09:03:59 AM
i have two Unbound processes in memory
1. unbound   75253   0.0  0.7   145036   55000  -  Ss   08:32      0:01.28 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
2. unbound   86979   0.0  0.2    41004   14940  -  Is   Tue20      0:00.01 /usr/local/sbin/unbound -c /usr/local/etc/unbound/unbound.conf

1 unbound.conf is a normal conf file
2 this config is empty (all lines are commented)

When I'm trying eg.  unbound-control stats_noreset -p 953 - this port is in 1 config - it's not possible because
unbound-control stats_noreset -p 953
[1733384419] unbound-control[96296:0] warning: control-enable is 'no' in the config file.
[1733384419] unbound-control[96296:0] error: connect: Connection refused for 127.0.0.1 port 8953


Is this normal? How can I use unbound-control?

IDK, maybe it is connected with looong resolve times (~500ms) for between adguard and Unbound (which is upstream DNS (127.0.0.1:5555 for Adguard on 192.168.1.10)
#3
I have this configuration, maybe good, maybe not :)
OPNsense with DHCP on LAN point DNS at Adguard (19.168.1.10)
Adguard block ads and use Unbound as upstream server (127.0.0.1:5555 - Unbound with DoT)
Unbound has 9 DoT servers
Adguard has DNS times at ~10ms
But Adguard->Unbound ~700ms
Is this normal? What I do wrong?
#4
24.7, 24.10 Production Series / outdated netdata plugin
December 04, 2024, 08:54:52 AM
First instalation of netdata and I've got this mesage (see attachment). Should I manually remove the plugin and install netdata from CLI to have the latest version (for freeBSD)?
After I look to manual instalation and run it I've got:

~ # wget -O /tmp/netdata-kickstart.sh https://get.netdata.cloud/kickstart.sh && sh /tmp/netdata-kickstart.sh --dry-run
--2024-12-04 08:44:27--  https://get.netdata.cloud/kickstart.sh
Resolving get.netdata.cloud (get.netdata.cloud)... 104.22.78.229, 104.22.79.229, 172.67.36.172, ...
Connecting to get.netdata.cloud (get.netdata.cloud)|104.22.78.229|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 93645 (91K) [application/octet-stream]
Saving to: '/tmp/netdata-kickstart.sh'

/tmp/netdata-kickstar 100%[========================>]  91.45K  --.-KB/s    in 0.02s   

2024-12-04 08:44:27 (4.16 MB/s) - '/tmp/netdata-kickstart.sh' saved [93645/93645]


--- Using /tmp/netdata-kickstart-XXXXXXXXXX.3UU1af1gY6 as a temporary directory. ---
--- Checking for existing installations of Netdata... ---
WARNING  Found an existing netdata install managed by the system package manager, but could not determine the install type. Usually this means you installed an unsupported third-party netdata package. This script supports claiming most such installs, but attempting to update or reinstall them using this script may be dangerous.

Attempting to update an installation managed by the system package manager is known to not work in most cases. If you are trying to install the latest version of Netdata, you will need to manually uninstall it through your system package manager. If you just want to claim this install, you should re-run this command with the --claim-only option instead. Are you sure you want to continue? [y/n]
n
The following non-fatal warnings or errors were encountered:

  - Found an existing netdata install managed by the system package manager, but could not determine the install type. Usually this means you installed an unsupported third-party netdata package. This script supports claiming most such installs, but attempting to update or reinstall them using this script may be dangerous.